论文信息 - Advances in Cryptology — EUROCRYPT ’88

Advances in Cryptology — EUROCRYPT ’88

Two protocols are presented that accomplish the same goal as the original Diffie-Hellman protocol, namely, to establish a common secret key using only public messages. They are based on n-fold composition of some suitable elementary function. The first protocol is shown to fail always when the elementary function is chosen to be linear. This does not preclude its use for a suitable nonlinear elementary function. The second protocol is shown to be equivalent to the Diffie-Hellman protocol when the elementary function is chosen to be linear. Some examples are given to illustrate the use of both protocols. It is still an open problem whether the presented approach allows for an improvement in terms of speed and/or security over the original DH-protocol. Suppose we are given an autonomous finite-state machine with next-state function F. After one time step an initial state SO will be transferred to sl=F(so). After n time steps we have s n = F ( F ( ... F ( S J . . .))= F " ( S o ) where Fn stands f o r the n-fold application of F to its argument. (Although we do not need the finite-state machine context to derive some results, we use it to illustrate the approach). Now define two functions g and h, C.G. Guenther (Ed.): Advances in Cryptology EUROCRYPT '88, LNCS 330, pp. 3-10, 1988. 0 Springer-Verlag Berlin Heidelberg 1988

[1] David Chaum,et al. Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[2] Manuel Blum,et al. Coin Flipping by Telephone. , 1981, CRYPTO 1981.

[3] Michel Loève,et al. Probability Theory I , 1977 .

[4] Gustavus J. Simmons,et al. Verification of Treaty Compliance -- Revisited , 1983, 1983 IEEE Symposium on Security and Privacy.

[5] Gustavus J. Simmons,et al. A Secure Subliminal Channel (?) , 1985, CRYPTO.

[6] Amos Fiat,et al. Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[7] Hugh C. Williams,et al. A modification of the RSA public-key encryption procedure (Corresp.) , 1980, IEEE Trans. Inf. Theory.

[8] Gustavus J. Simmons,et al. The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[9] Gustavus J. Simmons,et al. A System for Verifying User Identity and Authorization at the Point-of Sale or Access , 1984, Cryptologia.

[10] James L. Massey,et al. Shift-register synthesis and BCH decoding , 1969, IEEE Trans. Inf. Theory.

[11] Amos Fiat,et al. How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[12] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[13] I. Good,et al. Ergodic theory and information , 1966 .