I’m not sure I follow. If the public key is public, then the attackers don’t have to guess. If the public key isn’t known how is a sender supposed to encrypt it?
The public key is known; its association with a particular user is not. Through a separate channel [1], members of the club were given (the very short message of) transformations they can apply to a real public key. The sender uses the real public key but labels it as having the transformed one. When the ciphertext decrypts to garbage, attackers have to figure out what the real key is, requiring un-automatable analysis.
The recipient need only try a few reverse transformations to get back the true public key.
[1] which makes it unusable for the context of e.g. banks that you discussed, but the topic was theoretical situations where this can increase security
I don’t see what your transformations are buying you. You don’t have to label an encrypted message with its key at all. The intended recipient knows their own key. So your proposal is equivalent to telling your “public” key only to people who are supposed to send you messages.
I’m not sure I follow. If the public key is public, then the attackers don’t have to guess. If the public key isn’t known how is a sender supposed to encrypt it?
The public key is known; its association with a particular user is not. Through a separate channel [1], members of the club were given (the very short message of) transformations they can apply to a real public key. The sender uses the real public key but labels it as having the transformed one. When the ciphertext decrypts to garbage, attackers have to figure out what the real key is, requiring un-automatable analysis.
The recipient need only try a few reverse transformations to get back the true public key.
[1] which makes it unusable for the context of e.g. banks that you discussed, but the topic was theoretical situations where this can increase security
I don’t see what your transformations are buying you. You don’t have to label an encrypted message with its key at all. The intended recipient knows their own key. So your proposal is equivalent to telling your “public” key only to people who are supposed to send you messages.