9

I am wondering if there exists some asymmetric encryption algorithm that would work with two different private keys, so that the encrypted message can be decrypted by either one of such private keys?

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
Ωmega
  • 42,614
  • 34
  • 134
  • 203

4 Answers4

11

Asymmetric keys are never used for encrypting messages (too slow, has a size limit, etc.), only for encrypting small buffers, like symmetric keys for messages.

When you encrypt a message with an asymm. key, you are in fact encrypting a symmetric key which encrypts the message.

Simply encrypt the same symmetric key with two different asymm. keys and you'd get two different cipherblocks which both contain the same symmetric key for the message, so you can decrypt with either one.

Boris B.
  • 4,933
  • 1
  • 28
  • 59
3

You could use a symmetric encryption and secret sharing scheme on top of that, "splitting the key in half".

More on secret sharing: http://en.wikipedia.org/wiki/Secret_sharing

Steps on how I see it:

  1. Encrypt the data using (pseudo) randomly generated key.
  2. Distribute the secret using Shamir's secret sharing which is the key to two shares, where as one share will suffice to get the key.

The end result is that one (or more) "keys" are required to get the data.

Armon A.
  • 31
  • 1
  • Welcome to Stack Overflow. You seem to be describing systems where a message is encrypted with N keys, and M of the N keys (with 1 < M <= N) is needed to read the message. On this scale, I think the question is asking about the case where 1 = M < N. Good link to Wikipedia, though. – Jonathan Leffler Sep 22 '12 at 21:24
2

There is no such algorithm as far as I know, but there is a common solution. The enciphered text is transferred together with a set of cryptograms of the symmetric key used to encipher the text itself. Each such cryptogram of the key is a result of enciphering the original key with the public key of one of recipients. Thus, all recipients knowing their private keys may decipher the key used to encipher the data and then decipher the message itself.

Serge
  • 6,088
  • 17
  • 27
  • There is such an algorithm. I had to implement it this morning. Alice and Bob both have a (temporary) RSA keypair for encryption, and exchange the public keys. Since RSA keys commute not just for pairs, but for different keypairs, an encrypted message: msg * my_priv * their_pub needs the other side to apply its own my_priv * their_pub to recover msg. It's useful for PGP-like schemes where only a program that checks authorization writes grants that only users can unwrap, and program unwrapping existing grants cryptographically requires a user request. – Rob Dec 13 '15 at 00:13
1

Typically a hybrid encryptions scheme is used. I.e. the message is encrypted with a symmetric key cryptosytem, then the symmetric keys are encrypted with the public keys of each of the intended receivers.

blah
  • 11
  • 1