# How to exchange (secret) keys

@article{Blum1983HowTE, title={How to exchange (secret) keys}, author={Manuel Blum}, journal={ACM Trans. Comput. Syst.}, year={1983}, volume={1}, pages={175-193} }

A protocol is presented whereby two adversaries may exchange secrets, although neither trusts the other. The secrets are the prime factors of their publicly announced composite numbers. The two adversaries can exchange their secrets bit by bit, but each fears the other will cheat by sending "junk" bits. To solve this problem we show how each of the two can prove, for each bit delivered, that the bit is good. Applications are suggested to such electronic business transactions as signing…

## 188 Citations

### A randomized protocol for signing contracts

- Computer Science, MathematicsCACM
- 1985

Randomized protocols for signing contracts, certified mail, and flipping a coin are presented and an implementation of the 1-out-of-2 oblivious transfer, using any public key cryptosystem, is presented.

### A Randomized Protocol for

- Computer Science, Mathematics

Randomized protocols for signing contracts, certified mail, and flipping a coin are presented. The protocols use a Z-out-of-2 oblivious transfer subprotocol which is axiomatically defined. The lout…

### Gradual and Verifiable Release of a Secret

- Computer Science, MathematicsCRYPTO
- 1987

This work presents protocols allowing someone with a secret discrete logarithm to release it, bit by bit, such that anyone can verify each bit’s correctness as they receive it.

### How To Exchange Secrets By OT

- Computer ScienceInternational Conference on Internet Computing
- 2000

In this protocol, untrusted parties exchange secrets obliviously and verify that their received secrets are true by using transformed Zero Knowledge Interactive Proof extended to duplex.

### On Oblivious Transfer Protocol and Its Application for the Exchange of Secrets

- Computer Science, MathematicsASIACRYPT
- 1991

This paper redefine a verifiable oblivious transfer protocol which has the three properties of fairness, verifiability and security, and is based on the difficulty of the discrete logarithm.

### A Flexible Approach to Secure and Fair Document Exchange

- Computer ScienceComput. J.
- 1999

This paper presents a novel protocol for achieving secure and fair document exchange among multiparties that employs no trusted (third) party when a majority of the parties involved behave honestly and maximises the use of hash and polynomial functions.

### The Use of Public-Key Cryptography for Signing Checks

- Computer ScienceCRYPTO
- 1982

A secure system in which customers of a bank can make transactions and be able to keep a proof of each transaction and to satisfy the following constraints.

### Fair Secure Two-Party Computation

- Computer Science, MathematicsEUROCRYPT
- 2003

We demonstrate a transformation of Yao's protocol for secure two-party computation to a fair protocol in which neither party gains any substantial advantage by terminating the protocol prematurely.…

### Communication requirements for secure computation

- Computer Science, Mathematics2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton)
- 2013

Basic lowerbounds on the amount of communication required to compute with zero-error and perfect security in a three-party setting under the honest-but-curious model are provided.

### How to generate and exchange secrets

- Computer Science, Mathematics27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
- 1986

It is shown how two parties A and B can interactively generate a random integer N = p¿q such that its secret, i.e., the prime factors, is hidden from either party individually but is recoverable jointly if desired.

## References

SHOWING 1-10 OF 18 REFERENCES

### A randomized protocol for signing contracts

- Computer Science, MathematicsCACM
- 1985

Randomized protocols for signing contracts, certified mail, and flipping a coin are presented and an implementation of the 1-out-of-2 oblivious transfer, using any public key cryptosystem, is presented.

### A method for obtaining digital signatures and public-key cryptosystems

- Computer Science, MathematicsCACM
- 1978

An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys.

### Privacy and authentication: An introduction to cryptography

- Computer Science, MathematicsProceedings of the IEEE
- 1979

The basic information theoretic and computational properties of classical and modern cryptographic systems are presented, followed by cryptanalytic examination of several important systems and an examination of the application of cryptography to the security of timesharing systems and computer networks.

### DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION

- Mathematics, Computer Science
- 1979

It is proved that for any given n, if the authors can invert the function y = E (x1) for even a small percentage of the values y then they can factor n, which seems to be the first proved result of this kind.

### On taking roots in finite fields

- Mathematics, Computer Science18th Annual Symposium on Foundations of Computer Science (sfcs 1977)
- 1977

The main result is shown that finding the least x such that x2 = a MOD(m) is NP-complete (even if m is factored).

### Factoring polynomials over large finite fields*

- Mathematics, Computer ScienceSYMSAC '71
- 1971

Some of the known algorithms for factoring polynomials over finite fields are reviewed and a new deterministic procedure for reducing the problem of factoring an arbitrary polynomial over the Galois field GF(p m) is presented.

### A Fast Monte-Carlo Test for Primality

- MathematicsSIAM J. Comput.
- 1977

A uniform distribution a from a uniform distribution on the set 1, 2, 3, 4, 5 is a random number and if a and n are relatively prime, compute the residue varepsilon.

### Riemann's Hypothesis and tests for primality

- Computer Science, MathematicsSTOC
- 1975

It is shown that primality is testable in time a polynomial in the length of the binary representation of a number, and a partial solution is given to the relationship between the complexity of computing the prime factorization of a numbers, computing the Euler phi function, and computing other related functions.