Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

All-Or-Nothing Secret Disclosure

179 views

Published on

That slides contains some explanation of the "All-or-Nothing Disclosure of Secrets" protocol introduced by Bruce Schneier in Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C

Published in: Education
  • Be the first to comment

  • Be the first to like this

All-Or-Nothing Secret Disclosure

  1. 1. SECRET DISCLOSURE ALL-OR-NOTHING DISCLOSURE SCHEME
  2. 2. IDEA Bob Carol Alice . . . S1 SN Sb Sc
  3. 3. FBI The fixed bit index of x and y are the bits where the ith bit of x equals the ith bit of y. x = 110101001011 y = 101010000110 FBI(x, y) = {1, 4, 5, 11}
  4. 4. (1) Alice generates a public-key/private-key key pair and tells Bob (but not Carol) the public key. She generates another public-key/private-key key pair and tells Carol (but not Bob) the public key. Alice Bob Carol B C
  5. 5. (2) Bob generates k n-bit random numbers, B1 , B2 , ..., Bk, and tells them to Carol. Carol generates k n-bit random numbers, C1 , C2 , ..., Ck, and tells them to Bob. Bob Carol B1 , B2 , ..., Bk C1 , C2 , ..., Ck
  6. 6. (3) Bob encrypts Cb (remember, Sb is the secret he wants to buy) with the public key from Alice. He computes the FBI of Cb and the result he just encrypted. He sends this FBI to Carol. Bob Carol FBI(Cb, E(Cb)) = FBI(Bc, E(Bc)) = b c B C
  7. 7. (4) Alice Bob Carol CB b C B …, compl(FBIc,Bi), … …, compl(FBIb,Ci), … Bob takes each of the n-bit numbers B1, B2 , ..., Bk, and replaces every bit whose index is not in the FBI he received from Carol with its complement. He sends this new list of n-bit numbers, B'1, B'2, ..., B'k, to Alice
  8. 8. (5) Alice decrypts all C'i with Bob’s private key, giving her k n-bit numbers: C"1, C"2, ..., C"k. She computes Si ⊕ C"i, for i = 1 to k, and sends the results to Bob Alice Bob Carol CB b C B …, Si ⊕ D(C’i), … …, Si ⊕ D(B’i), …
  9. 9. (5) Alice decrypts all C'i with Bob’s private key, giving her k n-bit numbers: C"1, C"2, ..., C"k. She computes Si ⊕ C"i, for i = 1 to k, and sends the results to Bob Alice Bob Carol CB b C B …, Si ⊕ D(compl(FBIb,Ci)), … …, Si ⊕ D(compl(FBIc,Bi)), …
  10. 10. (6) Bob computes Sb by XORing Cb and the bth number he received from Alice. Bob Carol B b C Sb C’’i ⊕ Ci B’’i ⊕ Bi Sc Alice
  11. 11. REFERENCES 1. All-or-Nothing Disclosure of Secrets. Bruce Schneier. Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C. Wiley Computer Publishing, John Wiley & Sons, Inc. 2. Python implementation: https://gitlab.com/yalegko/secret-disclosure

×