For example, A encrypts a message.
B encrypts that.
C encrypts that.
Then B decrypts, followed by A then C.
Are there systems that allow this? Does such a property have a name?
Asked
Active
Viewed 160 times
1
-
A *very* insecure example is the Caesar Shift cipher. – DynamoBlaze Sep 30 '17 at 09:20
1 Answers
6
Yes, systems that allow this have a name: commutative encryption.
In practice, there are two varieties:
If A, B, C just xor in a keystream, it all commutes. Of course, anyone seeing the intermediate results can deduce quite a lot; this may make this unacceptable for some uses.
Pohlig-Hellman (not related to the Pohlig-Hellman algorithm); we pick a global prime $p$, and everyone selects a secret value relatively prime to $p-1$; A picks $a$, B picks $b$, and C picks $c$. Then;
Alice encrypts $M$ by computing $M^a \bmod p$
Alice decrypts $C$ by computing $M^{a^{-1} \bmod p-1} \bmod p$
If you go through the math, you'll see that:
Encryption and decryption are inverses of each other, e.g. $\operatorname{Dec}_a(\operatorname{Enc}_a(M)) = M$
It commutes just like you asked: $\operatorname{Enc}_b(\operatorname{Enc}_a(M)) = \operatorname{Enc}_a(\operatorname{Enc}_b(M))$, etc
No one can deduce anything by observing intermediate results (assuming that the prime is large enough to make the DLog and Diffie-Hellman problems hard)
poncho
- 147,019
- 11
- 229
- 360