On the use of RSA as a secret key cryptosystem

One fundamental difference between the use of symmetric and public key cryptosystems is that the former requires trust between sender and receiver. Typically they will share a secret key and neither has any protection from the other. However, many users are now finding that they want keys to be used for 'one purpose only' and are relying on hardware functionality to introduce the concept of unidirectional keys for symmetric algorithms. (So, for instance, the hardware functionality might ensure that a key used for encrypting messages from user A to user B cannot be used for encrypting messages in the opposite direction.) For public key systems this concept of unidirectional keys is automatically satisfied. However, when the encrypting key is made public, the exposure of this key means that the deciphering key is only safe from compromise when the keys are very large. If, on the other hand, both keys were kept secret then it might be possible to use much smaller keys. In this paper we investigate ways of using the primitives of an RSA public key cryptosystem in a symmetric key 'setting' i.e. where neither key is made public.