This preview shows page 1. Sign up to view the full content.
Unformatted text preview: of a single signature pair. (3) Both Alice and Bob encrypt their message pairs in each of the DES key pairs, the left message with the left key in the pair and the right message with the right key in the pair. (4) Alice and Bob send each other their pile of 2n encrypted messages, making clear which messages are which halves of which pairs. (5) Alice and Bob send each other every key pair using the oblivious transfer protocol for each pair. That is, Alice sends Bob either the key used to encrypt the left message or the key used to encrypt the right message, independently, for each of the n pairs. Bob does the same. They can either alternate sending halves or one can send 100 and then the other—it doesn’t matter. Now both Alice and Bob have one key in each key pair, but neither knows which halves the other one has. (6) Both Alice and Bob decrypt the message halves that they can, using the keys they received. They make sure that the decrypted messages are valid. (7) Alice and Bob send each other the first bits of all 2n DES keys. (8) Alice and Bob repeat step (7) for the second bits of all 2n DES keys, the third bits, and so on, until all the bits of all the DES keys have been transferred. (9) Alice and Bob decrypt the remaining halves of the message pairs and the contract is signed. (10) Alice and Bob exchange the private keys used during the oblivious transfer protocol in step (5) and each verifies that the other did not cheat. Why do Alice and Bob have to go through all this work? Let’s assume Alice wants to cheat and see what happens. In steps (4) and (5), Alice could disrupt the protocol by sending Bob nonsense bit strings. Bob would catch this in step (6), when he tried to decrypt whatever half he received. Bob could then stop safely, before Alice could decrypt any of Bob’s message pairs. If Alice were very clever, she could only disrupt half the protocol. She could send one half of each pair correctly, but send a gibberish string for the other half. Bob has only a 50 percent chance of receiving the corr...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details