Score:3

How to create an encryption such that we need two keys to decrypt, while one key is derivable from the other if I have the secret

bv flag

Suppose I have some plaintext $M$, and I want to have some process $f$ to make ciphertext $M':=f(M,s)$, where $s$ is some secret. The ciphertext $M'$ can be decrypted by using some decryption process $M=g(M',k_1,k_2)$, where $k_1$ and $k_2$ are two keys, and $k_1$ is a random key (cannot be controlled, such as the current time), and $k_2$ can be generated from $k_1$ by using the secret, i.e. $k_2=k_2(k_1,s)$. How can I achieve this encryption and decryption process?

Edit: As @fgrieu suggests, we may just use $k_2:=k_1\oplus s$ and then decrypt using $s=k_1\oplus k_2$. However, this is not what I desire. The generated $k_2$ is distributed to other people letting them decrypt $M'$ by using it together with $k_1$, but it should not let other people be able to figure out how to generate $k_2$ themselves. The function $k_2(k_1,s)$ should make it hard to guess $s$ from many pairs of $(k_1,k_2)$ so that $s$ is secret enough.

fgrieu avatar
ng flag
As stated, we can use: $f$ any standard encryption like AES-CTR with $\tilde f$ the corresponding decryption, $k_2:=k_1\oplus s$, and $g(M′,k_1,k_2):=\tilde f(M',k_1\oplus k_2)$. If there's anything wrong with that please [edit](https://crypto.stackexchange.com/posts/102734/edit) the question.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.