A Timed-Release Key Management Scheme for Backward Recovery
The timed-release encryption scheme is to encrypt a message so that a ciphertext can be decrypted when specific time in the future comes. Recently, interesting constructions of the timed-release encryption scheme have been proposed. The central concept of the constructions is a public agent which periodically broadcasts self-authenticated time information, called a time token. A time token contains absolute time information such as “08:09AM Dec. 1, 2005 GMT.” A sender encrypts a message so that a receiver of the ciphertext can generate a decryption key from a time token of the designated release time. Although the constructions have many advantages, resilience to missing time tokens is not still satisfactory since a time token can be used only for computing a decryption key of the corresponding time. A promising approach is to construct decryption keys so that a decryption key (e.g., of 08:09AM) can be computed not only from the corresponding time token but also from decryption keys of later time instants (e.g., 08:10AM, 08:11AM and so on). A trivial construction to realize such backward recovery is to use keys, which constitute a hash chain, for encrypting messages and encrypt these keys by using the timed-release encryption scheme. This construction is simple but requires the overhead of encryption. To reduce the overhead, this paper introduces a timed-release key management scheme in which decryption keys are related so that the backward property is provided. The feature is that a sender can choose freely and flexibly the time instants of which decryption keys have the backward property. The paper also gives an efficient construction based on a bilinear map.
KeywordsTime Server Hash Function Time Instant Previous Construction Hash Chain
Unable to display preview. Download preview PDF.
- 1.Bellare, M., Goldwasser, S.: Encapsulated Key-Escrow. MIT LCS Tech. Report MIT/LCS/TR-688 (1996)Google Scholar
- 3.Blake, I.F., Chan, A.C.-F.: Scalable, Server-Passive, User Anonymous Timed Release Public Key Encryption from Bilinear Pairing (2004), http://eprint.iacr.org/2004/211/
- 7.Goldwasser, S., Bellare, M.: Lecture Notes on Cryptography (2001), http://www.cs.ucsd.edu/users/mihir/papers/gb.pdf
- 12.May, T.: Timed-Release Crypto (1992), http://www.hks.net.c.punks/cpunks-0/1560.html
- 13.Mont, M.C., Harrison, K., Sadler, M.: The HP Time Vault Service: Innovating the Way Confidential Information is Disclosed at the Right Time. HP Lab. Report HPL-2002-243 (2002)Google Scholar
- 14.Mitsunari, S., Sakai, R., Kasahara, M.: A New Traitor Tracing. IEICE Trans. Fundamentals E85-A(2), 481–484 (2002)Google Scholar
- 16.Osipkov, I., Kim, Y., Cheon, J.H.: New Approaches to Timed-Release Cryptography (2004), http://eprint.iacr.org/2004/231/
- 18.Rivest, R.L., Shamir, A., Wagner, D.A.: Time-Lock Puzzles and Timed-Release Crypto. MIT LCS Tech. Report MIT/LCS/TR-684 (1996)Google Scholar
- 19.Yoshida, M., Mitsunari, S.: A Time-Capsule Encryption. the IPAX Autumn 2004 (oral presentation) (in Japanese) (2004), http://homepage1.nifty.com/herumi/mtt/time-capsule.20040909.ppt