# How to exchange (secret) keys

@article{Blum1983HowTE, title={How to exchange (secret) keys}, author={M. Blum}, journal={ACM Trans. Comput. Syst.}, year={1983}, volume={1}, pages={175-193} }

A protocol is presented whereby two adversaries may exchange secrets, although neither trusts the other. The secrets are the prime factors of their publicly announced composite numbers. The two adversaries can exchange their secrets bit by bit, but each fears the other will cheat by sending "junk" bits. To solve this problem we show how each of the two can prove, for each bit delivered, that the bit is good. Applications are suggested to such electronic business transactions as signing… Expand

#### Topics from this paper

#### 160 Citations

A randomized protocol for signing contracts

- Computer Science
- CACM
- 1985

Randomized protocols for signing contracts, certified mail, and flipping a coin are presented and an implementation of the 1-out-of-2 oblivious transfer, using any public key cryptosystem, is presented. Expand

A Randomized Protocol for

Randomized protocols for signing contracts, certified mail, and flipping a coin are presented. The protocols use a Z-out-of-2 oblivious transfer subprotocol which is axiomatically defined. The lout… Expand

Gradual and Verifiable Release of a Secret

- Mathematics, Computer Science
- CRYPTO
- 1987

This work presents protocols allowing someone with a secret discrete logarithm to release it, bit by bit, such that anyone can verify each bit’s correctness as they receive it. Expand

How To Exchange Secrets By OT

- Business, Computer Science
- International Conference on Internet Computing
- 2000

In this protocol, untrusted parties exchange secrets obliviously and verify that their received secrets are true by using transformed Zero Knowledge Interactive Proof extended to duplex. Expand

On Oblivious Transfer Protocol and Its Application for the Exchange of Secrets

- Computer Science
- ASIACRYPT
- 1991

This paper redefine a verifiable oblivious transfer protocol which has the three properties of fairness, verifiability and security, and is based on the difficulty of the discrete logarithm. Expand

A Flexible Approach to Secure and Fair Document Exchange

- Computer Science
- Comput. J.
- 1999

This paper presents a novel protocol for achieving secure and fair document exchange among multiparties that employs no trusted (third) party when a majority of the parties involved behave honestly and maximises the use of hash and polynomial functions. Expand

Practical and Provably Secure Release of a Secret and Exchange of Signatures

- Computer Science
- 1995

It is argued that the protocol can be efficiently applied to the exchange of secrets in many cases, such as when the secret is a digital signature, including Rabin, low-public-exponent RSA, and El Gamal signatures. Expand

The Use of Public-Key Cryptography for Signing Checks

- Computer Science
- CRYPTO
- 1982

A secure system in which customers of a bank can make transactions and be able to keep a proof of each transaction and to satisfy the following constraints. Expand

Fair Secure Two-Party Computation

- Computer Science
- EUROCRYPT
- 2003

We demonstrate a transformation of Yao's protocol for secure two-party computation to a fair protocol in which neither party gains any substantial advantage by terminating the protocol prematurely.… Expand

Communication requirements for secure computation

- Mathematics, Computer Science
- 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton)
- 2013

Basic lowerbounds on the amount of communication required to compute with zero-error and perfect security in a three-party setting under the honest-but-curious model are provided. Expand

#### References

SHOWING 1-10 OF 19 REFERENCES

A randomized protocol for signing contracts

- Computer Science
- CACM
- 1985

Randomized protocols for signing contracts, certified mail, and flipping a coin are presented and an implementation of the 1-out-of-2 oblivious transfer, using any public key cryptosystem, is presented. Expand

A method for obtaining digital signatures and public-key cryptosystems

- Computer Science
- CACM
- 1978

An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys. Expand

Transaction Protection by Beacons

- Computer Science
- J. Comput. Syst. Sci.
- 1983

Protocols for implementing contract signing, confidential disclosures, and certified mail in an electronic mail system are proposed, which can be implemented with just a small probability of a participant cheating his partner, by use of a beacon emitting random integers. Expand

Privacy and authentication: An introduction to cryptography

- Computer Science
- Proceedings of the IEEE
- 1979

The basic information theoretic and computational properties of classical and modern cryptographic systems are presented, followed by cryptanalytic examination of several important systems and an examination of the application of cryptography to the security of timesharing systems and computer networks. Expand

DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION

- Mathematics
- 1979

We introduce a new class of public-key functions involving a number n = pq having two large prime factors. As usual, the key n is public, while p and q are the private key used by the issuer for… Expand

On taking roots in finite fields

- Mathematics, Computer Science
- 18th Annual Symposium on Foundations of Computer Science (sfcs 1977)
- 1977

The main result is shown that finding the least x such that x2 = a MOD(m) is NP-complete (even if m is factored). Expand

Factoring polynomials over large finite fields*

- Mathematics
- SYMSAC '71
- 1971

This paper reviews some of the known algorithms for factoring polynomials over finite fields and presents a new deterministic procedure for reducing the problem of factoring an arbitrary polynomial… Expand

Probabilistic algorithm for testing primality

- Mathematics
- 1980

Abstract We present a practical probabilistic algorithm for testing large numbers of arbitrary form for primality. The algorithm has the feature that when it determines a number composite then the… Expand

A Fast Monte-Carlo Test for Primality

- Mathematics, Computer Science
- SIAM J. Comput.
- 1977

A uniform distribution a from a uniform distribution on the set 1, 2, 3, 4, 5 is a random number and if a and n are relatively prime, compute the residue varepsilon. Expand

Riemann's Hypothesis and tests for primality

- Computer Science, Mathematics
- STOC
- 1975

It is shown that primality is testable in time a polynomial in the length of the binary representation of a number, and a partial solution is given to the relationship between the complexity of computing the prime factorization of a numbers, computing the Euler phi function, and computing other related functions. Expand