*Post by Aameek Singh*D_K2 (Op (E_K (M))) = M

where D stands for decryption and E stands for encryption. Also, the security

of the encryption should not be affected (by much). I am open to the choice

of encryption scheme and the mode of operation (CBC, ECB, OFB...)

This is exactly how RSA[1] is defined. You can use RSA directly or any

of its derivatives like ElGamal[2]. The security is the same. RSA is

based on the following trapdoor:

x^(e*d) = x (mod n)

where:

e*d = 1 (mod phi(n))

Technically this is the case, because the finite field Z/nZ in which RSA

operates has a different exponent ring Z/phi(n)Z. n and e together are

the public key and n and d together are the secret key (or vice-versa).

You can't reconstruct d by just knowing n and e, because to calculate

phi(n) you need the prime factors of n. If n is large enough, then this

becomes unpractical.

Read the Wikipedia-article about RSA:

<http://en.wikipedia.org/wiki/RSA>

You could then give your public key (n, e) away. The encryption and

decryption functions are identical, differing only by the key they use.

If the function is called 'rsa', then it has the following properties:

x = rsa_d(rsa_e(x))

x = rsa_e(rsa_d(x))

Assuming that e is your public key and d is your secret key, the former

scheme can be used to encrypt data, and the latter scheme can be used to

sign data.

Regards.

- -----

Public key "Ertugrul Soeylemez <***@drwxr-xr-x.org>" (id: CE402012)

hkp: subkeys.pgp.net ldap: keyserver.pgp.com http: www.keyserver.de

Fingerprint: 0F12 0912 DFC8 2FC5 E2B8 A23E 6BAC 998E CE40 2012