A key escrow system with protecting user's privacy by blind decoding

  • Kouichi Sakuraii
  • Yoshinori Yamane
  • Shingo Miyazaki
  • Tohru Inoue
Key Management
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1396)


We propose a new key recovery system with satisfying the following properties:
  1. 1.

    The court-authorized eavesdropping by the investigator is limited both in tapping time and in tapped conversation.

  2. 2.

    Trustees, who are cooperating with the investigator to eavesdrop a user's communication, cannot know whom the investigator is intercepting.

  3. 3.

    No investigator can obtain illegally the secret key of users against which no legitimate court order has been issued.


Our system utilizes the blind decoding: a client has a message encrypted with a server's secret key and the client asks the server to decode the message without revealing what is the decoded plaintext nor learning the server's secret key. Our system also introduces two agencies besides the trustees. These are related to the mechanism of registering users and of distributing the user's escrowed keys, named “Key Producer,” and “Registration Center.“ Our system can be implemented by using only the discrete-log based cryptosystems (the Diffie-Hellman and the ElGamal).


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AN95]
    R.J.Anderson and R.Needham, “Robustness principles for public key protocols,” Proc. CRYPTO'95, pp.236–247 (1996).Google Scholar
  2. [BDKMT93]
    E. F. Brickell, D. E. Denning, S. T. Kent, D. P. Maher, W. Tuchman, “SKIPJACK Review Interim Report,” July 28 (1993).Google Scholar
  3. [BGK95]
    E. F. Brickell, P. Gemmell, and D. Kravitz, “Trustee-based tracing extensions to anonymous cash and the making of anonymous change“ Proc. SODA'95. pp.457–466 (1995).Google Scholar
  4. [BELW94]
    D. M. Balenson, C. M. Ellison, S. B. Lipner, S. T. Walker, “A New Approach to Software Key Escrow Encryption,” Trusted Information Systems, Inc., (1994). (also in [Hof95]).Google Scholar
  5. [BKOSW94]
    T. Beth, H. J. Knobloch, M. Otten, G. J. Simmons, P. Wichmann, “Towards Acceptable Key Escrow Systems,” Proc. of The 2nd ACM Conf. on Computer and Communications Security, pp.51–58 (1994).Google Scholar
  6. [Bla94]
    M. Blaze, “Protocol Failure in the Escrowed Encryption Standard,” In the Proceedings of The 2nd ACM Conference on Computer and Communications Security, November 1994,59–67. (also in [Hof95]) August 20, (1994).Google Scholar
  7. [CBHMS89]
    D. Chaum, B. den Boer, E. van Heyst, S. Mjolsners, A. Steenbeek, “Efficient Offline Electronic Checks, Advances in Cryptology, Eurocrypt '89, LNCS 434, Springer Verlag, pp.294–301.Google Scholar
  8. [Cha82]
    D. Chaum, “Blind Signatures for untraceable payments,” Advances in Cryptology Proceedings of Crypto '82, (1983).Google Scholar
  9. [CP92]
    D. Chaum and T. Pederson, “Wallet databases with observers,” Advances in Cryptology — CRYPTO'92, (1993) pp.89–105.Google Scholar
  10. [CPS94]
    J. L. Camenisch, J.-M. Piveteau, M. A. Stadler, “Blind signatures Based on the Discrete Logarithm Problem,” Advances in Cryptology — EUROCRYPT '94, (1994).Google Scholar
  11. [CvA89]
    D. Chaum, H. van Antwerpen, “Undeniable Signatures,” Advances in Cryptology-CRYPTO '89, (1989).Google Scholar
  12. [DH76]
    Diffie, W. and Hellman, M.E., “New Directions in Cryptography,” IEEE Trans. Inf. Theory, IT-22, 6, pp.644–654 (1976).Google Scholar
  13. [Diff94]
    Diffie, W. presented in Proc. of E.I.S.S. Workshop on Escrowed-Key Cryptography Edi. by Beth and Otten (1994).Google Scholar
  14. [DS94]
    D. E. Denning, M. Smid, “Key Escrowing Today,” IEEE Communications Magazine, Vol.32, No.9 (Sept.1994), pp.58–68.Google Scholar
  15. [ElG85]
    T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Trans. on IT, 31, pp.469–472 (1985).Google Scholar
  16. [Fel87]
    P.Feldman, “A practical scheme for non-interactive verifiable secret sharing,” Proc. IEEE FOCS97 pp.427–437.Google Scholar
  17. [FY95]
    Y.Frankel, and M.Yung, “Escrow Encryption Systems Visited: Attacks, Analysis, and Designs,” Advances in Cryptology-CRYPTO '95, (1995).Google Scholar
  18. [HMP95]
    P. Horster, M. Michels, H. Peterson, “A new key escrow system with active investigator,” Technical Report, TR-95-4-F, University of Technology Chemnitz-Zwickau, April 18, (1995).Google Scholar
  19. [Hof95]
    L. J. Hoffman ed, Building in Big Brothers: the cryptographic policy debate, Springer Verlag, (1995).Google Scholar
  20. [Kob87]
    N. Koblitz, “Elliptic curve cryptosystems,” Math. Comp., vol.48, No.177, pp.203–209 (1987).Google Scholar
  21. [LWY95]
    A.K.Lenstra, P.Winkler, Y.Yacobi, “A key escrow system with warrant bounds,” Advances in Cryptology-CRYPTO '95, (1995), pp.197–207.Google Scholar
  22. [MOS96]
    M.Mambo, E.Okamoto, and K.Sakurai, “How to utilize the transformability of digital signatures for solving the oracle problem,” Advances in Cryptology-ASIACRTPT '96, (1996), pp.322–333.Google Scholar
  23. [Mic92]
    S. Micali, “Fair public key cryptosystems,” Laboratory for Computer Science, Massachusetts Institute of Technology, Cambridge, Mass.; MIT/ LCS/ TR-579.b; November (1993). (also in [Hof95])Google Scholar
  24. [Mil85]
    V. S. Miller, “Use of elliptic curves in cryptography,” Proc. of CRYPTO'85, pp. 417–426 (1985).Google Scholar
  25. [Ped91]
    T.P.Pedersen, “Distributed Provers with Applications to Undeniable Signatures,” Advances in Cryptology-EUROCRYPT'91, pp.221–242, (1991).Google Scholar
  26. [RSA78]
    R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public key cryptosystems,” Comm. ACM, 21, pp.120–126 (1978).Google Scholar
  27. [Sam97]
    Y. Sameshima, “A Key Escrow System of the RSA cryptosystem,” PreProceedings of 1997 Information Security Workshop, pp. 75–85 (1997).Google Scholar
  28. [SRA79]
    A. Shamir, L. Rivest, and L. Adleman, “Mental Poker,” MIT/LCS, TM-125 (1979).Google Scholar
  29. [SY96]
    K.Sakurai, and Y.Yamane, “Blind decoding, blind undeniable signatures, and their applications to privacy protection,” Proc. 1st Information Hiding Workshop, Cambridge, U.K. Springer LNCS 1174 (1996), pp.257–264.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Kouichi Sakuraii
    • 1
  • Yoshinori Yamane
    • 1
  • Shingo Miyazaki
    • 1
  • Tohru Inoue
    • 2
  1. 1.Dept. of Computer ScienceKyushu UniversityFukuokaJapan
  2. 2.Advanced Mobile Telecomm.Security Tech. Research Lab. Co., Ltd.Yokonaha, KanagawaJapan

Personalised recommendations