Failsafe Key Escrow (Extended Abstract)

نویسندگان

  • Joseph Kilian
  • Tom Leighton
چکیده

\Fair" Public Key Cryptosystems (FPKCs) have recently been proposed as a method for providing secure escrowing of keys without relying on special purpose hardware. In a fair public key cryptosystem, the cryptosystem users are allowed to choose their own public and private keys, but they must share their secret keys with a group of trustees (escrow agencies) in a manner that allows the trustees to reconstruct the secret key of any user in the event of a court order. The United States Government has recently acquired a license to Fair cryptosystem technology from Silvio Micali. The claimed advantage of the Micali FPKC over alternative approaches to key escrow is that the user in the Micali system is supposedly assured that his or her secret key will remain protected (unless the trustees collaborate to reconstruct the secret key), and the government is supposedly assured that criminals will not be able to abuse the escrow system in a manner that prevents government deciphering of wiretapped communications. In this paper, we expose a serious weakness in the Micali FPKC which allows criminals to abuse the system in precisely the manner which is not supposed to be possible. In particular, we show that the FPKC is subject to the sorts of subliminal key attacks discovered by Simmons and Desmedt in the 1980s [7, 17, 18, 19]. As a consequence, we show how a government-sanctioned FPKC as envisioned by Micali can be subverted by criminals to form a \shadow" public key cryptosystem that is untappable by the government. In some cases, the shadow cryptosystem is even more secure against the government than the original cryptosystem is against nongovernmental adversaries. Even if the shadow cryptosystem is run using only public knowledge and even if the government is fully aware of the workings of the shadow cryptosystem, there is no obvious way that the shadow system can be thwarted by the government. In the paper, we also describe a new approach to key escrow that we call Failsafe Key Escrow. The Failsafe approach is characterized by the use of government-user interaction to select the secret and public keys of each user. Failsafe key escrow has all the supposed advantages of Micali's FPKC, along with a formalizable guarantee that the system cannot be abused by criminals. The Failsafe method also guarantees the government that every user's secret key will be secure even if the user selects his or her portion of the secret key poorly (e.g., by using one's birthday instead of a random number). Finally, the method can be adapted for use with any of the commonly-cited cryptosystems, and it is particularly well suited for use in escrowing DSS keys.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Failsafe Key Escrow Systems Extended Abstract

This paper describes a method for escrowing cryptographic keys, which we call Failsafe Key Escrow (FKE). The method is substantially more secure than alternatives such as the Fair Public Key Cryptosystem approach advocated by Micali, and it is particularly well suited for use in escrowing DSS keys.

متن کامل

Equitable Key Escrow with Limited Time Span or How to Enforce Time Expiration Cryptographically Extended Abstract

With equitable key escrow the control of society over the in dividual and the control of the individual over society are shared fairly In particular the control is limited to speci ed time periods We con sider two applications time controlled key escrow and time controlled auctions with closed bids In the rst the individual cannot be targeted outside the period authorized by the court In the se...

متن کامل

Key Recovery: Inert and Public

We propose a public key infrastructure framework, inspired by modern distributed cryptocurrencies, that allows for tunable key escrow, where the availability of key escrow is only provided under strict conditions and enforced through cryptographic measures. We argue that any key escrow scheme designed for the global scale must be both inert — requiring considerable effort to recover a key — and...

متن کامل

An efficient certificateless two-party authenticated key agreement protocol

Due to avoiding the key escrow problem in the identity-based cryptosystem, certificateless public key cryptosystem (CLPKC) has received a significant attention. As an important part of the CLPKC, the certificateless authenticated key agreement (CLAKA) protocol also received considerable attention. Most CLAKA protocols are built from bilinear mappings on elliptic curves which need costly operati...

متن کامل

New ID-Based Threshold Signature Scheme from Bilinear Pairings

ID-based public key systems allow the user to use his/her identity as the public key, which can simplify key management procedure compared with CA-based public key systems. However, there is an inherent disadvantage in such systems: the problem of private key escrow, i.e., the “trusted” Private Key Generator (PKG) can easily impersonate any user at any time without being detected. Although the ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1994