Reputation: 807
Encryption and decryption involving 3 parties
I wonder if the following is possible using RSA or public key encryption algorithms in general. Say that we have 3 parties, Alice, Bob and Caesar.
They all have a private-public key pair. Now, Alice has two pieces of information, encrypted by Alice's public key. Alice gives these pieces of information to Bob, and let's Bob chose one of them. The choice is up to Bob. This information should be given to Caesar, and Caesar should be able to know which piece of information that Bob chose, and be able to decrypt it back to its cleartext. However, Alice should not know which piece of information Bob chose to give to Caesar, and Bob should not know the cleartext.
I'm thinking it could by done like so. Alice encrypts both pieces of information with its private key and gives to Bob. Bob encrypts one of them with Caesar's public key and sends back to Alice. Alice decrypts it with Alice's private key. Alice will still not know the actual information, since it is now encrypted with Caesar's public key. Alice sends the information to Caesar, and Caesar can decrypt it with Caesar's private key.
Is this chain possible? Encrypt with Alice's public key, encrypt again with Caesar's public key, decrypt with Alice's private key and then decrypt with Caesar's private key. Will the order of these encryptions and decryptions let the cleartext come out at the end or will it just be garbage?
I'm asking both if it is possible in "theory" to do this with public key encryption, and also is it possible in practice with existing libraries, or would it be a too rare "special case" so one would have to implement it from scratch?
Thanks!
EDIT:
I came up with a Diffie-Hellman inspired scheme, like this...
Say you have parties A, B and C. A has two pieces of information, I1 and I2, in this case they are single integers. All parties have a secret, that they chose themselves, As, Bs and Cs, also integers in this case.
So first A "encrypts" the information by adding it's secret and sends this to B.
A -- I1+As --> B
A -- I2+As --> B
Now B selects which of the pieces of information to give to C, say in this case that it is I1. B adds its secret to it, so that it is hidden from A. Now B sends this back to A and A relays the information to C.
A <-- I1+As+Bs -- B
A -- I1+As+Bs --> C
Now C adds its secret also, and sends it to A who relays it to B.
A <-- I1+As+Bs+Cs -- C
A -- I1+As+Bs+Cs --> B
B removes its secret by subtraction, and sends it to A. A also removes its secret and sends it to C.
A <-- I1+As+Cs -- B
A -- I1+Cs --> C
So C can subtract its secret, and is left with the information I1. A knows the values of I1 and I2, but doesn't know which one C has. B knows that C has information I1, but doesn't know the value of it. Can you see some flaw here? And would it be possible to adopt to proper public key encryption somehow?
Upvotes: 2
Views: 2447
Answers (3)
Reputation: 33
Everything important has already been said about the encryption / decryption stuff. However, there is also a major flaw in the logic which I want to point out:
- A encrypts two pieces of information and sends them to B
- B chooses one of them, but A must not know the choice of B
- B encrypts one message of A using C's public key and sends it back to A
Here is the flaw: A could just use C's public key to encrypt its own original messages and thereby figure out which of the two information pieces was chosen by B.
Upvotes: 0
Reputation: 11658
What you are searching for is called multi-party encryption. It's an extended version of the classic RSA algorithm but it involves more than 2 prime factors (three, four, whatever...)
http://daim.idi.ntnu.no/masteroppgave?id=4699
Or you can use the standard 2-prime RSA with any number of users but as you discovered by yourself the order in which users encrypt/decrypt data must be preserved.
Upvotes: 2
Reputation: 12645
The problem with the chaining you have described is that every time you encrypt a chunk of data with a public key, you are "wrapping" it in encryption that ONLY that person (or whoever has access to the private key) can decrypt. Therefore, when Alice receives a copy of the data from Bob that was encrypted with Caesar's key, Alice couldn't touch it.
Can you provide more information about what exactly you are trying to achieve? It feels like you're putting too much thought into this process. Are you looking for some way to verify receipt, or verify data integrity between multiple parties?
Upvotes: 1
Related Questions
- RSA Encryption problem, C, e and N are given
- How to decrypt data with public key
- Public Key Encryption
- Secure communication using encrypted messages
- Encryption using public-private keys
- RSA Encryption - Public Key Encryption
- Hierarchical Encryption
- RSA decryption with public key and secret messgae
- n-Party Public Key Cryptography
- RSA: Encrypting message using multiple keys