Ask HN: Encryption algorithm with *multiple* decryption keys?

[rrnechmech]

Sorry for what might be a dumb question but, does there exist an encryption algo that allows something to be encrypted in such a way that any number of n keys or passwords or the like might decrypt? (Obviously to obtain the same cleartext)

[throwaway019254]

You encode the cleartext with a single master key. Then you encrypt the master key with multiple keys and store it together with the encrypted cleartext.

This will not take much more space as only the master key is encrypted multiple times.

Now anybody who has one of the keys can decrypt the master key and subsequently decrypt the cleartext.

[indulona]

so simple!

[solardev]

I took the OP to mean "any one of n keys can decrypt", not "you need at least n of x keys to decrypt".

In that case... dumb answer... but couldn't you just encrypt it twice (or n times), with n separate keys? Or encrypt the actual thing with a symmetric key, then separately encrypt the symmetric key with a public keypair for each of n users, such that any one of them could regain the symmetric key for that one thing (but not anyone else's private keys).

[Terr_]

> encrypted in such a way that any number of n keys or passwords or the like might decrypt

I'm assuming you mean "it requires 2 or more keys but less than all of them", so I'd check variations of: https://en.wikipedia.org/wiki/Secret_sharing

The cases for "any individual key is enough" or "all keys required" are much simpler.

[raincom]

Look at a similar question on the crypto stack exchange: "One Encryption, Many Decryption Keys":

https://crypto.stackexchange.com/questions/39397/one-encrypt...

[aborsy]

LUKS has several key slots. As someone said, it’s quite simple, the data encryption key is encrypted with multiple keys and stored in different slots.

You can encrypt the data encryption key with, say, any 2 keys out of 3. You concatenate any two keys into a single key, and encrypt the master key with that. That gives you Shamir scheme, that used in crypto currencies.

[randompeach]

age-encryption.org their project has a good documentation / standard of how age encryption works. Helped me to understand this topic better.

[stop50]

That would be the holy grail of encryption. The best we can do is an encryption method that needs an k amount of keys of n total keys to get the key that decrypts the data.

[Bluestein]

Indeed. Thanks. The so-called secret-sharing algo if I am not mistaken.-

Genuinely interested: I agree it'd be useful but, what would make it a "holy grail"?

[stop50]

LUKS uses an master key that can decrypt the storage and this master key is then encrypted with the keys the users enter, with that algorithm this is no longer nessesary.

Law enforcment/espionage would be also interested in it, since it allows access to data without breaking the encryption.

On the other hand it is a weaker cypher, since if 2 keys allow decryption, there may be more keys that can decrypt the data.

[samrolken]

Threshold cryptography might be what you're looking for.