Cryptography Reference
In-Depth Information
5. Alice and Bob independentlydecrypt what messages theycan, ensuring as
theydo so that theydo indeed have a legitimate message in each case.
6. Alice and Bob alternate in sending the bit for each of their 2
n
keys until
all verifying bits have been received by both of them.
7. Once step 6 is complete, theycan each decrpt the other half of each
message and the contract is signed.
If there is a question of cheating, Alice and Bob can exchange private RSA
keys at the end of the contract signing as mentioned in the oblivious transfer
protocol to provide a verification step. However, cheating would likelybe de-
tected at step 5 since for large enough
n
, each has onlya 1 in 2
n
chance of
escaping detection. Hence, both have incentive to complete the protocol fairly.
There is an additional problem if either Alice or Bob has significant resources
over the other. For instance, if after sending a suKcient number of bits in step
6, Alice has the computing power to get the rest of the bits, and Bob does not,
she is at an advantage since she can stop sending bits, and claim the contract to
be signed since she can produce the signed portions of both halves. Hence, this
protocol should not be implemented unless both Alice and Bob have roughly
equal resources in computing power.
In general, the building of cryptographic protocols relies upon the building
bricks, called
primitives
, bywhich we mean cryptographic tools used to ensure
information security. For instance, SKC primitives consist of symmetric-key
ciphers (both block and stream ciphers); MACs; digital signatures; pseudoran-
dom sequences; and identification tools. PKC primitives consist of public-keyci-
phers; digital signatures; and identification tools. Primitives not involving keys
are hash functions (unkeyed); one-way permutations; and random sequences.
When building a protocol, it is essential that all possible hypotheses used in the
design are explicitlyidentified, and an analysis is made of what effect a breach
of anyof those hpotheses might have upon the securityof the protocol. A
protocol failure
occurs when it is possible for an adversary, such as Mallory, to
manipulate the protocol to his advantage without breaking anyof the underly-
ing primitives such as the encryption scheme. In this case, the protocol fails to
meet the goals for which it was intended. Typically, a protocol failure occurs
when there is a weakness in one of the underlying primitives that is magnified by
the protocol; or there is an oversight in the implementation of the protocol that
allows manipulation without the breaking of the primitive itself. For instance,
if the one-time pad is used in a careless fashion, then there could be protocol
failure, even though the one-time pad is itself secure. As always, a bad imple-
mentation or improper use of a secure mechanism can compromise the entire
enterprise.
Search WWH ::
Custom Search