Cryptography Reference
In-Depth Information
The scenario is as follows: Alice wants to sell Bob some piece of information,
but disclose it only once Bob has paid for it. Though Bob buys a pig in a
poke, he wants to have a guarantee that he will get this information once he
has paid, and that Alice does not replace the information stealthily by some
worthless information once she has received payment, which would mean that
he couldn't prove anything.
Without a cryptographic solution, you would have to use sealed envelopes. A
cryptographic solution is much simpler.
1. Bob sends a random bit sequence,
R
, to Alice.
2. Alice appends her information,
I
,to
R
, and uses a secret key,
S
,to
encrypt it. She sends the cipher to Bob.
3. Bob pays for the information.
4. Alice tells him the key she used, namely
S
.
5. Bob decrypts Alice's message and checks whether or not his bit sequence,
R
, is at the beginning. Then he reads
I
.
The random bit sequence,
R
, prevents Alice from decrypting the cipher after
Step 2 with all possible keys until a plaintext to her liking results. She would
then send Bob the false key found in Step 4. Such a fraud can be realized
only if the information is very short (particularly if
I
is only one bit long, and
if it can be revealed from the least significant bit of the plaintext block). But
what if Alice knew special plaintexts which, if calculable with a second key
for a second calculable plaintext, would produce the same cipher? Random
bit sequence
R
prevents Bob from having to worry about such vulnerabili-
ties with this algorithm. It suffices if the algorithm is resistant to plaintext
attacks.
Other possibilities use one-way functions and random-number generators. How-
ever, the protocol introduced above is practicable and secure. Now, if you want
to deposit your will without having to pay notary fees, you proceed as follows:
have each of your potential heirs send you a random bit sequence,
R
, and run
Step 2 for each heir. Each heir deposits his
R
value and the cipher with the
other heirs. In turn, you use the same key for all of them for the sake of sim-
plicity. This key is kept in a sealed envelope at a secure location and opened
after your death. No heir will then be able to say that the envelope had been
replaced, or that he had received a forged testament.
