Mike Stay (staym@accessdata.com)
Thu, 27 Aug 1998 17:16:35 -0600
OK, an extremely expensive but fairly cheat proof protocol:
Alice encrypts a single random symmetric key with the public keys of the
people she wants to talk to as well as an easily distinguishable message
with the symmetric key and sends the package to Bob, who then decrypts
all the keys and tries to decrypt the message. If and only if Alice
wants to talk to Bob will he be able to return the message (assuming
it's dificult in the symmetric key cipher to create deniable encryption,
i.e. getting two different but reasonable messages with two different
keys). Bob does the same for Alice.
At this point, they still don't know who the other one is, just that
they want to talk to each other. A fair coin flip determines which one
has to send the identity first; if one user wants to cheat and find out
who the other user is, there's a 50% chance that (s)he'll have to send
first.
Does anyone know how to exchange identities such that neither
participant can learn the identity of the other unless both are valid
and without a trusted third party?
-- Mike Stay Cryptographer / Programmer AccessData Corp. mailto:staym@accessdata.com
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:01