Fair Encryption of RSA Keys
Cryptography is more and more concerned with elaborate protocols involving many participants. In some cases, it is crucial to be sure that players behave fairly especially when they use public key encryption. Accordingly, mechanisms are needed to check the correctness of encrypted data, without compromising secrecy. We consider an optimistic scenario in which users have pairs of public and private keys and give an encryption of their secret key with the public key of a third party. In this setting we wish to provide a publicly verifiable proof that the third party is able to recover the secret key if needed. Our emphasis is on size; we believe that the proof should be of the same length as the original key.
In this paper, we propose such proofs of fair encryption for El Gamal and RSA keys, using the Paillier cryptosystem. Our proofs are really efficient since in practical terms they are only a few hundred bytes long. As an application, we design a very simple and efficient key recovery system.
KeywordsDiscrete Logarithm Security Parameter Choose Ciphertext Attack Random Tape Cheat Strategy
- 2.F. Bao. An Efficient Verifiable Encryption Scheme for Encryption of Discrete Logarithms. In CARDIS’ 98, 1998.Google Scholar
- 3.J. Benaloh. Verifiable Secret-Ballot Elections. PhD thesis, Yale University, 1987. Available from http://research.microsoft.com/~benaloh.
- 6.J. Camenisch and M. Michels. A Group Signature Scheme with Improved Efficiency. In Asiacrypt’ 98, LNCS 1514. Springer-Verlag, 1998.Google Scholar
- 7.J. Camenisch and M. Michels. Proving in Zero-Knowledge That a Number Is the Product of Two Safe Primes. In Eurocrypt’ 99, LNCS 1592, pages 107–122. Springer-Verlag, 1999.Google Scholar
- 9.H. Cohen. A Course in Computational Algebraic Number Theory. Graduate Texts in Mathematics 138. Springer-Verlag, 1993.Google Scholar
- 10.A. Fiat and A. Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In Crypto’ 86, LNCS 263, pages 186–194. Springer-Verlag, 1987.Google Scholar
- 11.PA. Fouque, G. Poupard, and J. Stern. Sharing Decryption in the Context of Voting or Lotteries. In Financial Cryptography 2000, LNCS. Springer-Verlag, 2000.Google Scholar
- 13.M. Girault. Self-certified public keys. In Eurocrypt’ 91, LNCS 547, pages 490–497. Springer-Verlag, 1992.Google Scholar
- 14.M. Girault and J. Stern. On the Length of Cryptographic Hash-Values used in Identification Schemes. In Crypto’ 94, LNCS 839, pages 202–215. Springer-Verlag, 1994.Google Scholar
- 15.S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28, 1984.Google Scholar
- 16.J. Kilian and F.T. Leighton. Fair Cryptosystems Revisited. In Crypto’ 95, LNCS 963, pages 208–221. Springer-Verlag, 1995.Google Scholar
- 17.D. Naccache and J. Stern. A New Public Key Cryptosystem Based on Higher Residues. In Proc. of the 5th ACM-CCS, pages 59–66. ACM press, 1998.Google Scholar
- 19.P. Paillier. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In Eurocrypt’ 99, LNCS 1592, pages 223–238. Springer-Verlag, 1999.Google Scholar
- 20.D. Pointcheval and J. Stern. Security Proofs for Signature Schemes. In Eurocrypt’ 96, LNCS 1070, pages 387–398. Springer-Verlag, 1996.Google Scholar
- 23.G. Poupard and J. Stern. Short Proofs of Knowledge for Factoring. In Proceedings of PKC2000, LNCS 1751, pages 147–166. Springer-Verlag, 2000.Google Scholar
- 26.P. C. van Oorschot and M. J. Wiener. On Diffie-Hellman Key Agreement with Short Exponents. In Eurocrypt’ 96, LNCS 1070, pages 332–343. Springer-Verlag, 1996.Google Scholar
- 27.E. Verheul. Certificates of Recoverability with Scaleable Recovery Agent Security. In Proceedings of PKC2000, LNCS 1751. Springer-Verlag, 2000.Google Scholar
- 28.E. Verheul and H. van Tilborg. Binding ElGamal: A Fraud-Detectable Alternative to Key-Escrow Proposals. In Eurocrypt’ 97, LNCS 1233, pages 119–133. Springer-Verlag, 1997.Google Scholar
- 30.A. Young and M. Yung. RSA-based Auto-Recoverable Cryptosystems. In Proceedings of PKC2000, LNCS 1751. Springer-Verlag, 2000.Google Scholar