# Can you Encrypt1(m), Encrypt2(E1(m), Decrypt1(E2(E1(m))) and Decrypt2(E2(m))?

834 views
5

I was wondering if the following was possible.

When exchanging passwords with a server, the password should be protected. Therefore a User could Encrypt the Password with a generated Key kUser. Encrypt(m, kUser) resulting in the encrypted message eU(m). Now the user sends this information to the server. The server now encrypts the message with its own key kServer. Encrypt(eU(m), kServer) resulting in eS(eU(m)). Now the server sends this information back, where the User now decrypts the message with his previously used key. Decrypt(eS(eU(m), kUser) would this result in eS(m) ? Would this be possbile ?

It's like imaging a suitcase with the information stored inside. The user puts his lock A on the suitcase and sends it to the server. No one can access the information but the one with the key to lock A. The server now puts a second lock B besides lock A on the suitcase and sends it back to the user. The suitcase now is locked by two locks A and B. The user then uses his key A to remove his lock A and sends the suitcase with only lock B remaining to the server. The server now removes lock B with his key B and can access the information.

How would one implement such a system (if it is possible)?

Just use TLS. Don't try to implement your own crypto.

It seems more like you've put the message a locked suitcase eU(m) and then - rather than adding a second lock - put that suitcase inside another locked suitcase eS(eU(m)) - so even if you have the key to eU(m) you can't get to it to unlock it. Maybe there's funky maths out there that get around the problem, but I think that's a more accurate description?

3

would this result in eS(m) ?

That depends on your decryption / encryption function.

Would this be possbile ?

Yes. Imagine a simple Caesar or Vigenére chifre, that would certainly work.

const keyA = "B";
const keyB = "C";
const text = "AB";

const sent = encrypt(text, keyA); // BC
const sendBack = encrypt(sent, keyB); // DE
const sent2 = decrypt( sendBack, keyA); // CD
decrypt(sent2, keyB); // AB

How would one implement such a system (if it is possible)?

Don't. The most weak encryption is the one you invented by yourself. Instead use a library implementing the Diffie-Hellmann key exchange protocol, which does exactly what you describe, but its bulletproof (till now).

posted this