Towards an information-theoretically safe cryptographic protocol

We introduce what –if some kind of group action exists– is a truly (information-theoretically) safe cryptographic communication system: a protocol which provides zero information to any passive adversary having full access to the channel. 1. The false algorithm, simple version Assume Alice wants to share a secret s, which we assume for simplicity is a non-zero rational number s = p/q ∈ Q⋆. For example, s could be the key of a symmetric key protocol, a password or even a complete message such as a pair of coordinates in a map or a time. Alice picks another random rational t and calls v = (s, t) to the corresponding point in Q. She chooses a random transformation A ∈ GL2(Q) in the linear group of Q and computes v1 = v · A. Alice sends v1 to Bob. Bob picks another random transformation B ∈ GL2(Q) and computes v2 = v1 ·B, and sends v2 back to Alice. Notice that v1 gives no information to Bob or an eavesdropper (Eve) about s, because t is random and v1 can be any point in Q, depending on t and A, which are both unknown to both Bob and Eve. For a similar reason, the knowledge of v1 and v2 gives no useful information about B. Alice now computes v3 = v2 · A −1 and sends v3 back to Bob. Again, the knowledge of v1, v2 and v3 is useless in order to retrieve the original v. Finally, Bob computes v4 = v3 · B . If only v4 = v...! 2. The protocol “would be” safe Let us assume the above algorithm ends up with v4 = v and let us prove its safeness under this condition. Theorem 1. The above method of communication is information-theoretically safe, assuming v, A and B (and their inverses, obviously) are kept secret. That is, the knowledge of the whole communication gives no information on the message. Proof. We only need to show that an eavesdropper which knows all the communication has no clue about what s may be. In other words, it is Date: March 24, 2006. This assumption might be relaxed, using an infinite set is for exposition reasons, see section 3.