Reputation: 43663
Two private key asymmetric encryption - possible?
I am wondering if there exists some asymmetric encryption algorithm that would work with two different private keys, so that the encrypted message can be decrypted by either one of such private keys?
Upvotes: 11
Views: 4286
Answers (5)
Reputation: 21
If you
- choose e uniformly at random with a bit-length of len(N) - 1,
- make sure of gcd(e, phi(N)) = 1 (either keep generating e until this holds, or use safe-primes for p and q and set LSB of e to 1),
- and then derive the corresponding d,
you got two random and secret RSA exponents, i.e. a dual-private key-pair of sk_1 (e, N) and sk_2 = (d, N). Meaning, you need to keep both of them same as secret.
You can now use them interchangeably for both probabilistic (OAEP) encryption & decryption; and for both probabilistic (PSS) signature creation & verification:
- sk_1 can encrypt message m, sk_2 can decrypt it
- sk_2 can encrypt message m, sk_1 can decrypt it
- sk_1 can sign message m, sk_2 can verify it
- sk_2 can sign message m, sk_1 can verify it
I like to call this nice property bi-functional asymmetric keys, until I find out the actual academic term for it – if there already is one. Until now, I think RSA might be the only asymmetric cryptosystem that can generate key-pairs with bi-functionality.
Upvotes: 0
Reputation: 5024
Asymmetric keys are never used for encrypting messages (too slow, has a size limit, etc.), only for encrypting small buffers, like symmetric keys for messages.
When you encrypt a message with an asymm. key, you are in fact encrypting a symmetric key which encrypts the message.
Simply encrypt the same symmetric key with two different asymm. keys and you'd get two different cipherblocks which both contain the same symmetric key for the message, so you can decrypt with either one.
Upvotes: 12
Reputation: 41
You could use a symmetric encryption and secret sharing scheme on top of that, "splitting the key in half".
More on secret sharing: http://en.wikipedia.org/wiki/Secret_sharing
Steps on how I see it:
- Encrypt the data using (pseudo) randomly generated key.
- Distribute the secret using Shamir's secret sharing which is the key to two shares, where as one share will suffice to get the key.
The end result is that one (or more) "keys" are required to get the data.
Upvotes: 4
Reputation: 11
Typically a hybrid encryptions scheme is used. I.e. the message is encrypted with a symmetric key cryptosytem, then the symmetric keys are encrypted with the public keys of each of the intended receivers.
Upvotes: 1
Reputation: 6095
There is no such algorithm as far as I know, but there is a common solution. The enciphered text is transferred together with a set of cryptograms of the symmetric key used to encipher the text itself. Each such cryptogram of the key is a result of enciphering the original key with the public key of one of recipients. Thus, all recipients knowing their private keys may decipher the key used to encipher the data and then decipher the message itself.
Upvotes: 2
Related Questions
- Can One Public Key be Used to Encrypt and Decrypt Data during the SSL Handshake?
- Can we have multiple public keys with a single private key for RSA?
- Asymetric encryption algorithm which allows to use public and private key for both encryption and decryption
- Can I use asymmetric encryption with two private keys?
- Is it possible to use pure Encrypting and Decrypting keys in asymmetric cryptography instead of private and public keys?
- Asymmetric encryption with multiple decryption results
- Can we have multple private Keys with single public key?
- Asymmetric cryptography with reversed key roles
- Asymmetric Key Systems?
- Using 2 public/private key pairs at the "same" time