Discussion:
Sharing Encrypted Data
Aameek Singh
2005-10-31 18:24:19 UTC
Raw Message
Hello,

I am looking at a problem where encrypted data needs to be shared with users
and the aim is not to disclose the original key, rather modify the encrypted
data in a way that a new key can decrypt the data and only that key is
shared with the user.

In other words, given a key K, can we design Op and K2 such that:

D_K2 (Op (E_K (M))) = M

where D stands for decryption and E stands for encryption. Also, the security
of the encryption should not be affected (by much). I am open to the choice
of encryption scheme and the mode of operation (CBC, ECB, OFB...)

Any help will be appreciated.

Thanks,
Aameek
Ertugrul Soeylemez
2005-11-01 09:30:56 UTC
Raw Message
Post by Aameek Singh
D_K2 (Op (E_K (M))) = M
where D stands for decryption and E stands for encryption. Also, the security
of the encryption should not be affected (by much). I am open to the choice
of encryption scheme and the mode of operation (CBC, ECB, OFB...)
This is exactly how RSA[1] is defined. You can use RSA directly or any
of its derivatives like ElGamal[2]. The security is the same. RSA is
based on the following trapdoor:

x^(e*d) = x (mod n)

where:

e*d = 1 (mod phi(n))

Technically this is the case, because the finite field Z/nZ in which RSA
operates has a different exponent ring Z/phi(n)Z. n and e together are
the public key and n and d together are the secret key (or vice-versa).
You can't reconstruct d by just knowing n and e, because to calculate
phi(n) you need the prime factors of n. If n is large enough, then this
becomes unpractical.

<http://en.wikipedia.org/wiki/RSA>

You could then give your public key (n, e) away. The encryption and
decryption functions are identical, differing only by the key they use.
If the function is called 'rsa', then it has the following properties:

x = rsa_d(rsa_e(x))
x = rsa_e(rsa_d(x))

Assuming that e is your public key and d is your secret key, the former
scheme can be used to encrypt data, and the latter scheme can be used to
sign data.

Regards.

- -----
Public key "Ertugrul Soeylemez <***@drwxr-xr-x.org>" (id: CE402012)
hkp: subkeys.pgp.net ldap: keyserver.pgp.com http: www.keyserver.de
Fingerprint: 0F12 0912 DFC8 2FC5 E2B8 A23E 6BAC 998E CE40 2012