this post was submitted on 22 Dec 2023
13 points (93.3% liked)

Cybersecurity

5851 readers
81 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
 

Hey! I program a lot but I'm not very good with cybersecurity and stuff, although I have a basic usage of GPG and asymetrical encryption.

My problem is:

Let's imagine that Alice (A) and Bob (B) each have a file with a number written in it.

Ideally, I'd like a program that A can run on her computer that would take the B file but encrypted, and output the minimum of the two values contained in A and B files.

But without any way for A to know what the number of B is, except if B value is the minimum, obviously.

Can someone help me with that? Thank you for reading!

you are viewing a single comment's thread
view the rest of the comments
[–] payasson@jlai.lu 0 points 1 year ago (2 children)

Indeed, I didn't think of that. And would it be possible to allow only one check and destroy/make the information of B unusable after this check?

Thank you for your reply!

[–] mattreb@feddit.it 3 points 1 year ago (1 children)

With some more restrictions, you may want to look into oblivious transfer https://yewtu.be/watch?v=wE5cl8J27Is

[–] payasson@jlai.lu 0 points 1 year ago

that's interesting indeed! thank you very much!

[–] Khanzarate@lemmy.world 1 points 1 year ago (1 children)

Possibly. I'm not a big crypto guy, but it's my understanding that any kind of transaction has a chance of being repeated. If there were a bad actor, and that bad actor used a VPN to swap identities, he could narrow this down considerably and weaken encryption. My code is as dumb as it gets, willing to consider 1 as a valid encryption key, but smarter code would be a lot more efficient.

On top of that, you wanted this minimum code to run on A's computer. If you do not trust A, then you've given a potential bad actor a program that could be decompiled to unencrypt your keys.

It sounds to me like in your current state, you need to trust A before you do this operation, and if you do, you can just share an unencrypted B.

[–] payasson@jlai.lu 0 points 1 year ago

Alright thank you for your reply, I'll think about it :) maybe having a vérification that can be done in any computer and any amount of time is just not possible for my use case