"David Wagner" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > martin f krafft wrote: > >it came up lately in a discussion, and I couldn't put a name to it: > >a means to use symmetric crypto without exchanging keys: > > > > - Alice encrypts M with key A and sends it to Bob > > - Bob encrypts A(M) with key B and sends it to Alice > > - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob > > - Bob decrypts B(M) with key B leaving him with M. > > > >Are there algorithms for this already? What's the scheme called? > > It's called Pollig-Hellman.
If I'm not mistaken you are wrong. Pohlig-Hellman proposed an encryption scheme based on discret log, the description of the OP was for a key transport protocol. In Pohlig-Hellman, what you do is have Alice and Bob share secret keys k and d such that k*d == 1 mod (p-1), where p is some prime. To encrypt a message M Alice computes M^k mod p, and Bob can decrypt by computing (M^k)^d mod p == M mod p. This is commonly referred to as the Pohlig-Hellman symmetric-key exponentiation cipher. It is described in patent 4,424,414 which you can find here http://patft.uspto.gov/netahtml/search-bool.html Also mentioned in HAC, chapter 15, section 15.2.3, (iii). The algorithm that was described by the OP is really Shamir's three-pass algorithm, also known as Shamir's no-key protocol. --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
