In cryptography, a three-pass protocol for sending messages is a framework which allows one party to securely send a message to a second party without the need to exchange or distribute encryption keys.
Such message protocols should not be confused with various other algorithms which use 3 passes for authentication.
It is called a three-pass protocol because the sender and the receiver exchange three encrypted messages.
The first three-pass protocol was developed by Adi Shamir circa 1980, and is described in more detail in a later section.
The three-pass protocol works as follows: The receiver can now decrypt the message using the key q, namely
It is also called the Shamir No-Key Protocol because the sender and the receiver do not exchange any keys, however the protocol requires the sender and receiver to have two private keys for encrypting and decrypting messages.
The Shamir algorithm uses exponentiation modulo a large prime as both the encryption and decryption functions.
The Massey–Omura Cryptosystem was proposed by James Massey and Jim K. Omura in 1982 as a possible improvement over the Shamir protocol.
The Massey–Omura method uses exponentiation in the Galois field GF(2n) as both the encryption and decryption functions.
Each element of the Galois field GF(2n) is represented as a binary vector over a normal basis in which each basis vector is the square of the preceding one.
That is, the basis vectors are v1, v2, v4, v8, ... where v is a field element of maximum order.
By using this representation, exponentiations by powers of 2 can be accomplished by cyclic shifts.
This means that raising m to an arbitrary power can be accomplished with at most n shifts and n multiplications.
This allows faster hardware realizations at the cost of having to implement several multipliers.
For the encryption functions used in the Shamir algorithm and the Massey–Omura algorithm described above, the security relies on the difficulty of computing discrete logarithms in a finite field.
Hence, without any additional authentication the protocol is susceptible to a man-in-the-middle attack if the opponent has the ability to create false messages, or to intercept and replace the genuine transmitted messages.