This preview shows page 1. Sign up to view the full content.
Unformatted text preview: guess is incorrect, the result of the coin flip is tails. Alice announces the result of the coin flip and sends x to Bob. (5) Bob confirms that y = f(x). The security of this protocol rests in the oneway function. If Alice can find x and x´, such that x is even and x´ is odd, and y = f(x) = f(x´), then she can cheat Bob every time. The least significant bit of f(x) must also be uncorrelated with x. If not, Bob can cheat Alice at least some of the time. For example, if f(x) produces even numbers 75 percent of the time if x is even, Bob has an advantage. (Sometimes the least significant bit is not the best one to use in this application, because it can be easier to compute.) Coin Flipping Using PublicKey Cryptography
This protocol works with either publickey cryptography or symmetric cryptography. The only requirement is that the algorithm commute. That is: DK1(EK2(EK1(M))) = EK2(M) In general, this property is not true for symmetric algorithms, but it is true for some publickey algorithms (RSA with identical moduli, for example). This is the protocol: (1) Alice and Bob each generate a publickey/privatekey key pair. (2) Alice generates two messages, one indicating heads and the other indicating tails. These messages should contain some unique random string, so that she can verify their authenticity later in the protocol. Alice encrypts both messages with her public key and sends them to Bob in a random order. EA(M1), EA(M2) (3) Bob, who cannot read either message, chooses one at random. (He can sing “eeny meeny miney moe, ” engage a malicious computer intent on subverting the protocol, or consult the I Ching—it doesn’t matter.) He encrypts it with his public key and sends it back to Alice. EB(EA(M)) M is either M1 or M2. (4) Alice, who cannot read the message sent back to her, decrypts it with her private key and then sends it back to Bob. DA(EB(EA(M))) = EB(M1) if M = M1, or EB(M2) if M = M2 (5) Bob decrypts the message with his private key to reveal the result of the coin flip. H...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details