On Tue, Nov 18, 2003 at 09:19:48AM -0800, Anton Stiglic wrote: > "David Wagner" <[EMAIL PROTECTED]>: >> martin f krafft wrote:
>>> it came up lately in a discussion, and I couldn't put a name to it: >>> a means to use symmetric crypto without exchanging keys: >>> >>> - Alice encrypts M with key A and sends it to Bob >>> - Bob encrypts A(M) with key B and sends it to Alice >>> - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob >>> - Bob decrypts B(M) with key B leaving him with M. >>> >>> Are there algorithms for this already? What's the scheme called? >> It's called Pollig-Hellman. > If I'm not mistaken you are wrong. Pohlig-Hellman proposed an encryption > scheme based on discret log, the description of the OP was for a > key transport protocol. > In Pohlig-Hellman, what you do is have Alice and Bob share secret > keys k and d such that k*d == 1 mod (p-1), where p is some prime. > To encrypt a message M Alice computes M^k mod p, and Bob > can decrypt by computing (M^k)^d mod p == M mod p. [...] > The algorithm that was described by the OP is really Shamir's > three-pass algorithm, also known as Shamir's no-key protocol. The Pohlig-Hellman cipher is the modular scheme that you describe, but observe there is a connection to the protocol above: that protocol works only if encryption and decryption has a certain commutativity property (decrypting B(A(M)) with key A must leave B(M), not just some A^-1(B(A(M))) that might look entirely different), and the Pohlig-Hellman cipher has this property. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]