I want to add that from cryptographic point of view for a cipher to possess the property requested by YZT would be a VERY bad sign.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wei Dai Sent: Sunday, November 02, 2008 15:32 To: yzt; Crypto++ Users Subject: Re: Need For Specific Cryptographic Primitive Take a look at these two papers: "An Improved Construction for Universal Re-encryption", Peter Fairbrother http://eprint.iacr.org/2003/255.pdf "Conversion Functions for Symmetric Key Ciphers", Debra L. Cook and Angelos D. Keromytis http://www1.cs.columbia.edu/~dcook/pubs/covfun-jias0606.pdf These primitives are not directly implemented in Crypto++, but you can do it yourself easily with the components in Crypto++. If these two papers don't have what you are looking for, I suggest you post to the sci.crypt Usenet group(http://groups.google.com/group/sci.crypt) and explain what you are trying to do with this primitive (i.e. what is your application). If you do that, link to that post here, because I'm curious too. -------------------------------------------------- From: "yzt" <[EMAIL PROTECTED]> Sent: Saturday, November 01, 2008 4:01 PM To: "Crypto++ Users" <[EMAIL PROTECTED]> Subject: Need For Specific Cryptographic Primitive > > Hi, > > In my work, I need a cryptographic primitive (a cipher, to be more > specific) with the following attribute: > If we define the the encryption function as "E(k,p)" where "k" is the > key and "p" is the plain text, I need the cipher to have the property > that "E(k2, E(k1, p)) = E(k3, p)". In other words, I need the result > of the double encryption of any given plaintext with two different > keys, be equal to a single encryption with another key. > Obviously, I also need the "k3" above to be computable given "k1" and > "k2", but (ideally) neither "k1" nor "k2" should be retrievable given > the other two keys. > > Now, I don't have a strong theoretical background in cryptography, so > I don't even know what this property is called, or even whether it has > a specific name (that's why I had to choose such a non-descriptive > subject,) but as I understand it, this is generally an undesirable > property in a cipher. > Can such a property be implemented using conventional cryptographic > primitives? I would prefer the use of a block cipher, but public key- > based solutions wouldn't be too problematic either. Does anyone have > any advice as how should I go about implementing this? Does Crypto++ > have any features to help me here? > > I'm not even sure whether this mailing list is the proper place to ask > such questions. If so, I'd appreciate to be directed to the proper > place to ask this. I apologize if I'm violating any rules or > conventions. > > Any information, pointers, help or even RTFMs (with mention of the M > in point!) is greatly appreciated. I'd even appreciate it if someone > could tell me what this property is called, so I can do an informed > web search! > > -yzt > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [EMAIL PROTECTED] More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
