[14458] in cryptography@c2.net mail archive
Re: anonymous DH & MITM
daemon@ATHENA.MIT.EDU (Benja Fallenstein)
Fri Oct 3 13:34:23 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 03 Oct 2003 20:23:24 +0300
From: Benja Fallenstein <b.fallenstein@gmx.de>
To: bear <bear@sonic.net>
Cc: Zooko O'Whielacronx <zooko@zooko.com>,
Ian Grigg <iang@systemics.com>, M Taylor <mctylr@privacy.nb.ca>,
Cryptography list <cryptography@metzdowd.com>
In-Reply-To: <Pine.LNX.4.58.0310021356540.30341@bolt.sonic.net>
Hi,
bear wrote:
>>>>starting with Rivest & Shamir's Interlock Protocol from 1984.
>>>
>>>Hmmm. I'll go read, and thanks for the pointer.
>
> Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85,
> which are on my shelf. Where was it published?
Communications of the ACM: Rivest and
Shamir, "How to expose an eavesdropper", CACM vol 24 issue 4, 1984. If
you have an ACM Digital Library account, it's at
http://portal.acm.org/ft_gateway.cfm?id=358053&type=pdf&coll=ACM&dl=ACM&CFID=12683735&CFTOKEN=40809148
I've started writing a short summary earlier today, after reading, but
then I got distracted and didn't have time... sorry :) Hope this helps
anyway.
The basic idea is that Alice sends *half* of her ciphertext, then Bob
*half* of his, then Alice sends the other half and Bob sends the other
half (each step is started only after the previous one was completed).
The point is that having only half of the first ciphertext, Mitch can't
decrypt it, and thus not pass on the correct thing to Bob in the first
step and to Alice in the second, so both can actually be sure to have
the public key of the person that made the other move.
- Benja
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
