Re: Public Key Exchange by Exchanging Hash Functions

On 15/03/11 04:40, Jim Steuert wrote:
This is another simple generalization of Diffie-Hellman.

This idea is to have both Bob and Alice start with a common
public hash function which is symmetric in two inputs. That is fairly
easy to construct. Then, using their respective secret keys, each
creates
a different single-input "obscured" version of the originally
symmetric
two-input hash function which he/she sends to the other party.

This reminds me of an idea I had a few years ago.

Start with a block cypher such as AES. It can be represented as a
"circuit diagram" graph of AND/OR/NOT/etc gates, with the plaintext
and key bits as inputs, and the cyphertext bits as output. Hardware
engineers do this sort of thing all the time.

Fix the key bits to known values, and apply constant-folding and other
optimisations to the graph. The key schedule is now determined, so it
gets optimised out; the cypher will be optimised too, and we'll end up
with a "specialised" AES function that encrypts a plaintext block with
the key we provided.

How hard would it be to determine the AES key from the graph?

I doubt it would be very hard at all, since AES wasn't designed with
this use-case in mind, but if the cypher had the property that it was
hard for an attacker to determine the original key after optimisation,
you could publish the resulting graph as your public key and keep the
original key private.

Mike
.

Relevant Pages

  • Re: Public Key Exchange by Exchanging Hash Functions
    ... two-input hash function which he/she sends to the other party. ... Start with a block cypher such as AES. ... optimisations to the graph. ... some smart attacker needs to evaluate ...
    (sci.crypt)
  • Re: RSA SecurID & AES
    ... Currently known "secure" hash function have an elementary ... cost which is quite ... higher than the cost of encrypting a block with AES. ...
    (sci.crypt)
  • Re: One-way function that maps hexadecimal string onto alphanumeric string
    ... alphanumeric characters. ... very limited so that a hash function is not available. ... but also a standard block cipher (e.g. AES). ... The small amount of arithmetic ...
    (sci.crypt)
  • Re: Funding to Attend SAM 06, LV, US
    ... The paper titled "FastFlex: A New Fast and Flexible Cryptographic ... Function" deals with the design of a new cryptographic primitive which ... both faster than AES in Counter mode and AES Hash by a ... Can you provide a C implementation of the hash function? ...
    (sci.crypt)