A commutative encryption system allows a message encrypted with two different keys to be decrypted using the keys in either order.
Questions tagged [commutative-encryption]
43 questions
21
votes
3 answers
Are there any secure commutative ciphers?
This answer lists two commutative cipher algorithms - Pohlig-Hellman and SRA. However, they don't appear to be too secure.
My question is, here there any commutative ciphers out there that are secure enough for sensitive data encryption / decryption…
ThePiachu
- 1,689
- 2
- 18
- 26
14
votes
1 answer
Can a commutative block cipher be indistinguishable from a random one, assuming a random permutation of keyspace?
Define a commutative block cipher with keyspace the finite set $K$, and message space the finite set $S$, to be an application
$$\begin{align}
E:K\times S&\mapsto S\\
(k,x)&\mapsto E(k,x)\text{ also noted }E_k(x)\\
\text{such that }&\forall k\in…
fgrieu
- 149,326
- 13
- 324
- 622
13
votes
1 answer
Is Pohlig-Hellman Cipher the only option?
I am looking for a cipher which would allow something like this: E(E(M, a), b) = E(M, ab), where a and b are encryption keys, and ab is a combination of the keys that is impractical to separate into a and b.
So far, the only cipher I could find that…
irakliy
- 1,009
- 8
- 16
9
votes
1 answer
Is there an encryption method where the order of decryption is irrelevant to the order of encryption?
With most encryption methods, if a message is encrypted first using key $k_1$ and then using $k_2$, to decrypt it you have to use first $k_2$ and then $k_1$.
I was wondering if there are any encryption methods that can be decrypted using the keys in…
Jihoon Chung
9
votes
5 answers
Software implementation of a commutative cipher?
I've got an application (detailed below) that calls for the use of a cipher that is commutative. I've been doing some googling & reading, and there are two algorithms that seem to get mentioned in these discussions--SRA (not RSA) and Pohlig-Hellman…
Roy Pardee
- 93
- 1
- 4
8
votes
1 answer
Is there a mental poker algorithm that does not rely on commutative encryption?
The algorithm for mental poker that I saw on Wikipedia and everywhere else relies on an encryption algorithm such that $E_k(E_j(P)) = E_j(E_k(P))$, but I can't find a modern and secure algorithm for which this is true. The only algorithm I found…
Daffy
- 2,429
- 20
- 29
7
votes
3 answers
Is there a way to prove equality of plaintext that was encrypted using different public keys?
Imagine if Alice encrypts message to Bob (using public key $P_{bob}$) and then Bob encrypts the same message to Carol (using $P_{carol}$). Is there a way for Bob to prove that:
$P_{carol}$ was indeed used
Message is still the same that Alice passed…
Pavel
- 171
- 4
6
votes
1 answer
Commutative Hash Function for Password Challenge?
I had an idea. Could anyone tell me if this is a thing, if they see any problems with it, and if they know of a commutative hash function that would make it work?
Suppose you had a pair of cryptographic hash functions, one of which could take an a…
Edward Peters
- 161
- 5
6
votes
1 answer
Can a commutative block cipher be indistinguishable from a random permutation, for fixed key?
Define a commutative block cipher with keyspace the finite set $K$, and data space the finite set $S$, to be an application
$$\begin{align}
E:K\times S&\mapsto S\\
(k,x)&\mapsto E(k,x)\text{ also noted }E_k(x)\\
\text{such that }&\forall k\in…
fgrieu
- 149,326
- 13
- 324
- 622
5
votes
3 answers
A hash function for sets that from a hash of a set and a subset of it doesn't reveal the hash of the remaining elements in the set
I'm looking for a function to compute a hash of a set.
It needs to satisfy two properties:
If someone published a hash $h(S)$ of a set $S$ and a hash $h(S')$ of some subset $S' \subset S$ of it, I should not be able to compute the hash of $S…
Ishamael
- 151
- 3
5
votes
2 answers
2way cryptography
Imagine Alice sending Bob a message. They act like this:
Alice encrypts a message with her key and sends it to Bob.
Bob encrypts the message again with his key and sends it back to Alice.
Alice decrypts the message with her key. So now it is…
christostz
- 91
- 5
5
votes
2 answers
Public key crypto without modular arithmetic?
This comment from Reddit math, in response to a statement about how people can communicate secrets to each other with a third party listening, has a very small, simple example of public key cryptography:
Take your message, treat it as a number and…
mikemaccana
- 625
- 7
- 22
5
votes
1 answer
Decrypting an encrypted text out of order
Does there exist a cipher that can be encrypted twice with two different keys and then decrypted twice using either key first?
For example:
Plaintext is "Lemons are great!"
Encode with Key #1
Encode with Key #2
Decode with Key #1
Decode with Key…
Osmium USA
- 153
- 3
4
votes
1 answer
Are commutative digital signature possible?
Say we have a message $m$. Signer $S^1$ will sign this message using his digital signature to produce:
$$\operatorname{Sign}_{S^1}(m)$$
Now, say another signer $S^2$ wants to sign the output of the previous stage to…
user101
- 41
- 1
4
votes
4 answers
Are there transitive ciphers (either symmetric and asymmetric)
Say Alice has information that's already encrypted with Bob's key.
She wants Bob to decrypt it without knowing what he just decrypted.
So she encrypts it with her key and sends it to him, he decrypts with his key, and sends it back and she decrypts…
Nati Keidar
- 63
- 1
- 4