[messaging] Introduction secrets and "unlinkable rendezvous" protocols

Robert Ransom rransom.8774 at gmail.com
Tue Feb 18 18:07:45 PST 2014


On 2/14/14, Trevor Perrin <trevp at trevp.net> wrote:

> (C) With no computers, there's various ways to agree on enough entropy
> for an unlinkable online rendezvous:
>  1. People invent passwords on-the-fly, and hope that a bunch of
> key-stretching will make them strong enough.
>  2. Shuffling / splitting decks of cards (Adam's idea for Pond).

Specifically, Adam suggested shuffling a deck of cards, then cutting
it (in the sense of splitting it into two smaller sequences of cards)
and using the (unordered) set of cards as a shared key.  This is a
very fast way to establish a shared secret key; if the deck is cut
into exactly equal-sized halves, it produces almost 49 bits of
entropy, and if you're a little sloppy about the location of the cut,
it easily produces more than 51 bits of entropy.

There's a less efficient way to derive a much stronger key from a
shuffled deck of cards: use its order, or the order of the first N
cards.  If you use the first 10 cards, that's already more than 55
bits; the first 20 cards provide over 107 bits; and the first 26 cards
(half the deck) provide over 137 bits.  There are two ways to share
the resulting secret: (a) one party writes down the sequence (slow but
non-destructive); (b) the parties cut the deck in half (in the sense
of chopping the cards with a knife) (fast but destroys the deck
permanently).


Robert Ransom


More information about the Messaging mailing list