A key escrow system with protecting user's privacy by blind decoding
The court-authorized eavesdropping by the investigator is limited both in tapping time and in tapped conversation.
Trustees, who are cooperating with the investigator to eavesdrop a user's communication, cannot know whom the investigator is intercepting.
No investigator can obtain illegally the secret key of users against which no legitimate court order has been issued.
Our system utilizes the blind decoding: a client has a message encrypted with a server's secret key and the client asks the server to decode the message without revealing what is the decoded plaintext nor learning the server's secret key. Our system also introduces two agencies besides the trustees. These are related to the mechanism of registering users and of distributing the user's escrowed keys, named “Key Producer,” and “Registration Center.“ Our system can be implemented by using only the discrete-log based cryptosystems (the Diffie-Hellman and the ElGamal).
Unable to display preview. Download preview PDF.
- [AN95]R.J.Anderson and R.Needham, “Robustness principles for public key protocols,” Proc. CRYPTO'95, pp.236–247 (1996).Google Scholar
- [BDKMT93]E. F. Brickell, D. E. Denning, S. T. Kent, D. P. Maher, W. Tuchman, “SKIPJACK Review Interim Report,” July 28 (1993).Google Scholar
- [BGK95]E. F. Brickell, P. Gemmell, and D. Kravitz, “Trustee-based tracing extensions to anonymous cash and the making of anonymous change“ Proc. SODA'95. pp.457–466 (1995).Google Scholar
- [BELW94]D. M. Balenson, C. M. Ellison, S. B. Lipner, S. T. Walker, “A New Approach to Software Key Escrow Encryption,” Trusted Information Systems, Inc., (1994). (also in [Hof95]).Google Scholar
- [BKOSW94]T. Beth, H. J. Knobloch, M. Otten, G. J. Simmons, P. Wichmann, “Towards Acceptable Key Escrow Systems,” Proc. of The 2nd ACM Conf. on Computer and Communications Security, pp.51–58 (1994).Google Scholar
- [Bla94]M. Blaze, “Protocol Failure in the Escrowed Encryption Standard,” In the Proceedings of The 2nd ACM Conference on Computer and Communications Security, November 1994,59–67. (also in [Hof95]) August 20, (1994).Google Scholar
- [CBHMS89]D. Chaum, B. den Boer, E. van Heyst, S. Mjolsners, A. Steenbeek, “Efficient Offline Electronic Checks, Advances in Cryptology, Eurocrypt '89, LNCS 434, Springer Verlag, pp.294–301.Google Scholar
- [Cha82]D. Chaum, “Blind Signatures for untraceable payments,” Advances in Cryptology Proceedings of Crypto '82, (1983).Google Scholar
- [CP92]D. Chaum and T. Pederson, “Wallet databases with observers,” Advances in Cryptology — CRYPTO'92, (1993) pp.89–105.Google Scholar
- [CPS94]J. L. Camenisch, J.-M. Piveteau, M. A. Stadler, “Blind signatures Based on the Discrete Logarithm Problem,” Advances in Cryptology — EUROCRYPT '94, (1994).Google Scholar
- [CvA89]D. Chaum, H. van Antwerpen, “Undeniable Signatures,” Advances in Cryptology-CRYPTO '89, (1989).Google Scholar
- [DH76]Diffie, W. and Hellman, M.E., “New Directions in Cryptography,” IEEE Trans. Inf. Theory, IT-22, 6, pp.644–654 (1976).Google Scholar
- [Diff94]Diffie, W. presented in Proc. of E.I.S.S. Workshop on Escrowed-Key Cryptography Edi. by Beth and Otten (1994).Google Scholar
- [DS94]D. E. Denning, M. Smid, “Key Escrowing Today,” IEEE Communications Magazine, Vol.32, No.9 (Sept.1994), pp.58–68.Google Scholar
- [ElG85]T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Trans. on IT, 31, pp.469–472 (1985).Google Scholar
- [Fel87]P.Feldman, “A practical scheme for non-interactive verifiable secret sharing,” Proc. IEEE FOCS97 pp.427–437.Google Scholar
- [FY95]Y.Frankel, and M.Yung, “Escrow Encryption Systems Visited: Attacks, Analysis, and Designs,” Advances in Cryptology-CRYPTO '95, (1995).Google Scholar
- [HMP95]P. Horster, M. Michels, H. Peterson, “A new key escrow system with active investigator,” Technical Report, TR-95-4-F, University of Technology Chemnitz-Zwickau, April 18, (1995).Google Scholar
- [Hof95]L. J. Hoffman ed, Building in Big Brothers: the cryptographic policy debate, Springer Verlag, (1995).Google Scholar
- [Kob87]N. Koblitz, “Elliptic curve cryptosystems,” Math. Comp., vol.48, No.177, pp.203–209 (1987).Google Scholar
- [LWY95]A.K.Lenstra, P.Winkler, Y.Yacobi, “A key escrow system with warrant bounds,” Advances in Cryptology-CRYPTO '95, (1995), pp.197–207.Google Scholar
- [MOS96]M.Mambo, E.Okamoto, and K.Sakurai, “How to utilize the transformability of digital signatures for solving the oracle problem,” Advances in Cryptology-ASIACRTPT '96, (1996), pp.322–333.Google Scholar
- [Mic92]S. Micali, “Fair public key cryptosystems,” Laboratory for Computer Science, Massachusetts Institute of Technology, Cambridge, Mass.; MIT/ LCS/ TR-579.b; November (1993). (also in [Hof95])Google Scholar
- [Mil85]V. S. Miller, “Use of elliptic curves in cryptography,” Proc. of CRYPTO'85, pp. 417–426 (1985).Google Scholar
- [Ped91]T.P.Pedersen, “Distributed Provers with Applications to Undeniable Signatures,” Advances in Cryptology-EUROCRYPT'91, pp.221–242, (1991).Google Scholar
- [RSA78]R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public key cryptosystems,” Comm. ACM, 21, pp.120–126 (1978).Google Scholar
- [Sam97]Y. Sameshima, “A Key Escrow System of the RSA cryptosystem,” PreProceedings of 1997 Information Security Workshop, pp. 75–85 (1997).Google Scholar
- [SRA79]A. Shamir, L. Rivest, and L. Adleman, “Mental Poker,” MIT/LCS, TM-125 (1979).Google Scholar
- [SY96]K.Sakurai, and Y.Yamane, “Blind decoding, blind undeniable signatures, and their applications to privacy protection,” Proc. 1st Information Hiding Workshop, Cambridge, U.K. Springer LNCS 1174 (1996), pp.257–264.Google Scholar