This preview shows page 1. Sign up to view the full content.
Unformatted text preview: with a DES key. Her half of the protocol can be something like: “This is the left half of the DES key: 32f5,” and Bob’s half can be something like: “This is the left half of my receipt.” Everything else stays the same. To see why this won’t work, remember that the protocol hinges on the fact that the oblivious transfer in step (5) keeps both parties honest. Both of them know that they sent the other party a valid half, but neither knows which. They don’t cheat in step (8) because the odds of getting away with it are miniscule. If Alice is sending Bob not a message but half of a DES key, Bob can’t check the validity of the DES key in step (6). Alice can still check the validity of Bob’s receipt, so Bob is still forced to be honest. Alice can freely send Bob some garbage DES key, and he won’t know the difference until she has a valid receipt. Tough luck, Bob. Getting around this problem requires some adjustment of the protocol: (1) Alice encrypts her message using a random DES key, and sends the message to Bob. (2) Alice generates n pairs of DES keys. The first key of each pair is generated at random; the second key of each pair is the XOR of the first key and the message encryption key. (3) Alice encrypts a dummy message with each of her 2n keys. (4) Alice sends the whole pile of encrypted messages to Bob, making sure he knows which messages are which halves of which pairs. (5) Bob generates n pairs of random DES keys. (6) Bob generates a pair of messages that indicates a valid receipt. “This is the left half of my receipt” and “this is the right half of my receipt” are good candidates, with the addition of some kind of randombit string. He makes n receipt pairs, each numbered. As with the previous protocol, the receipt is considered valid if Alice can produce both halves of a receipt (with the same number) and all of her encryption keys. (7) Bob encrypts each of his message pairs with DES key pairs, the ith message pair with the ith key pair, the left message with the left key in the pair, and the right message...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details