École normale supérieure LIENS – École Doctorale de Sciences Mathématiques de Paris Centre Reducing The Need For Trusted Parties In Cryptography

Trusted parties are fundamental for the establishment of secure communication among users. Such is the case, for example, when establishing a trusted relationship between users and certain public information in a public-key infrastructure for public-key encryption and signature schemes or when storing high-entropy secret keys in a cryptographic device. Clearly, if the trusted party misbehaves in either of these situations, then the overall security of the scheme or protocol in which we are interested can be adversely affected. There are several ways in which one can try to reduce the amount of trust in third parties, such as making the task of recovering the secret key harder for the adversary, as in distributed cryptosystems or minimizing the damage caused by secret-key exposures, as in forward-secure and intrusion-resilient cryptosystems. In this thesis, we consider two additional methods. The first one, which goes by the name of password-based key exchange, is to assume that the secret keys used in authenticated key exchange protocols have low entropy and do not need to be stored in a cryptographic device. In spite of the low entropy of secret keys, such protocols can still provide a level of assurance which may be sufficient for most applications. The second method for reducing the amount of trust in third parties is to use an identitybased cryptosystem, in which the public key of a user can be an arbitrary string such as an email address. As identity-based cryptosystems provide collusion resistance, they can also be used to lessen the damage caused by secret-key exposures by generating independent secret keys for different time periods or devices. Moreover, identity-based cryptosystems can allow users to have a more fine-grained control over the decryption capabilities of third parties, further limiting the harmful consequences due to their misbehavior.