Re: A simple secret sharing between 2 person

b wrote:
> tomstde...@gmail.com wrote:
> >
> > let's re-write your problem in the equivalent but less balanced method
> > of
> >
> > 1. User A gets 127 bits of the block
> > 2. User B gets 1 bit of the block
> >
> > Now user A knows that the plaintext is English ASCII, or an MP3 or an
> > MPEG or ...
> >
> > So he guesses the missing bit and uses the decrypt that makes the most
> > sense. Chances are good that only one of them will actually match a
> > source language.
> >
> > What's the point of a secret splitting? The ideal is that with
> > unbounded computational time any one [or subset less than threshold]
> > party cannot decrypt uniquely the message.
> >
> > for example, this would be a valid split.
> >
> > for i = 0 to m-1 do
> > 1. T[i] = E_k(i)
> > 2. Send P[i] xor T[i] to user A
> > 3. Send T[i] to user B
> >
> > [k = AES key, P = plaintext, m = number of blocks]
> >
> > Now neither party can decrypt uniquely the text and they have to
> > combine the shares to decrypt it.
> >
> > Tom
> The problem with this is that from N input of bits, I get 2*N output (N
> for one and N for other).
> The method that I described before is that N input of bits is splited
> into N/2+N/2 (=N) bits.

Except it's not actually a valid secret sharing scheme since any one
party can decrypt [hint: 2^64 is much smaller than 2^128] a message
with some probability and how many of them will be valid 16-char
strings? A simple dictionary matching algorithm could reject the vast
majority of decrypts...

There isn't a way to split it without growth.

Tom
Received on Thu Sep 29 21:41:29 2005