[rc5] Suggestion for protocol

Anthony Towns aj at humbug.org.au
Mon Jun 23 20:10:57 EDT 1997


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 22 Jun 1997, Fedor Kouranov wrote:

> >The block that the client gets from the keymaster would be divided into
> >1024 subblocks. Each would be encrpted and cumulative checksum would be
> >taken. The result would be 1024 bytes (or any other number), one byte per
> >one subblocks. The keymaster would have to choose number between 0 and
> >1023 randomly and compute the subblock and it's checksum. If it is OK, it
> >believes that also the rest of the block has actualy been processed and
> >accepts the block. 
> Totally infeasible. This would mean doubling the number of cycles per key
> just for the sake of paranoia. And still it can be easily faked.

It would be nice if the client could send an item of data to the
proxies that is:
	1) easy to generate if the keyblock has been checked
	2) difficult to generate if the keyblock hasn't been checked
	3) easy to verify

It doesn't have to apply to the entire keyblock, but could apply
instead to individual keys, or ranges of individual keys:
	when submitting a key block, the server requests the client to
	submit the result of this "calculation" for a particular
	(random) range, along with its results. If the calculation
	turns out to be wrong, the block is rejected.

This is similar to the method used for Zero Knowledge Proofs, but is
somewhat flawed in that the client could make the simple calculation
on the fly (even if by only processing the given, smaller, range of
keys), without checking the rest of the information.

If life were perfect, we would be able to do something like what
happens in Euclid's algorithm: a process only slightly more
complicated than the basic recursive Euclidean algorithm on a,b (which
finds the greatest common divisor of a,b) produces two numbers, x,y
such that gcd(a,b) = x*a + y*b.

If x and y are both nonzero, and (x*a + y*b) divides both a and b then
x*a+y*b is definitely the gcd(a,b).

Is there anything similar for RC5?

Cheers,
aj

- --
Anthony Towns <aj at humbug.org.au> <http://student.uq.edu.au/~s343676/>
I don't speak for anyone save myself. PGP encrypted mail preferred.

``Like the ski resort of girls looking for husbands and husbands looking
  for girls, the situation is not as symmetrical as it might seem.''

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: ascii
Comment: Key available at http://student.uq.edu.au/~s343676/aj_key.asc

iQCVAwUBM649qeRRvX9xctrtAQHTWgQAsv0UlmrUHd2s86zDDg+Emtzuts91nQWR
jRkkytHMAYrZLmRRvzFHK2vcUh+SFAPVaVDlsUoDY1CZc2N11gzNO4ggTsEuJ0SM
E3OsaP8oyq22TgQaV4+WAda15Wvgm+DjWXfy5dfcg6GM7f+fmbtlJPIVrOygcR90
C1jdLtHPVCA=
=1Y6b
-----END PGP SIGNATURE-----

----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list