Another problem with this problem is that there are trivial solutions because it is difficult to ensure that SEED1 is functionally essential in the public key. For example, generate a public key PK using a normal method, and define the new public key PK' = (PK, SEED1). Then to encrypt to PK' the rule is to use the regular public key encryption to PK. Technically PK' satisfies the requirements, but SEED1 plays no functional role in the key.
I don't know if it would be possible to add a formal specification to make sure that SEED1 plays an important role. That seems hard to formalize. And there might still be trivial solutions where SEED1 plays a very small role. Hal --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
