Score:1

Crypto

Multiuser encryption, singleuser decryption

J.Valášek

3/3/23, 11:27 PM

I have an hybrid encryption (RSA, AES) for a file sharing project I am working on, where I use a single public key for encryption on the sender side and corresponding private key for decryption on the recipient side. I would like for a sender to be able to send files to multiple users each having only their own unique key pair (public keys would be distributed).

I know this is possible using GPG

gpg --encrypt --recipient [email protected] --recipient [email protected] doc.txt

How to do this using RSA or ECC? Is it possible?

0 + 0

rsa

encryption

elliptic-curves

public-key

pgp

kelalaka

3/3/23, 11:53 PM

Common way is share the symmetric key where the file is encrypted with AES, ChaCha20 etc.

Maarten Bodewes

3/4/23, 12:31 AM

Why not check out the way that the [OpenPGP protocol](https://datatracker.ietf.org/doc/html/rfc4880) does these things? Undoubtedly they encrypt one or more message specific secret keys using the various public keys of the receivers, and then include the key ID so that the receivers can use the correct private key to decrypt that secret key. The secret key is then used to encrypt / decrypt the actual data (i.e. it is a hybrid cryptosystem where the secret key is encrypted multiple times).

J.Valášek

3/4/23, 6:09 AM

Having the asymmetric part once per each public key was the obvious solution, but I didn't like the size complexity O(n). I wondered if somebody here doesn't know a better solution... Something like ring signature but for encryption. I guess I'll have to go through the OpenPGP code to see what they use...

J.Valášek

3/4/23, 6:11 AM

@kelalaka that requires a common secret, I do not want that...

Maarten Bodewes

3/4/23, 8:34 AM

PGP is an old protocol, don't expect too much from it. Note that e.g. RSA public key operations can be relatively fast, even faster than ECC public key operations, and you can parallelize the operations as well.

kelalaka

3/4/23, 9:26 AM

Why does each key have to be different? What would go wrong if every user had the same key?

J.Valášek

3/4/23, 12:26 PM

@MaartenBodewes good to know. I expected ECC to be faster. That saves me some troubles as I am using different libraries on different platforms and sometimes it's not straight forward making them encrypt the same way.

J.Valášek

3/4/23, 12:34 PM

@kelalaka There are advantages of asymmetric encryption, that I want to have. Having only one key I couldn't control access rights to individual files and/or I would have to create a secure key distribution scheme. In the end, it would be senselessly more complex.

Score:1

Crypto

Daniel S

3/4/23, 9:06 AM

You are describing the problem of broadcast encryption. This problem was first studied by Fiat and Naor in the aptly named "Broadcast Encryption" paper where they came up with a scheme resilient against $k$ colluding users with roughly $k$ bandwidth cost.

A more efficient scheme using pairing-based cryptography was introduced by Boneh and Gentry in "Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys" which achieves resistance independent of $k$.

0 + 0

Maarten Bodewes

3/4/23, 9:57 AM

Note that the link to the Boneh / Gentry paper is an unsecured download of the PDF, which may not work in your browser. For chrome you need to copy the link and paste it into the address bar. Daniel, please do provide textual references as links may go dark; not everything is caught by the wayback machine.

J.Valášek

3/4/23, 12:18 PM

That's what I was looking for, thanks a lot.

Daniel S

3/4/23, 3:00 PM

@Maarten Thanks for the tips and the edits. Is there anything like a cryptoSE style guide that I can read for things like this?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Multiuser encryption, singleuser decryption

TH: การเข้ารหัสแบบผู้ใช้หลายคน การถอดรหัสแบบผู้ใช้คนเดียว

RO: Criptare multiutilizator, decriptare utilizator unic

RU: Многопользовательское шифрование, однопользовательское дешифрование

VI: Mã hóa nhiều người dùng, giải mã một người dùng

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.