Cryptography Reference
In-Depth Information
To see how this works with symbols, suppose that Alice's RSA key pairs
are (
e
1
,d
1
) and (
e
2
,d
2
), and Bob's Rijndael keyis
k
. Assume he chooses
e
1
to encipher
k
and sends
E
e
1
(
k
) to Alice, who forms
D
d
1
(
E
e
1
(
k
)) =
k
and
D
d
2
(
e
1
(
k
)) =
k
2
, but she does not know which of
k
or
k
2
is the legitimate
key. She forms
E
k
(
m
1
) and
E
k
2
(
m
2
), which she sends to Bob. Once Bob re-
ceives these, he uses
k
−
1
to get
D
k
−
1
(
E
k
(
m
1
)) =
m
1
, and
D
k
−
1
(
E
k
2
(
m
2
)) =
m
,
where the latter is gibberish and the former is the legitimate secret. Alice, how-
ever, does not know which one he received. (If Bob needs to verifythat Alice
did not cheat in step 4, then he asks Alice for her private keys so he can verify
the outcome of both possible transfers.)
This is onlyone of numerous oblivious transfer protocols, some of which are
noninteractive. This, however, gives the reader a flavour of the methodology
involved. Now we turn to the use of oblivious transfer within the scope of yet
another type of protocol.
Cryptographically Secure Contract Signing Protocol
Alice and Bob want to sign an important contract, and theyare using Rijn-
dael keys.
1. Alice and Bob, independently, select a set of
n
∈
N
keypairs,
S
=
{
(
j
,r
j
):1
≤
j
≤
n
;
j
,r
j
∈
K
}
,
where
j
and
r
j
are from the keyspace
. (These pairs are randomly
selected, so there is no special relationship between the left and right
sides of anygiven pair.)
K
2. Alice and Bob, independently, generate
n
pairs of signatures,
M
{
≤
≤
}
=
S
j
=(
L
j
,R
j
):1
j
n
,
where
L
j
and
R
j
are the left and right halves of their respective signatures.
Also, each
S
j
, for the sake of simplicity, will be assumed to be accompanied
bya time stamp and a digital signature of the contract itself. The contract
will be considered to be signed if both
L
j
and
R
j
for a given message pair,
can be produced byeach of them.
3. Alice and Bob, independently, sign each message as follows:
C
=
{
(
j
(
L
j
)
,r
j
(
R
j
)) : 1
≤
j
≤
n
}
,
then theysend each other their respective pairs of encrpted messages,
namely, 2
n
keys in the form of
n
pairs sent to each other, ensuring that
theytell each other which is left and which is right for each pair.
4. Using the oblivious transfer protocol, Alice and Bob send each other exactly
one half of each keypair, namel, either
j
or
r
j
, so neither of them knows
which half theyhave.
Search WWH ::
Custom Search