Description
Suppose Alice and Bob wish to communicate. Bob can send a message to Alice as follows: first he creates a large number of puzzles, each of a moderate amount of difficulty — it must be possible for Alice to solve the puzzle with a moderate amount of computing effort. The puzzles are in the form of an encrypted message with an unknownHigh-level description
# Bob generates 2N messages containing, "This is message X. This is the symmetrical key Y", where X is a randomly generated identifier, and Y is a randomly generated secret key meant for symmetrical encryption. Hence, both X and Y are unique to each message. All the messages are encrypted in a way such that a user may conduct a brute force attack on each message with some difficulty. Bob sends all the encrypted messages to Alice. # Alice receives all the encrypted messages, and randomly chooses a single message to brute force. After Alice discovers both the identifier X and the secret key Y inside that message, she encrypts her clear text with the secret key Y, and sends that identifier (in cleartext) with her cipher text to Bob. # Bob looks up the secret key paired with that identifier, since he's the one who generated them in the first place, and deciphers Alice's cipher text with that secret key. Note that the eavesdropper Eve can read the identifier X sent back (in cleartext) from Alice to Bob, but has no way to map that to the secret key Y that Bob and Alice are now using for their ongoing communication, because the value of X within each message was randomly generated.Complexity and security analysis
The parameters of the puzzle game can be chosen to make it considerably harder to for an eavesdropper to break the code than for the parties to communicate, but Merkle puzzles do not provide the enormous qualitative differences in difficulty that are required for (and define) security in modern cryptography. Suppose that the number of puzzles sent by Bob is ''m'', and it takes both Bob and Alice ''n'' steps of computation to solve one puzzle. Then both can deduce a common session key within a time complexity of O(''m+n''). Eve, in contrast, is required to solve all puzzles, which takes her O(''mn'') of time. If ''m'' ≈ ''n'', the effort for Eve has roughly quadratic complexity compared to Alice and Bob, i.e., her computation time is on the order of the square of theirs. ''n'' should thus be selected large enough such that computation is still feasible for Alice and Bob while it surmounts the capabilities of Eve. Quadratic complexity is typically not considered secure enough against an attacker (or on the other extreme, for large m,n, convenient enough for the participants) for practical real-world cryptographic applications. However, this scheme has the distinction of being one of the first examples of public-key cryptography, and was an inspiration for the Diffie-Hellman key exchange protocol, which has much higher complexity, relying on the discrete logarithm problem. In 2008References
* {{cite journal , doi = 10.1145/359460.359473 , first = R. C. , last = Merkle , title = Secure Communications over Insecure Channels , journal = Communications of the ACM , volume = 21 , issue =4 , pages = 294–299 , date=April 1978 , citeseerx = 10.1.1.364.5157 }External links
* Ralph Merkle