This is more out of curiosity than anything, having no knowledge of cryptography.
But say I have strings "test1" and "test2", is there any way/algorithm to encode the two strings to an encoded string "string" such that when "string" is decoded with "key1", it returns "test1", and likewise for "key2" and "test2"?
Thanks!
Maybe this example is only remotely related to the question, but anyway:
VeraCrypt application for encrypting computer's disks has an ability to offer part of the disk capacity to reach the plausible deniability with the help of 2 different passwords:
So both passwords are used in the same manner (in a command or a dialog box) and only by choosing between them decides which content will be accessible.
The One-Time Pad can be made to do this. With plaintext1 ("test1") and plaintext2 ("test2") given, we can chose (perhaps, randomly) any one of ciphertext (encoded string), pad1 ("key1"), pad2 ("key2"); the rest follows from the standard OTP equations
plaintext1 ⊕ pad1 = ciphertext = plaintext2 ⊕ pad2
where ⊕ is bitwise eXclusive-OR; but watch that
Example: we generate random ciphertext, then use
pad1 = plaintext1 ⊕ ciphertext and pad2 = plaintext2 ⊕ ciphertext
ciphertext = DF 23 87 E8 A2
plaintext1 = "test1" = 74 65 73 74 31
plaintext2 = "test2" = 74 65 73 74 32
pad1 = AB 46 F4 9C 93
pad2 = AB 46 F4 9C 90
This has the property asked that when ciphertext is decoded with pad1, it returns "test1", and likewise for pad2 and "test2".
The value of ciphertext was not really obtained by encoding "test1" and "test2" using pad1 and pad2. However if that is performed, both yield ciphertext, which is close to what's asked.
I'll try to lay out a scenario that I think you are describing. You have a publisher that is sending out one message that goes out to two people, and you want these two people to be able to get different information from that message. This is only possible if the whole message is the same size or larger than the sum of the two separate pieces of information the people get out of the message. You can put whatever encryption on top of this but it will either make a message the same size or larger.
You could do something else, have the information already encrypted at person 1 and different information encrypted at person 2 with the same key, and then broadcast the same key to both people at a later date.
Another relevant term is "deniable encryption". See the answer to the question one ciphertext multiple keys multiple messages, from which I quote:
Deniable encryption makes it impossible to prove the existence of the plaintext message without the proper encryption key. This may be done by allowing an encrypted message to be decrypted to different sensible plaintexts, depending on the key used. This allows the sender to have plausible deniability if compelled to give up his or her encryption key. The notion of "deniable encryption" was used by Julian Assange and Ralf Weinmann in the Rubberhose filesystem and explored in detail in a paper by Ran Canetti, Cynthia Dwork, Moni Naor, and Rafail Ostrovsky in 1996.
You can always devise clever solutions like this. However, it may dramatically increase the length of the string.
As a trivial example, you could make an encryption scheme which takes your messages ("test1", "test2"), encrypts them with each key and concatenate the results, along with the hash of each message and enough message-length information to break the message back into pieces later
Enc(M1, M2, K1, K2) = Concat(Hash(M1), Hash(M2),
Length(Enc(M1, K1)), Enc(M1, K1),
Enc (M2, K2))
For decryption, say with key1, you split the cypher message up, and decrypt both halves with the same key. One of them will produce "test1" and the other will produce gobldygook (beacuse the other half was encrypted with key2). Checking the hashes, you'll confirm that "test1" was decrypted properly.
Interestingly enough, this also permits deniable encryption. If you only have one key, and simply use random data for the "encrypted second message" and a random hash, nobody can prove that there is or is not a key which decrypts the second message.
Myself, I find this sort of pattern more interesting in polyglot language problems. They're not encryption, but they're fun. For example:
(*a/*/ % #)(PostScript)/Helvetica 40 selectfont 9 400 moveto show%v"f"a0
true showpage quit%#) 2>/dev/null;echo bash;exit #*/);int main()/*>"eb"v
%a*0)unless print"perl\n"__END__*/{printf("C\n");/*>>#;"egnu">:#,_@;,,,<
*)begin writeln(*\output={\setbox0=\box255}\eject\shipout\hbox{\TeX}\end
*)('pascal');end.{*/return 0;}
That's a program which can be executed in multiple languages. In each language, it prints out the name of the language:
There's also a fascinating example of a program on PCG which outputs a different number for each of the 65 languages that it can run in! How's that for different keys!
A simple solution is to encrypt the message with a truly random password, then encrypt the random password in as many ways as you wish and store them with the encrypted message.
Suppose you want both Bob and Alice to be able to decode your message. Your ultimate encrypted file would look like:
(real password encrypted for Bob)
(real password encrypted for Alice)
(message encrypted with the real password)
