[Moderator's Note: Please please don't top post. --Perry]
That paper was from 1980. A few things have changed since then. =)
In any case, my point still stands: what you actually want is some e-cash
system with some special properties. Commutative encryption is neither
necessary nor (probably) sufficient for what you want. Have you at least
looked at the literature (which must be well over 100 papers) on e-cash?
On Mon, 22 Mar 2010, Sergio Lerner wrote:
Commutativity is a beautiful and powerful property. See "On the power of
Commutativity in Cryptography" by Adi Shamir.
Semantic security is great and has given a new provable sense of security,
but commutative building blocks can be combined to build the strangest
protocols without going into deep mathematics, are better suited for teaching
crypto and for high-level protocol design. They are like the "Lego" blocks of
cryptography!
Now I'm working on an new untraceable e-cash protocol which has some
additional properties. And I'm searching for a secure commutable signing
primitive.
Best regards,
Sergio Lerner.
On 22/03/2010 09:56 a.m., Jonathan Katz wrote:
Sounds like a bad idea -- at a minimum, your encryption will be
deterministic.
What are you actually trying to achieve? Usually once you understand that,
you can find a protocol solving your problem already in the crypto
literature.
On Sun, 21 Mar 2010, Sergio Lerner wrote:
I looking for a public-key cryptosystem that allows commutation of the
operations of encription/decryption for different users keys
( Ek(Es(m)) = Es(Ek(m)) ).
I haven't found a simple cryptosystem in Zp or Z/nZ.
I think the solution may be something like the RSA analogs in elliptic
curves. Maybe a scheme that allows the use of a common modulus for all
users (RSA does not).
I've read on some factoring-based cryptosystem (like Meyer-Muller or
Koyama-Maurer-Okamoto-Vantone) but the cryptosystem authors say nothing
about the possibility of using a common modulus, neither for good nor for
bad.
Anyone has a deeper knowledge on this crypto to help me?
Best regards,
Sergio Lerner.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com