Alice Does a Secure Lucky Dip
And so Bob sets up a Lucky Dip competition, and Alice wants to play but doesn’t trust anyone to pick for her. How can she do it? Well, one way is with Commutative Encryption. For this, we create encryption, where we can apply the symmetric keys in any order, and then decrypt in any order. Thus the cipher might be created by encrypting with Bob’s Key (KB), and then by Alice’s key (KA):
C = KA(KB(M))
We can then decrypt either by decrypting with Alice’s key first, and then with Bob’s key, or vice versa. So let’s look at the lucky dip. Bob first creates four prizes (LOSE, $1, $10, and $100), and Alice pays $50. Bob then encrypts each of the prizes with his encryption key (KB). Next Alice selects one, and applies her own key to it, and then returns them all back to Bob. Bob then detects the one that has been selected and then decrypts the one that Alice has picked. Bob cannot determine if Alice has won a prize, as it will still be encrypted with Alice’s key. He then sends this one back to Alice, and she decrypts with her key and reveals the prize:
