|
In cryptography, the socialist millionaire problem is one in which two millionaires want to determine if their wealth is equal without disclosing any information about their riches to each other. It is a variant of the Millionaire's Problem whereby two millionaires wish to compare their riches to determine who has the most wealth without disclosing any information about their riches to each other. It is often used as a cryptographic protocol that allows two parties to verify the identity of the remote party through the use of a shared secret, avoiding a man-in-the-middle attack without the inconvenience of manually comparing public key fingerprints through an outside channel. In effect, a relatively weak password/passphrase in natural language can be used. == Motivation == Alice and Bob have secret values and , respectively. Alice and Bob wish to learn if without allowing either party to learn anything else about the other's secret value. A passive attacker simply spying on the messages Alice and Bob exchange learns nothing about and , not even whether . Even if one of the parties is dishonest and deviates from the protocol, that person cannot learn anything more than if . An active attacker capable of arbitrarily interfering with Alice and Bob's communication (a man-in-the-middle) cannot learn more than a passive attacker and cannot affect the outcome of the protocol other than to make it fail. Therefore, the protocol can be used to authenticate whether two parties have the same secret information. Popular instant message cryptography package Off-the-Record Messaging uses the Socialist Millionaire protocol for authentication, in which the secrets and contain information about both parties' long-term authentication public keys as well as information entered by the users themselves. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Socialist millionaire」の詳細全文を読む スポンサード リンク
|