quantum computing?!? Or, I don't want anyone to read my eMails... never.
Miguel Coca
mcoca at gnu.org
Thu Jan 2 13:40:02 CET 2003
On Mon, Dec 30, 2002 at 14:10:52 +0100, Stefan Fendt wrote:
> Alice could do the following (which is not new, I guess...):
> Alice generates a random key of exactly the size of the message and
> ciphers the message with that key and sends it to Bob. Bob ciphers it
> again with his own random key and sends the ciphertext back to Alice.
> Now Alice deciphers the message using their key and sends it to Bob
> again. At this stage the ciphertext is only locked by Bob's key, who
> can regain the message by deciphering with his own key. This way Alice
> doesn't know Bobs key and Bob doesn't know Alice's so can't Eve know
> any of the keys...
I think this may be a bit off topic here, but I think I see a very
serious flaw in this protocol. Someone please correct me if I'm wrong.
Let's call:
P = plaintext.
A = Alice's one time pad.
B = Bob's one time pad.
At the end of the interchange Eve has three pieces of information:
(P XOR A)
(P XOR B)
(P XOR A XOR B)
Now she does:
(P XOR A) XOR (P XOR B) = (A XOR B)
(P XOR A XOR B) XOR (A XOR B) = P
In other words, she XOR's the three messages together, and she has the
plaintext, with about the same effort Alice and Bob needed.
> What do you think about this? Bad idea, next try?
Sorry ;-)
--
Miguel Coca (mcoca at gnu.org) http://zipi.fi.upm.es/~e970095/
OpenPGP: E60A CBF4 5C6F 914E B6C1 C402 8C4D C7B6 27FC 3CA8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20030102/b26bc70b/attachment.bin
More information about the Gnupg-devel
mailing list