Unformatted text preview: thing stops her from completing the protocol up to step (5) and then refusing to tell Bob the results in step (6). She could even lie to Bob in step (6). Example of the Protocol
Assume they’re using RSA. Bob’s public key is 7 and his private key is 23; n =55. Alice’s secret value, i, is 4; Bob’s secret value, j, is 2. (Assume that only the values 1, 2, 3, and 4 are possible for i and j.) (1) Alice chooses x = 39, and c = EB(39) = 19. (2) Alice computes c  i = 19  4 = 15. She sends 15 to Bob. (3) Bob computes the following 4 numbers: y1 = DB(15 + 1) = 26 y2 = DB(15 + 2) = 18 y3 = DB(15 + 3) = 2 y4 = DB(15 + 4) = 39 He chooses p =31 and calculates: z1 = (26 mod 31) = 26 z2 = (18 mod 31) = 18 z3 = (2 mod 31) = 2 z4 = (39 mod 31) = 8 He does all the verifications and confirms that the sequence is fine. (4) Bob sends Alice this sequence of numbers in this exact order: 26, 18, 2 + 1, 8 + 1, 31 = 26, 18, 3, 9, 31 (5) Alice checks whether the 4th number in the sequence is congruent to x mod p. Since 9 ` 39 (mod 31), then i > j. (6) Alice tells Bob. This protocol can be used to create far more complicated protocols. A group of people can conduct a secret auction over a computer network. They arrange themselves in a logical circle, and through individual pairwise comparisons, determine which is offering the highest price. In order to prevent people from changing their bids in midauction, some sort of bitcommitment protocol could also be used. If the auction is a Dutch auction, then the highest bidder gets the item for his highest price. If it is an English auction, then he gets the item for the secondhighest price. (This can be determined by a second round of pairwise comparisons.) Similar ideas have applications in bargaining, negotiations, and arbitration. 23.15 Probabilistic Encryption
The notion of probabilistic encryption was invented by Shafi Goldwasser and Silvio Micali [624]. Although its theory makes it the most secure cryptosystem invented, its early implementation was impractical [625]. More rec...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details