Imagine two persons: Alice and Bob. We have a generated secret value that is valuable and has to be encrypted in a way that both can't reveal the value on their own but only when they both confirm.
My first approach would have been to double encrypt the secret value. One time with Alice keyset and one time with Bobs keyset. The problem: They both don't trust each other. So we can't send Bobs public key to Alice in order to double-encrypt, because Bob can't trust Alice that she stores the generated secret value before encryption.
My second approach is to write a software tool that generates the secret value and immediately encrypts it with Alices and Bobs' public key. But if Alice runs this software, how can Bob be sure that the encrypted hash he got was generated from this software tool and not from a compromised tool from Alice?
I hope the idea is understandable. Which approaches could solve this problem? Do I need a third person that does the encryption for them - and what if there is no such person, that Alice and Bob both trust.
