[messaging] Introduction secrets and "unlinkable rendezvous" protocols
Robert Ransom
rransom.8774 at gmail.com
Tue Feb 18 18:07:45 PST 2014
On 2/14/14, Trevor Perrin <trevp at trevp.net> wrote:
> (C) With no computers, there's various ways to agree on enough entropy
> for an unlinkable online rendezvous:
> 1. People invent passwords on-the-fly, and hope that a bunch of
> key-stretching will make them strong enough.
> 2. Shuffling / splitting decks of cards (Adam's idea for Pond).
Specifically, Adam suggested shuffling a deck of cards, then cutting
it (in the sense of splitting it into two smaller sequences of cards)
and using the (unordered) set of cards as a shared key. This is a
very fast way to establish a shared secret key; if the deck is cut
into exactly equal-sized halves, it produces almost 49 bits of
entropy, and if you're a little sloppy about the location of the cut,
it easily produces more than 51 bits of entropy.
There's a less efficient way to derive a much stronger key from a
shuffled deck of cards: use its order, or the order of the first N
cards. If you use the first 10 cards, that's already more than 55
bits; the first 20 cards provide over 107 bits; and the first 26 cards
(half the deck) provide over 137 bits. There are two ways to share
the resulting secret: (a) one party writes down the sequence (slow but
non-destructive); (b) the parties cut the deck in half (in the sense
of chopping the cards with a knife) (fast but destroys the deck
permanently).
Robert Ransom
More information about the Messaging
mailing list