Symmetric alternative to public-key crypto for key-exchange?
Date: 08/30/05

Date: 29 Aug 2005 22:10:37 -0700

I remember seeing a note somewhere to the effect that a symmetric
cipher could be used for key exchange instead of a public key one, as

1) Bob encrypts the key to be exchanged with his key and sends it to
2) Alice encrypts this message with her key and sends it back to Bob
3) Bob decrypts this message with his key, and sends it back to Alice
4) Alice decrypts the message, revealing the key

This requires a couple of properties from the symmetric cipher used: It
must be true that D(b, D(a, E(b, E(a, message)))) = message, and it
must not be possible to recover the key given the intermediate messages
transmitted between Alice and Bob (for example, with a standard stream
cipher, XORing subsequent messages would reveal both Alice and Bob's
keystreams, and hence the original message).

My question is this: is anyone familiar with a cipher that meets these

Relevant Pages