quantum computing?!? Or, I don't want anyone to read my eMails... never.

Miguel Coca mcoca at gnu.org
Thu Jan 2 13:40:02 CET 2003

On Mon, Dec 30, 2002 at 14:10:52 +0100, Stefan Fendt wrote:
> Alice could do the following (which is not new, I guess...):
> Alice generates a random key of exactly the size of the message and
> ciphers the message with that key and sends it to Bob. Bob ciphers it
> again with his own random key and sends the ciphertext back to Alice.
> Now Alice deciphers the message using their key and sends it to Bob
> again. At this stage the ciphertext is only locked by Bob's key, who
> can regain the message by deciphering with his own key. This way Alice
> doesn't know Bobs key and Bob doesn't know Alice's so can't Eve know
> any of the keys...

I think this may be a bit off topic here, but I think I see a very
serious flaw in this protocol. Someone please correct me if I'm wrong.

Let's call:

        P = plaintext.
        A = Alice's one time pad.
        B = Bob's one time pad.

At the end of the interchange Eve has three pieces of information:

        (P XOR A)
        (P XOR B)
        (P XOR A XOR B)

Now she does:

        (P XOR A) XOR (P XOR B) = (A XOR B)
        (P XOR A XOR B) XOR (A XOR B) = P

In other words, she XOR's the three messages together, and she has the
plaintext, with about the same effort Alice and Bob needed.

> What do you think about this? Bad idea, next try?

Sorry ;-)
Miguel Coca (mcoca at gnu.org)                http://zipi.fi.upm.es/~e970095/
       OpenPGP: E60A CBF4 5C6F 914E B6C1  C402 8C4D C7B6 27FC 3CA8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20030102/b26bc70b/attachment.bin

More information about the Gnupg-devel mailing list