| > a lot of other uses for public key, e.g. signing and multi-party decryption and so on have come out of public key To the best of my knowledge, multi-party decryption isn't really related to public key cryptography. Sending a message to a single recipient looks like this: 1. You write a message. 2. You encrypt it with a symmetric algorithm. 3. You encrypt the key to the encryption in step (2) with an asymmetric algorithm, using your recipient's public key. 4. You send them the combined message, encrypted ciphertext plus encrypted key-to-the-ciphertext. 5. They use their private key to decrypt the key-to-the-ciphertext. 6. They decrypt the message using the key you just sent them. It's done that way, as far as I've learned, mostly because symmetric encryption is faster than asymmetric encryption. But multi-party decryption is exactly the same: 1. You write a message. 2. You encrypt it with a symmetric algorithm. 3. You encrypt the key to the encryption in step (2) using the various public keys associated with each of your intended recipients. ... So instead of a single-recipient message being a ciphertext accompanied by a header revealing the encryption key to the ciphertext, a ten-recipient message is a ciphertext -- exactly the same ciphertext! -- accompanied by ten headers, each of which is only readable by a particular private key. There's nothing about this method that draws on public key cryptography; if I've exchanged OTP material with each of ten people, I could send a multi-recipient message exactly the same way. (And doing so would be at least as valuable as it is in the public-key case -- doing things that way allows me to send a message of arbitrary length while only consuming a bounded amount of OTP material.) |