RSA-Based Auto-recoverable Cryptosystems
نویسندگان
چکیده
The deployment of a “public-key infrastructure” (PKI) has recently started. Another recent concern in business and on the national level is the issue of escrowed encryption, key recovery, and emergency access to information (e.g., in the medical record area). Independent development of a PKI and an escrowed PKI (whenever required or desired) will pose a lot of constraints, duplication efforts and increased costs of the deployment. It will introduce inter-operability issues which will be hard to overcome. Thus, what we advocate here is a joint design of an escrowed PKI and a regular PKI. In this work we develop an approach to such an integrated design. We give the first auto-recoverable systems based on RSA (or factoring), whereas the original auto-recoverable auto-certifiable schemes were based on Discrete Logarithm based keys. The security proof of our system assumes only that RSA is hard, while the original schemes required new specific discrete log based assumptions. We also put forth the notion of “generic” auto-recoverable systems where one can start with an unescrowed user key and then by simply doing “re-registration”, change the key into an escrowed one. In contrast, in the original systems the user keys were tightly connected with the escrow authorities’ key. Besides this novel (re)-registration procedure there are no changes or differences for users between a PKI and a generic auto-recoverable PKI.
منابع مشابه
Auto-Recoverable Cryptosystems with Faster Initialization and the Escrow Hierarchy
In this paper we present a new Auto-Recoverable AutoCertifiable Cryptosystem that is based on an algebraic problem different from the original system (of Eurocrypt’98). Specifically, our new cryptosystem uses generalized ElGamal and RSA. It has the following new advantages: (1) the escrow authority’s key can be set-up much faster than in the original scheme; and (2) It can be used to implement ...
متن کاملQTRU: quaternionic version of the NTRU public-key cryptosystems
In this paper we will construct a lattice-based public-key cryptosystem using non-commutative quaternion algebra, and since its lattice does not fully fit within Circular and Convolutional Modular Lattice (CCML), we prove it is arguably more secure than the existing lattice-based cryptosystems such as NTRU. As in NTRU, the proposed public-key cryptosystem relies for its inherent securi...
متن کاملComparison of two Public Key Cryptosystems
Since the time public-key cryptography was introduced by Diffie andHellman in 1976, numerous public-key algorithms have been proposed. Some of thesealgorithms are insecure and the others that seem secure, many are impractical, eitherthey have too large keys or the cipher text they produce is much longer than theplaintext. This paper focuses on efficient implementation and analysis of two mostpo...
متن کاملTiming Attacks on Implementations of Di e-Hellman, RSA, DSS, and Other Systems
By carefully measuring the amount of time required to perform private key operations, attackers may be able to nd xed Di eHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosys...
متن کاملEfficient elliptic curve exponentiation
Elliptic curve cryptosystems, proposed by Koblitz([8]) and Miller([11]), can be constructed over a smaller definition field than the ElGamal cryptosystems([5]) or the RSA cryptosystems([16]). This is why elliptic curve cryptosystems have begun to attract notice. There are mainly two types in elliptic curve cryptosystems, elliptic curves E over IF2r and E over IFp. Some current systems based on ...
متن کامل