Score:0

Crypto

Prove data encrypted with different keys matches

Newbie

10/29/22, 8:36 AM

Suppose user A encrypts some data using his public key and stores the data publicly. Later user A would like to transfer that same data to user B publicly by encrypting it using user B's public key.

What is the best way to verify that the same data was transferred to user B without knowing the data, user A, and user B's private keys?

1 + 8

encryption

public-key

Ievgeni

10/29/22, 9:21 AM

Is it homework?

Newbie

10/29/22, 9:23 AM

no, trying to figure out if this is possible at all and what I should read more about. Would like to create something of this sort on Ethereum so secret data can be transferred securely between people publicly.

Ievgeni

10/29/22, 9:24 AM

Question : Is it a deterministic encryption scheme?

Newbie

10/29/22, 9:27 AM

I don't know if this is possible at this point so it's too early to set any boundaries. Would be preferable if it's deterministic though.

Ievgeni

10/29/22, 9:33 AM

Other question : Is $A$ authorized to add new data (like ZK-proofs) to help B to make the verification? If yes what are the security constraints?

Newbie

10/29/22, 9:43 AM

@levgeni Yes, additional data can be added, however verification should happen before the transfer (before User B has the data). I'm looking for something like this: 1. User A -> store data encrypted with User A's public key in a public contract. 2. User A -> attempts to transfer same data this time encrypted using User B's public key through the same public contract. 3. The contract verifies if User A didn't lie (transfer different data). If the verification is successful, data is stored, otherwise the request is rejected. The contract should verify this, not user B.

Newbie

10/29/22, 9:51 AM

^ In the example above the contract does not know the data and does not know the private keys of User A and user B. It is aware of the public keys of A and B, the data encrypted using A's public key and the data encrypted using B's public key. Any additional metadata can be added to help this verification without revealing the data.

ming alex

10/30/22, 2:23 AM

There are some examples for solving your question in section 20.2 of the [book](http://toc.cryptobook.us/book.pdf)

Score:1

Crypto

Ievgeni

10/29/22, 10:11 AM

Zero-knowledge proof seems fit with your goal. $A$ has to prove that it exists $M$ such that $C=Enc(M, pk_A)$, and $C^\prime=Enc(M, pk_B)$. This ZKP can be done without revealing any information about the data $M$ (that's why we call it Zero-Knowledge). For concrete instantiation you can use El Gamal encryption, and Groth-Sahai ZK-proof techniques :

https://en.wikipedia.org/wiki/ElGamal_encryption

https://eprint.iacr.org/2007/155

Notice that you do not need to use private key of $B$ to verify the equality but if it is the contact which verifies, it's probably better.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Prove data encrypted with different keys matches

TH: พิสูจน์ข้อมูลที่เข้ารหัสด้วยคีย์ที่ตรงกัน

RO: Demonstrați că datele criptate cu chei diferite potrivesc

RU: Докажите, что данные, зашифрованные разными ключами, совпадают

VI: Chứng minh dữ liệu được mã hóa bằng các khóa khác nhau khớp nhau

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.