Re: Truncated multiplication (is it secure???)

Sebastian Gottschalk <seppi@xxxxxxxxx> (07-03-25 18:29:15):

Another such operation is the intersection A/B of the hyperplane A
with the hyperplane B over some ring R^N. By only knowing B and
A/B, you can't recover A. Reducing to the intersection is
commutative and associative, because the intersection of three
planes is the same, no matter in which order you apply the
reduction.

And it's also idempotent.

0. Choose a ring R and a random plane P over R^3. Those values are
public and hard-coded, and should never change (see below).

1. Alice chooses a random plane X, her secret key, and sends Bob her
public key A = X/P.

2. Bob chooses a random plane Y, his secret key, and sends Alice his
public key B = Y/P.

3. Alice calculates B/X = (Y/P)/X. Bob calculates A/Y = (X/P)/Y.
They end up with the same point S somewhere in R^3.

The attacker knows only X/P and Y/P. He can't recover X or Y.

[...]
The attacker wants to recover the computed key, which is X/Y/P. And he
can simply find it by calculating (X/P)/(Y/P) (since cutting planes is
idempotent) from the intercepted values X/P and Y/P.

I must have been tired. Yes, you're right, forget the protocol.


Could it be that you have a serious problem understanding the purpose
of a public key-exchange?

No, but I'm not a professional cryptographer, so I'm always willing to
learn. You have shown a trivial attack against the protocol, and this
is very valuable information for me.

Since I've learned all that stuff, including even the English language,
myself (because I'm just a stupid `Hauptschüler'), there is often
something that I've missed. I would greatly appreciate if you wouldn't
insult me for my mistakes all the time.


Regards,
Ertugrul Söylemez.


--
From the fact that this CGI program has been written in Haskell, it
follows naturally that this CGI program is perfectly secure.
.

Loading