Journal of Cryptology

, Volume 12, Issue 2, pp 117–139 | Cite as

Translucent Cryptography—An Alternative to Key Escrow, and Its Implementation via Fractional Oblivious Transfer

  • Mihir  Bellare
  • Ronald L. Rivest


We present an alternative to the controversial ``key-escrow'' techniques for enabling law enforcement and national security access to encrypted communications. Our proposal allows such access with probability p for each message, for a parameter p between 0 and 1 to be chosen (say, by Congress) to provide an appropriate balance between concerns for individual privacy, on the one hand, and the need for such access by law enforcement and national security, on the other. (For example, with p=0.4 , a law-enforcement agency conducting an authorized wiretap which records 100 encrypted conversations would expect to be able to decrypt (approximately) 40 of these conversations; the agency would not be able to decrypt the remaining 60 conversations at all.) Our scheme is remarkably simple to implement, as it requires no prior escrowing of keys.

We implement translucent cryptography based on noninteractive oblivious transfer. Extending the schemes of Bellare and Micali [2], who showed how to transfer a message with probability ½, we provide schemes for noninteractive fractional oblivious transfer, which allow a message to be transmitted with any given probability p . Our protocol is based on the Diffie—Hellman assumption and uses just one El Gamal encryption (two exponentiations), regardless of the value of the transfer probability p . This makes the implementation of translucent cryptography competitive, in efficiency of encryption, with current suggestions for software key escrow.

Key words. Key escrow, Translucent, Oblivious transfer, Discrete logarithms, Communications policy. 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Criptologic Research 1999

Authors and Affiliations

  • Mihir  Bellare
    • 1
  • Ronald L. Rivest
    • 2
  1. 1.Department of Computer Science & EngineeringUniversity of CaliforniaSan DiegoU.S.A
  2. 2.Laboratory for Computer Science, Massachusetts Institute of TechnologyCambridgeU.S.A

Personalised recommendations