This preview shows page 1. Sign up to view the full content.
Unformatted text preview: eople calculate their average salary without anyone learning the salary of anyone else? (1) Alice adds a secret random number to her salary, encrypts the result with Bob’s public key, and sends it to Bob. (2) Bob decrypts Alice’s result with his private key. He adds his salary to what he received from Alice, encrypts the result with Carol’s public key, and sends it to Carol. (3) Carol decrypts Bob’s result with her private key. She adds her salary to what she received from Bob, encrypts the result with Dave’s public key, and sends it to Dave. (4) Dave decrypts Carol’s result with his private key. He adds his salary to what he received from Carol, encrypts the result with Alice’s public key, and sends it to Alice. (5) Alice decrypts Dave’s result with her private key. She subtracts the random number from step (1) to recover the sum of everyone’s salaries. (6) Alice divides the result by the number of people (four, in this case) and announces the result. This protocol assumes that everyone is honest; they may be curious, but they follow the protocol. If any participant lies about his salary, the average will be wrong. A more serious problem is that Alice can misrepresent the result to everyone. She can subtract any number she likes in step (5), and no one would be the wiser. Alice could be prevented from doing this by requiring her to commit to her random number using any of the bitcommitment schemes from Section 4.9, but when she revealed her random number at the end of the protocol Bob could learn her salary. Protocol #2
Alice and Bob are at a restaurant together, having an argument over who is older. They don’t, however, want to tell the other their age. They could each whisper their age into the ear of a trusted neutral party (the waiter, for example), who could compare the numbers in his head and announce the result to both Alice and Bob. The above protocol has two problems. One, your average waiter doesn’t have the computational ability to...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details