Re: A-B-a-b encryption
- Original Message - From: Jeremiah Rogers [EMAIL PROTECTED] To: crypto list [EMAIL PROTECTED] Sent: Sunday, November 16, 2003 12:50 PM Subject: Re: A-B-a-b encryption This is Shamir's Three-Pass Protocol, described in section 22.3 of Schneier. It requires a commutative cryptosystem. - Jeremiah Rogers Also described in HAC, protocol 12.22. It's like basic DH, except it provides key transport instead of key agreement. --Anton - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: A-B-a-b encryption
martin f krafft wrote: it came up lately in a discussion, and I couldn't put a name to it: a means to use symmetric crypto without exchanging keys: - Alice encrypts M with key A and sends it to Bob - Bob encrypts A(M) with key B and sends it to Alice - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob - Bob decrypts B(M) with key B leaving him with M. Are there algorithms for this already? What's the scheme called? I searched Schneier (non-extensively) but couldn't find a reference. Thanks, The protocol is called the Shamir three-pass protocol. It needs a commutative cipher. Probably the only cipher that it can be securely used with is called the Pohlig-Hellman cipher, a simple exponentiating cipher over Zp. Whether it's a symmetric cipher is a matter of precise definition, though despite the encryption and decryption keys being different I would consider it such. A better term might be a secret-key cipher. It's quite easy to find the decryption key d from the encryption key e: d*e = 1 mod (p-1) C = M^e mod p M = C^d mod p p should be a safe (= 2q+1, q prime) prime, and all keys used should be odd and !=q. There is an ECC variant. There are lots of things to watch out for in implementations. I'm trying to develop (or find? anyone?) a secure symmetric cipher which is a group, where if you know A and B you can find a key C that decrypts B(A(M)), but that's a different story. -- Peter Fairbrother - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Partition Encryptor
Dave Howe [EMAIL PROTECTED] writes: Peter Gutmann wrote: E4M needs some minor updates for XP by someone who knows about NT device drivers, otherwise you'll occasionally get problems unmounting volumes. Does anyone know of a version where this work has been done? Since this was last discussed (without resolution) in alt.security.scramdisk about a week ago, I'd say the answer is Probably not. A better question would be Can someone who knows about NT device drivers make the necessary changes to the code (it's GPL'd and freely available)?. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Are there...one-way encryption algorithms
Enzo Michelangeli wrote: but the slight risk of collision, although practically negligible, is a bit irksome If you quantify the practically negligible risk, it might be less irksome: SHA-1 is a 160 bit hash. The birthday paradox says that you would need to hash 2^80 different credit card numbers before you had a 50% probability of having even one collision in your database keys. Very roughly that means you would need to have a trillion different credit card numbers in your database in order to get as much as a one in a trillion chance of a collision. You would probably find dealing with a trillion different credit card numbers more irksome than the negligible chance of a collision even that many would give you. -- sidney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Are there...one-way encryption algorithms
David Wagner [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] martin f krafft wrote: it came up lately in a discussion, and I couldn't put a name to it: a means to use symmetric crypto without exchanging keys: - Alice encrypts M with key A and sends it to Bob - Bob encrypts A(M) with key B and sends it to Alice - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob - Bob decrypts B(M) with key B leaving him with M. Are there algorithms for this already? What's the scheme called? It's called Pollig-Hellman. If I'm not mistaken you are wrong. Pohlig-Hellman proposed an encryption scheme based on discret log, the description of the OP was for a key transport protocol. In Pohlig-Hellman, what you do is have Alice and Bob share secret keys k and d such that k*d == 1 mod (p-1), where p is some prime. To encrypt a message M Alice computes M^k mod p, and Bob can decrypt by computing (M^k)^d mod p == M mod p. This is commonly referred to as the Pohlig-Hellman symmetric-key exponentiation cipher. It is described in patent 4,424,414 which you can find here http://patft.uspto.gov/netahtml/search-bool.html Also mentioned in HAC, chapter 15, section 15.2.3, (iii). The algorithm that was described by the OP is really Shamir's three-pass algorithm, also known as Shamir's no-key protocol. --Anton - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Are there...
Lawrence C. Stewart wrote: ... encryption key should be generated independently for each encryption and packaged along with the ciphertext. That solves the salt problem and the cracking the system problem in one step. I am sorry to differ, but packaging the encryption-key along with the ciphertext (even if part of the plaintext) will create additional dependencies and reduce the search space of possible results. In short, one should avoid sending any additional information about the encryption key. Cheers, Ed Gerck - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Clipper for luggage
[Moderator's note: With this, I'm ending all baggage messages for now. --Perry] It will also mean more peace of mind for passengers worried about reports of increased pilferage from unlocked bags. ... so, TSA people are stealing from unlocked bags. Not necessarily. I was under the impression that there are also non-TSA folks (airline-employed baggage handlers) in the baggage-handling pipeline. - Bill - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Ars Technica: A penny for your bits: micropayments to make a comeback?
http://arstechnica.com/news/posts/1069191682.html Serving the PC enthusiast for over 5x10^-2 centuries Ars Technica Newsdesk A penny for your bits: micropayments to make a comeback? Posted 11/18/2003 @ 3:41 PM, by Elle Cayabyab Remember DigiCash? Did you have Flooz gift certificates or earn Beenz by shopping online? The e-payment startups of the dot-com boom are no longer around, driven out of the Internet payments business by companies and consumers that expected Web content to be free, and the costs associated with processing micropayments. Times have changed, and with the success of Apple's iTunes Music Store, micropayments are poised to return to e-commerce in a big way. With companies likePeppercoin already in the beta stages of providing these services to content providers as diverse as comics, music, and art, micropayments are back, and its backers hope it's here to stay. The key is timing and technology, says payment clearinghouse overseer Ron Rivest, who thinks Peppercoin has both right. The company's technical credibility, at least, is not an issue. Rivest coinvented the RSA public-key encryption system, used by Web browsers to make credit card purchases secure. Micali holds more than 20 patents on data security technologies and won the 1993 G? Prize, the highest award in theoretical computer science. Their system uses statistics and encryption to overcome profit-erasing transaction fees; the approach is unique and more efficient than its predecessors. The user interfaces are deceptively simple; in Peppercoin's instance, one simply has to click an icon to charge an item to their account. Behind the scenes, the action gets a little more complicated. Some services deduct purchases from a prepaid account while others deliver content and charge later, e.g., in batches. The difference between the dot-com darlings and today's companies is in its currency; where Flooz and Beenz used a points system to track charges, companies like Peppercoin and BitPass use dollars and cents to state prices, easing the user experience. Despite skepticism about the viability of micropayments, one has but to look overseas to see how it has transformed e-commerce. In Japan, the bulk of mobile content and services are sold by the download. Firstgate Internet's partnership with clients such as British Telecommunications brings in more than $1 million in revenue monthly. Proponents of the technology see a clear path to adoption. Paypal's Max Levchin is quick to note that companies only need to figure out how best to reach the critical mass they will need to succeed past their rollout phases. Who knows - maybe you'll see Ars selling PDFs by the article soon. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]