[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bit Commitment Query

To: [email protected]
Subject: Re: Bit Commitment Query
From: Hal <[email protected]>
Date: Thu, 21 Dec 1995 10:27:40 -0800
Sender: [email protected]

For Robbie Gates, I agree that the bit commitment he describes seems
more complicated than necessary.  The simpler one, where you just hash
(R,b), is the one I have seen used.  I suggest asking on sci.crypt.
Bruce Schneier and many other good cryptographers read that group.

For Futplex, the idea of using a block encryption algorithm in a 
similar way, encrypting (R,b) with a secret key K, and later revealing
K, is a little questionable because block encryption algorithms are not
designed to avoid collisions in the same way hashes are.  Futplex
suggests that it should be hard to find two keys K_1 and K_2 such that
E_K_1(R, b1) = E_K_2(R, b2) where b1<>b2.  But this is not necessarily
true.  A cryptosystem might have the property, say, that complementing
the key is equivalent to complementing bit 0 of the plaintext.  DES has
some simple complementation properties (although not this one).  Unless
you can show that a cipher with this property is inherently weak then
it is not a valid assumption that a cipher won't have this property.

There is some literature on creating hash functions out of block ciphers.
The two are really not interchangeable.

Hal

Prev by Date: Re: The War on Some Money [long]
Next by Date: Re: Microsoft Flame[tm] [NOISE]
Prev by thread: Re: Bit Commitment Query
Next by thread: on web standards: sent to Markoff
Index(es):
- Date
- Thread