Chapter 4. Intermediate Protocols

1
Chapter 4. Intermediate Protocols
Applied Cryptography

• 2002. 7. 25.
• ??? ???

2
Contents

• 4.9 Bit Commitment
• 4.10 Fair Coin Flips
• 4.11 Mental Poker
• 4.12 One-Way Accumulators
• 4.13 All-or-Nothing Disclosure Of Secrets
• 4.14 Key Escrow

3
Bit Commitment
Bit Commitment Using Symmetric Cryptography

• Bob generates a random-bit string , and
  send it to Alice
• Alice creates a message consisting of the bit she
  wishes to commit to , and . She
  encrypts it with some random key and sends
  the result back to Bob.
• Alice sends the key.
• Bob decrypts the message to reveal the bit. He
  checks his random string to verify the bits
  validity.

4
Bit Commitment (conti.)
Bit Commitment Using One-Way Function

• Alice generates two random-bit strings
  .
• Alice creates a message .
• Alice computes the one-way function on the
  message and sends the result, as well as one of
  the random strings,
  to Bob.
• Alice sends Bob the original message
  .
• Bob computes the one-way function on the message
  and compares it and , with the value and
  random string he received in (3). If they match,
  the bit is valid.

5
Bit Commitment (conti.)
Bit Commitment Using Pseudo-Random-Sequence
Generator

• Bob generates a random-bit strings , and
  sends it to Alice.
• Alice generates a random seed for a
  pseudo-random-bit generator. Then, for every bit
  in Bobs random-bit string, she sends Bob either
  
• a. the output of the generator if Bobs bit
  is 0, or
• b. the XOR of output of the generator and
  her bit, if Bobs bit is 1.
• Alice sends Bob her random seed.
• Bob completes step (2) to confirm that Alice was
  acting fairly.

6
Bit Commitment (conti.)
Blobs strings that Alice sends to Bob to commit
to a bit.

• Properties
• Alice can commit to blobs. By committing to a
  blob, she is committing to a bit.
• Alice can open any blob she has committed to.
  When she opens a blob, she can convince Bob of
  the value of the bit she committed to when she
  committed to the blob. Thus, she cannot choose to
  open any blob as either 0 or 1.
• Bob cannot learn how Alice is able to open any
  unopened blob she has committed to. This is true
  even after Alice has opened other blobs.
• Blobs do not carry any information other than the
  bit Alice committed to. The blobs themselves, as
  well as the process by which Alice commits to and
  opens them, are uncorrelated to anything else
  that Alice might wish to keep secret from Bob.

7
Fair Coin Flips
Coin Flipping Using One-Way Function

• Alice chooses a random number, . She
  computes , where
  is the one-way function.
• Alice sends to Bob.
• Bob guess whether is even or odd and sends
  his guess to Alice.
• If Bobs guess is correct, the result of the coin
  flip is heads. If Bobs guess is incorrect, the
  result of the coin flip is tails. Alice announces
  the result of the coin flip and sends to
  Bob.
• Bob confirms that .

8
Fair Coin Flips (conti.)
Coin Flipping Using Public-Key Cryptography

• Requirement
• Alice and Bob each generate a public-key/private-k
  ey key pair.
• Alice generates two messages, one indicating
  heads and the other indicating tails. Alice
  encrypts both messages with her public key and
  sends them to Bob in a random order.
• Bob, who cannot read either message, chooses one
  at random. He encrypts it with his public key and
  sends it back to Alice.
• Alice, who cannot read the message sent back to
  her, decrypts it with her private key and then
  sends it back to Bob.

9
Fair Coin Flips (conti.)
Coin Flipping Using Public-Key Cryptography

• Bob decrypts the message with his private key to
  reveal the result of the coin flip. He sends the
  decrypted message to Alice.
• Alice reads the result of the coin flip and
  verifies that the random string is correct.
• Both Alice and Bob reveal their key pairs so that
  both can verify that the other did not cheat.

10
Mental Poker
Mental Poker with Three Players

• Requirement the cryptographic algorithm must be
  commutative.
• Alice, Bob, and Carol each generate a
  public/private-key key pair.
• Alice generates 52 messages, one for each card in
  the deck. Alice encrypts all the messages with
  her public key and sends them to Bob.
• Bob, who cannot read any of the message, chooses
  five at random. He encrypts them with his public
  key and sends them back to Alice.
• Bob sends the other 47 messages to Carol.
• Carol chooses five at random. She encrypts them
  with her public key and sends them to Alice.

11
Mental Poker (conti.)
Mental Poker with Three Players

• Alice decrypts them with her private key and then
  sends them back to Bob or Carol.
• Bob and Carol decrypt the message with their keys
  to reveal their hands.
• Carol chooses five more messages at random from
  the remaining 42. She sends them to Alice.
• Alice decrypts the messages with her private key
  to reveal her hand.
• At the end of the game they reveal their hands
  and keys so that everyone can make sure that no
  one has cheated.

12
Mental Poker (conti.)
Anonymous Key Distribution

• Alice generate a public/private-key key pair and
  keeps both keys secret.
• The KDC generates a continuous stream of keys.
• The KDC encrypts the keys, one by one, with its
  own public key.
• The KDC transmits the encrypted keys, one by one,
  onto the network.
• Alice chooses a key at random.
• Alice encrypts the chosen key with her public
  key.
• Alice waits a while and sends the
  double-encrypted key back to the KDC.
• The KDC decrypts the double-encrypted key with
  its private key, leaving a key encrypted with
  Alices public key.
• The sever sends the encrypted key back to Alice.
• Alice decrypts the key with her private key.

13
One-Way Accumulators
Requirement Commutative

• Alice calculates the accumulation of every
  members name other than herself and saves that
  single value along with her own name. Bob does
  the same.
• They trade accumulations and names with each
  other.
• Alice confirms that Bobs name added to his
  accumulation is equal to Alices name added to
  her accumulation. Bob does the same.

14
Key Escrow
Fair cryptosystems Micali

• Alice creates her private/public-key key pair.
  She splits the private key into several public
  pieces and private pieces.
• Alice sends a public piece and corresponding
  private piece to each of the trustees. These
  messages must be encrypted. She also sends the
  public key to the KDC.
• Each trustee, independently, performs a
  calculation on its public piece and its private
  piece confirm that they are correct. Each trustee
  stores the private piece somewhere secure and
  sends the public piece to the KDC.
• The KDC performs another calculation on the
  public pieces and the public key. Assuming that
  everything is correct, it signs the public key
  and either sends it back to Alice or posts it in
  a database somewhere.