A user to commit to a chosen value that is kept secret until it is latter revealed.

Two parties to exchange encrypted messages without first sharing cryptographic keys.

To share secrets between a subset of users such that information is not leaked from individual shares.

Yes

No

In Verman cipher, E(k2, E(k1, m))

!=

E(k1, E(k2, m)).

Verman cipher is insecure.

Using Verman within Shamir's 3-pass protocol is not secure.

It can be used without problems.

A user to commit to a chosen value that is kept secret until it is latter revealed.

Two parties to exchange encrypted messages without first sharing cryptographic keys.

To share secrets between a subset of users such that information is not leaked from individual shares.

It is a great scheme.

They won't be able to recover my password, even if all of them collaborate.

Information is leaked to individual users.

It is a great scheme.

Each of the copies is susceptible to leakage.

It is not useful for recovering the password.

3

4

5

6

Information can be leaked with individual shares.

There is no way to detect cheaters.

We need to trust someone to create the shares.

The recovery of the secret fails in some situations.

Given C(m), B can extract the committed message m.

Given C(m), B can not learn anything from m.

Once B knows C(m), A can change m to another value, m'.

Once B knows C(m), A cannot change m to another value, m'.