5

In RSA, it is basically equivalent to use the private key $d$ to encrypt as it is to use the public key $e$ to encrypt. They are exactly inverses: $e=d^{-1}$.

I need to know, are there other public key schemes like this? E.g., I do not think Diffie-Hellman is like this.

otus
  • 32,132
  • 5
  • 70
  • 165
Arnold
  • 123
  • 4
  • It is a bit unclear what you are asking for. Do you want a cryptographic scheme where the encryption/decryption algorithm is the same (e.g. ROT13) or does the fact that you have a couple (public key, private key) is mandatory. If so I would suggest you to take a look at Paillier cryptosystem, elliptic curve cryptography and Cramer–Shoup cryptosystem. – Biv Jan 18 '16 at 12:07
  • Diffie-Hellman is a protocol to establish a shared secret, meaning Alice and Bob will have the same key at the end ($g^{ab}\mod p$), they can then use any symmetric crypto with that key. So it does not fulfil the requirements you are looking for. – Biv Jan 18 '16 at 12:09
  • Is the idea of public and private key being inverse ($e = d^{-1}$) a condition to your question ? – Biv Jan 18 '16 at 12:13
  • 1
    @Biv, I think the OP is asking for schemes where the algorithms for encrypting and decrypting are the same, but the supplied key material (to the algorithm execution) makes the difference between encryption and decryption. – SEJPM Jan 18 '16 at 15:07
  • @SEJPM: actually, that's true for RSA only at an abstract level; in practice, encryption and decryption differ in padding processing, the fact that the encryption exponent is generally chosen to be small, and that during the decryption exponent, we can speed things up by taking advantage of knowledge of the factorization. – poncho Jan 18 '16 at 15:26
  • But RSA remains exactly the same if you swap $e$ for $d$, no? I'm asking for public key schemes similar to these. – Arnold Jan 18 '16 at 15:37
  • Indeed, I want public key cryptosystems where one can undo encryption by the public key using the secret key, and where one can undo encryption by the secret key using the public key. The first property is necessary for all public key cryptosystems, the second is not: eg., in ElGamal it doesn't really make sense to "encrypt with your private key", and it certainly can't be "undone" using the public key. – Arnold Jan 18 '16 at 15:48
  • 1
    The things you're asking about are called trapdoor permutations. ​ ​ –  Jan 18 '16 at 20:35
  • RSA-KEM may fit the purpose, but that's just RSA rather than an algorithm like RSA. – Maarten Bodewes Jan 19 '16 at 02:59

1 Answers1

1

What you seem to be looking for is a scheme like the following: It consists of two algorithms, a key generation algorithm $K$ and a "key use" algorithm $U$.

The key generation algorithm outputs a pair of keys $(k_0, k_1)$. The "key use" algorithm takes as input a key and an element from some set $S$ (which may depend on $k_0$ and $k_1$), and outputs an element of a set $S$, and satisfies $$U(k_b, U(k_{1-b}, s)) = s$$ for all key pairs $(k_0,k_1)$ output by $K$, all $b \in \{0,1\}$ and all $s \in S$.

Security-wise, for $b = 0$ and $b=1$, given a random $s \in S$ and the key $k_b$, it should be hard to find $t$ such that $U(k_b, t) = s$.

You can trivially turn this into a public key encryption scheme by choosing one of the keys as the encryption key and the other as the decryption key. Ditto for signature scheme.

To get secure schemes, you need to include padding schemes, hash functions or any of the usual stuff.

I don't off-hand know of any examples of such schemes, except for RSA with random exponents or RSA look-alikes. (RSA with small $e$ is not secure.) Diffie-Hellman is certainly not like this.

I don't know if this is a useful concept. It is somewhat similar to trapdoor one-way permutation, which you don't hear so much about anymore.

Community
  • 1
K.G.
  • 4,617
  • 16
  • 32