Secret Key Assurances

• By Doris M. Baker and H. X. Mel
• May 18, 2001
• Article is provided courtesy of Addison-Wesley Professional

From the author of
Cryptography Decrypted

Nonrepudiation: Secret Keys Can't Do It

In a world of marital harmony and perfect people, Alice would never deny or forget that she received a message from Bob, and vice versa. But suppose Alice and Bob share a secret key with their stockbroker. Alice or Bob encrypts a buy order, specifies a price, and sends it to Untrusty the stockbroker. Untrusty thinks the price will go down and decides not to buy Alice and Bob's stock until the next day; Untrusty figures he can pocket the difference.

But the next day the price goes up, and Untrusty claims he never received the order from Alice or Bob. Untrusty denies, or repudiates, the buy order. Bob and Alice would be out of luck except that cryptography provides a way to make Untrusty confess the truth.

Alice makes Untrusty agree to encrypt a message stating that he, Untrusty, received their buy order. Then if Untrusty denies or repudiates the buy order, Alice could show the message to an impartial judge. Alice could say, "Here is the encrypted message and the decrypted message that Untrusty sent us; here is the secret key Untrusty used to make the encrypted message. Only the secret key, which is shared by Untrusty and us, can make this exact encrypted message from the plaintext. It's proof that Untrusty sent us the message that he received our buy order." Untrusty's lawyer slowly gets up, slowly straightens his tie, and very slowly touches his finger to his lip. He's getting paid by the hour. Untrusty's lawyer asks Alice whether she has a copy of the secret key she shares with Untrusty. Alice, of course, has a copy. How else could she decrypt the encrypted confirmation she received from Untrusty? The lawyer then asks Alice whether she could also make exactly the same message and encrypt it so that it looks exactly like what she says was sent to her by Untrusty. She can. Alas-this means that she has no case.

Secret keys alone aren't enough to ensure that someone else can't repudiate or deny receiving your message. To implement nonrepudiation, you must either use secret keys with a trusted third party (a process reviewed in Chapter 8) or use public key cryptography.

Alice and Bob-along with their offspring, Casey and Dawn-will encounter another difficulty with secret key cryptography, a problem resolved by public key cryptography. They are computer-savvy and know to encrypt their messages with Triple DES or the new AES standard, Rijndael. If they are to communicate securely with one another and the diverse others they meet at the four corners of the Internet world, they'll need to exchange and keep track of many secret keys. Although they are all keyed up to share secrets globally, Chapter 8 shows the problems of a secret-key-only system.