1

Is there an encryption algorithm where it's possible to combine multiple encryption keys into one, so that:

$E_{AB}(Data) = E_A(E_B(Data))$

KeyAB should be computable from KeyA and KeyB, but it must not be possible to compute or guess KeyA or KeyB from KeyAB and/or Data.

The algorithm should be as secure as possible, ideally asymmetrical (but if that's not possible, a good symmetrical one will also do).

XOR meets the above criteria, like so:
$KeyAB = KeyA \oplus KeyB$
$Data \oplus KeyAB = (Data \oplus KeyA) \oplus KeyB$

But XOR is obviously not a good crypto scheme, let alone asymmetrical. Are there any good alternatives for this particular use case?

SEJPM
  • 45,967
  • 7
  • 99
  • 205
Jaka Jaksic
  • 111
  • 2
  • Suggested an edit for a nicer formatting, putting newlines where you wanted them and changed the math-formulations to better represent what you wanted. – SEJPM Apr 17 '15 at 20:41
  • well, it was proven that at least (plain) DES doesn't provide this property. Link – SEJPM Apr 17 '15 at 20:43

1 Answers1

2

For a crypto algorithm that acts like a group, the first thing that comes to mind is Pohlig-Hellman. In this method, we have a large prime $p$, and define:

$$E_A(Data) = Data^A \bmod p$$

(with $A$ relatively prime to $p-1$)

This has the property that $E_B(E_A(Data)) = E_{A \times B \bmod p-1}(Data)$; however it has the security properties you're looking for; for example, given lots of $X, E_A(X)$ pairs, you can't recover $A$.

Now, this is a symmetric system (given $A$ and $E_A(Data)$, you can recover $Data$). If you insist on an asymmetrical system, you might want to do this modulo a composite of secret factorization; only some who knows the factorization can then decrypt. That version might be somewhat related to a better known asymmetric scheme...

poncho
  • 147,019
  • 11
  • 229
  • 360