13

I am looking for a cipher which would allow something like this: E(E(M, a), b) = E(M, ab), where a and b are encryption keys, and ab is a combination of the keys that is impractical to separate into a and b.

So far, the only cipher I could find that would work like this is Pohlig-Hellman Exponentiation Cipher. But as I understand, it has the following drawbacks:

  1. It is slow - though, this is not really a concern for me
  2. I can't find any actual implementations of the cipher. It shouldn't be too difficult to implement from scratch, but still...

Is there another cipher that can accomplish the same thing?

kelalaka
  • 49,797
  • 12
  • 123
  • 211
irakliy
  • 1,009
  • 8
  • 16

1 Answers1

1

If you define $E_a(M) = M \oplus a$ then the key $ab$ can also be defined as $a \oplus b$ as follows:

$E_b(E_a(M)) = (M \oplus a) \oplus b$

$E_{ab}(M) = M \oplus (a \oplus b)$

However using the same key and/or message more than once in XOR will leak the other one. So I think it's potentially not what you're looking for.

As far as I know, SRA is also a variant, where you get regular RSA where both parties use the same modulus (and prime numbers) and create their own encryption, decryption exponents; and keep it secret. This way you achieve the same commutativity as in PH.

zetaprime
  • 591
  • 6
  • 18