Score:0

Question on double-asymmetric encryption and split knowledge

in flag

Moin moin,

Let‘s assume there are two keypairs (d1,e1) and (d2,e2), where d1 and d2 are unrelated private keys and e1 and e2 the corresponding public keys. Imagine Alice knowing neither d1 nor d2 and Bob only d1, not d2. Alice has a ciphertext c resulting from encrypting a message m with e1 using RSA. She cannot decrypt it because she doesn‘t know d1. Alice encrypts c again with e2 using an asymmetric cipher (remains to be chosen) and sends it to Bob. Bob can‘t decrypt it since he doesn‘t have d2. Can he then use some kind of algorithm and d1 to produce something which he can send to me that can be decrypted with d1 and d2 resulting in the original message?

What I want is, that Alice and Bob cannot read the message, only the combined knowledge of both secret keys would allow them to decipher it.

Pseudocode:

m is the message

c := RSAEncrypt(m, using: e1)

Alice does:

c2 := AsymEncrypt(c, using: e2)

Bob does:

c3 := RSADecryptAlgo(c2, using: d1)

I want to:

m = SomeDecryptionAlgo(c3, using: d2)

Is this scenario (though quite strange) even possible? If so, does anyone know a googleable term or an algorithm/s which would fit my case?

Thanks in advance

Edit: The keypairs do not share the same modulus

Vadym Fedyukovych avatar
in flag
Hi. What did you mean with "unrelated private keys", did that include the same modulus?
Charly avatar
by flag
To clarify, the moduli are different
fgrieu avatar
ng flag
Issues with the question: (1) `d1` and `d2` are private keys, yet it is encrypted with them (and further, they are used in a cipher). That's a contradiction. In asymmetric crypto, we encrypt with a public key, decrypt with the matching private key. Perhaps one (or both) of the operations performed is signature? (2) `d2` and `e2` are fixed, thus _"asymmetric cipher (remains to be chosen)"_ makes no practical sense: an RSA key is not usable for asymmetric crypto other than RSA-based. We can only tweak the padding.
Score:0
in flag

What I want is, that Alice and Bob cannot read the message, only their combined knowledge would allow them to decipher it.

"Committing with partial knowledge of group order" scenario was presented at the CECC 2010.

A scheme was designed such that order of an RSA-like multiplicative group is split into two parts shared by two parties such that both must participate to decrypt. Technically, modulus is a product of four primes, spit into two pairs for each party.

Score:0
gb flag

The question is a bit confusing but to me it feels very related to a three-pass protocol. Specifically, we require a "commutative" (order-independent) encryption scheme, where (for all messages), $$c = Enc(k_1, Enc(k_2, m)) = Enc(k_2, Enc(k_1, m)).$$

In this case, the ciphertext $c$ can be decrypted with $k_1$ and $k_2$ in either order to re-obtain $m$.

I believe this is only possible with RSA if both keys use the same modulus. It can also be done with ElGamal (reference) and maybe other schemes too. In any case, it's probably only possible if both keys/encryption steps use the same algorithm & public parameters.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.