Abstract
In this paper we survey the recent work on Auto-Recoverable Auto-Certifiable Cryptosystems. This notion has been put forth to solve the “software key escrow” problem in an efficient manner within the context of a Pubic Key Infrastructure (PKI). This survey presents the exact specification of the problem which is based on what software key escrow can hope to achieve. The specification attempts to separate the truly difficult technical issues in the area from the ones that are only seemingly difficult. We then review the work in Eurocrypt ’98 and PKC ’99, which gives an efficient reduction to a software key escrow system from a certified public key system (PKI). Namely, we show how to construct an escrowed PKI for essentially the same cost and effort required for a regular PKI. More specifically, the schemes presented are as efficient for users to use as a PKI, do not require tamper-resistant hardware (i.e., they can be distributed in software to users), and the schemes are shadow public key resistant as defined in Crypto ’95 by Kilian and Leighton (namely, they do not allow the users to publish public keys other then the ones certified). The schemes enable the efficient verification of the fact that a given user’s private key is escrowed properly. They allow the safe and efficient recovery of keys (and plaintext messages) which is typical in emergency situations such as in the medical area, in secure file systems, and in criminal investigations. We comment that we do not advocate nor deal with the policy issues regarding the need of governments to control access to messages; our motivation is highly technical: in cases that escrow is required or needed we would like to minimize its effect on the overall PKI deployment. We then briefly mention forthcoming developments in the area which include further flexibility/compatibility requirements for auto-recoverable cryptosystems, as well as design of such systems which are based on traditional public key methods (RSA and discrete logs).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
M. Bellare, S. Goldwasser. Verifiable Partial Key Escrow. In ACM CCCS’ 97.
D. Boneh, M. Franklin. Efficient Generation of Shared RSA Keys. In Advances in Cryptology—CRYPTO’ 97, 1997. Springer-Verlag.
A. De Santis, Y. Desmedt, Y. Frankel, M. Yung. How to Share a Function Securely. In ACM Symp. on Theory of Computing, pages 522–533, 1994.
W. Diffie, M. Hellman. New Directions in Cryptography. In volume IT-22, n. 6 of IEEE Transactions on Information Theory, pages 644–654, Nov. 1976.
T. ElGamal. A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In CRYPTO’ 84, pages 10–18.
Y. Frankel, Y. Desmedt. Threshold Cryptosystems. In CRYPTO’ 89, pages 307–315.
A. Fiat, A. Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In CRYPTO’ 86, pages 186–194.
Y. Frankel, M. Yung. Escrow Encryption Systems Visited: Attacks, Analysis and Designs. In CRYPTO’ 95, pages 222–235
Y. Frankel, M. Yung. On characterization of Escrow Encryption Schemes. In ICALP’ 97.
Z. Galil, S. Haber, M. Yung. Symmetric public-key encryption. In CRYPTO’ 85, pages 128–137. 1985.
H. Abelson, R. Anderson, S. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, P. Neumann, R. Rivest, J. Schiller, B. Schneier. The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption. available at http://www.crypto.com/key_study
J. Kilian and F.T. Leighton. Fair Cryptosystems Revisited. In CRYPTO’ 95, pages 208–221, 1995. Springer-Verlag.
L. Kohnfelder. A Method for Certification. MIT Lab. for Computer Science, Cambridge Mass., May 1978.
A. Lenstra, P. Winkler, Y. Yacobi. A Key Escrow System with Warrant Bounds. In CRYPTO’ 95, pages 197–207, 1995.
S. Micali. Fair Public-Key Cryptosystems. In CRYPTO’ 92, pages 113–138, 1992. Springer-Verlag.
B. Pfitzmann, M. Waidner. How to Break “Fraud-Detectable Key Escrow”. Eurocrypt’ 97 rump session.
K. R. Rosen. Elementary Number Theory and its Applications. 3rd edition, Theorem 8.14, page 295, 1993. Addison Wesley.
M. Stadler. Publicly Verifiable Secret Sharing. In Eurocrypt’ 96, pages 190–199, 1996. Springer-Verlag.
H. Tiersma. Unbinding ElGamal-An Alternative to Key-escrow? Eurocrypt’ 97 rump session.
E. Verheul, H. van Tilborg. Binding ElGamal: A Fraud-Detectable Alternative to Key-Escrow Proposals. In Eurocrypt’ 97, pages 119–133, 1997.
A. Young, M. Yung. The Dark Side of Black-Box Cryptography. In CRYPTO’ 96, pages 89–103
A. Young, M. Yung. Kleptography: Using Cryptography against Cryptography. In Eurocrypt’ 97, pages 62–74.
A. Young, M. Yung. The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems. In CRYPTO’ 97, pages 264–276. Springer-Verlag.
A. Young, M. Yung. Auto-Recoverable and Auto-Certifiable Cryptosystems. In Advances in Cryptology—Eurocrypt’ 98.
A. Young, M. Yung. Auto-Recoverable Cryptosystems with Faster Initialization and The Escrow Hierarchy. In PKC’ 99.
A. Young, M. Yung. manuscript (available from authors).
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Young, A., Yung, M. (1999). Auto-recoverable Auto-certifiable Cryptosystems. In: Secure Networking — CQRE [Secure] ’ 99. CQRE 1999. Lecture Notes in Computer Science, vol 1740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46701-7_18
Download citation
DOI: https://doi.org/10.1007/3-540-46701-7_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66800-8
Online ISBN: 978-3-540-46701-4
eBook Packages: Springer Book Archive