sci.crypt archive
Re: How to construct such one-way key chain without hash function
Date: Mon Apr 24 2006 - 09:44:15 CEST
laicko wrote:
>>You could let F() be any trapdoor one-way permutation.
>
>I'm trying to use DL follow your instructions. As to ElGamal scheme,
>(g^r, (g^x)^r *m) every encryption needs a fresh exponent r and keep
>it in secret. If it's a constant and known to the public, how to retain
>the one-way charateristic?
Well, ElGamal isn't a trapdoor one-way permutation, so that won't work.
I don't know of any way to make it work.
>In someway, I'd like the scheme could follow this condition:
>E_{K_i+j}(M)= A_e( E_{K_i}{M}, j) for i,j >=0
>E is the encryption algorithm, A is function, e is public known
>parameter
Interesting question. I'm afraid I don't know how to solve that problem.
Note that such a scheme cannot be IND-CPA secure (since it is possible for
anyone who knows the public key to detect when a message M is sent more than
once, thanks to the above equation).
Received on Mon May 1 02:03:55 2006