Re: How to construct such one-way key chain without hash function

laicko wrote:
In someway, I'd like the scheme could follow this condition:
E_{K_i+j}(M)= A_e( E_{K_i}{M}, j) for i,j >=0
E is the encryption algorithm, A is function, e is public known

Note that such a scheme cannot be IND-CPA secure (since it is possible for
anyone who knows the public key to detect when a message M is sent more than
once, thanks to the above equation).

If the encryption E is probabilistic, CPA secure could be hold.

No, it couldn't. I already explained why not. Consider an adversary
who requests the encryption of two plaintexts. First the adversary
requests the encryption of message M (this gets encrypted at time 1, so
it is encrypted with key K_1); then the adversary requests encryption of
the same message M (this gets encrypted with key K_2). Let C_1 and C_2
be the resulting two ciphertexts. The adversary can recognize whether
C_1 and C_2 decrypt to the same thing by checking the equation C_2 =?=
A_e(C_1, 1).

Relevant Pages

  • Re: encrypt password for webservices
    ... Requests can be multi-threaded, and some requests can even be droped if ... By associating a session with an IPrincipal object, ... > Client generates a session key and sends it to the server encrypted ... congratulations on getting a grip on security and encryption. ...
  • Re: How many people use DB encryption
    ... While I've seen and implemented some encryption on individual fields, ... not seen nor had any requests for encrypting an entire database. ... a performance penalty to your system. ...
  • Re: Encrypted network communication
    ... Bob) communicate over an insecure channel. ... This type of encryption uses a single shared, ... Secret-key encryption algorithms use a single secret key to encrypt and ... unauthorized users and a public key that can be made public to anyone. ...
  • RE: PGP scripting...
    ... cryptosystems, ... In these systems divulging your private key compromises the public ... Here is a quick over view of the public key encryption routines (the ...
  • RE: Cannot decrypt files encrypted using Crypto API on a different
    ... previous message which uses the recipien't public key.) ... KEK (key encryption key) to protect the session key. ... embedded into your client app and server code). ... but what is the point to encrypt the data if ANYBODY can decrypt it (since ...