We introduce the concept of escrowed identity, an application of key-escrow ideas to the problem of authentication. In escrowed identity, one party A does not give his identity to another party B, but rather gives him information that would allow an authorized third party E to determine A's identity. However, B receives a guarantee that E can indeed determine A's identity. We consider a number of possible features of escrowed identity schemes, and describe a variety of implementations that achieve various subsets of these features. In particular, we observe that group signature schemes can be used to escrow identities, achieving most (though not all) of the desired features.
The most interesting feature we consider is separability. The escrow agency is not involved in the day to day operation of the identification system, but is only called in when anonymity must be revoked. In the extreme case, there exist identity escrow schemes in which an arbitrary party (possessing a public key) can be designated an escrow agent without any knowledge or participation on their part until they are asked to revoke someone's anonymity.
- Encryption Scheme
- Signature Scheme
- Group Manager
- Argument Framework
- Supposed Relation
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Work done while at DIMACS.
Asokan, Shoup and Waidner. Optimistic Fair Exchange of Digital Signatures. IBM Research Report RZ2973, November 17, 1997.
M. Bellare and S. Goldwasser. Verifiable partial key escrow. Proceedings of the Fourth Annual Conference on Computer and Communications Security, ACM, 1997. Preliminary version appeared as Technical Report CS95-447, Dept. of CS and Engineering, UCSD, October 1995.
M. Bellare and S. Goldwasser. Encapsulated key escrow. MIT Laboratory for Computer Science Technical Report 688, April 1996.
M. Ben-Or, S. Goldwasser and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computations. In Proc. of the 20th Annu. Symposium on the Theory of Computing, pages 1–10, 1988.
E. Brickell, P. Gemmel and D. Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Proc. 6th Symposium on Discrete Algorithms, 1995, pp. 457–466
D. Boneh and M. Franklin. Efficient generation of shared RSA keys. Advances in Cryptology — CRYPTO '97 Proceedings, pp. 425–439. Lecture notes in Computer Science #1294, Springer Verlag, Berlin, 1997.
G. Brassard, D. Chaum and C. Crépeau. Minimum Disclosure Proofs of Knowledge. In JCSS, pages 156–189. 1988.
D. Chaum, C. Crepau, and I. Dåmgard. Multiparty unconditionally secure protocols. In Proc. of the 20th Annu. ACM Symp. on the Theory of Computing, pages 11–19, 1988.
R. Cramer, I. Damgård and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. Advances in Cryptology — CRYPTO '94 Proceedings, pp. 174–187. Lecture Notes in Computer Science #839, Berlin: Springer-Verlag, 1994.
Camenisch. Efficient and generalized group signatures. Advances in Cryptology — EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science, pages 465–479. Springer Verlag, 1997.
J. Camenisch and M. Stadler. Efficient Group Signature Schemes for Large Groups. Advances in Cryptology — CRYPTO '97 Proceedings, pp. 410–424. Lecture notes in Computer Science #1294, Springer Verlag, Berlin, 1997.
D. Chaum and E. van Heyst. Group signatures. Advances in Cryptology — EUROCRYPT '91, volume 547 of Lecture Notes in Computer Science, pages 257–265. SpringerVerlag, 1991.
L. Chen and T. P. Pedersen. New group signature schemes. Advances in Cryptology — EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 171–181. SpringerVerlag, 1995.
I. Dåmgard, T. Pedersen and B. Pfitzmann. On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures. Advances in Cryptology — CRYPTO '93 Proceedings, pp. 250–265. Lecture Notes in Computer Science #773, Berlin: Springer-Verlag, 1994.
Yvo Desmedt and Yair Frankel. Theshold cryptosystems. Advances in Cryptology — CRYPTO '89 Proceedings, pp. 307–315. Berlin: Springer-Verlag, 1990.
T. El Gamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. Advances in Cryptology — CRYPTO '89 Proceedings, pp. 10–18. Berlin: Springer-Verlag, 1985.
Y. Frankel, Y. Tsiounis and M. Yung. “Indirect Discourse Proofs”: Achieving Efficient Fair Off-Line E-Cash. Advances in Cryptology-ASIACRYPT '96 proceedings, pp. 286–300. Lecture Notes in Computer Science #1163. Springer-Verlag, 19851996.
Y. Frankel and M. Yung. Escrow Encryption Systems Visited: Attacks, Analysis and Designs. Advances in Cryptology — CRYPTO '95 Proceedings, Berlin: Springer-Verlag, 1995.
S. Goldwasser and S. Micali. Probabilistic Encryption. In JCSS Vol 28(2), pages 270–299, 1984.
J. Kilian and E. Petrank. Identity Escrow. Theory of Cryptography Library, ftp://theory.lcs.mit.edu/pub/tcryptol/97-11.p8, August 1997.
J. Kilian and F. T. Leighton. Fair Cryptosystems, Revisited. Advances in Cryptology — CRYPTO '95 Proceedings, Berlin: Springer-Verlag, 1995.
F. T. Leighton. Failsafe key escrow systems. Technical Memo 483, MIT Lab. for Computer Science, August 1994.
A. Lenstra, P. Winkler and Y. Yacobi. A Key Escrow System with Warrant Bounds. Advances in Cryptology — CRYPTO '95 Proceedings, Berlin: Springer-Verlag, 1995.
S. Micali Fair public-key cryptosystems. Advances in Cryptology — CRYPTO '92 Proceedings, Berlin: Springer-Verlag, 1993.
S. Micali. Fair public-key cryptosystems. Technical Report 579, MIT Lab. for Computer Science, September 1993.
S. Micali. Certified E-Mail With Invisible Post Offices. Talk at Workshop on Secure Computation, Weizmann Institute, June, 1998.
S. Micali and R. Sydney. A Simple Method for Generating and Sharing Pseudo-Random Functions, with Applications to Clipper-like Key Escrow Systems. Advances in Cryptology — CRYPTO '95 Proceedings, Berlin: Springer-Verlag, 1995.
H. Petersen. How to convert any digital signature scheme into a group signature scheme. Security Protocols Workshop, Paris, 1997.
J. Camenisch, U. Maurer, and M. Stadler. Digital payment systems with passive anonymityrevoking trustees. In proceedings, ESORICS: European Symposium on Research in Computer Security”, Springer-Verlag, 1996.
A. De Santis, Y. Desmedt, Y. Frankel and M. Yung. How to Share a Function Securely (Extended Summary). Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, pp. 522–533, Montréal, Québec, May 23–25, 1994.
Schneier, B. (1993). Applied Cryptography. John Wiley.
M. Stadler, J.-M. Piveteau and J. Camenisch Fair blind signatures. In Proc. Eurocrypt 95, 1995, LNCS 921, pp. 209–219
Adam Young and Moti Yung. Auto-Recoverable Auto-Certifiable Cryptosystems. Eurocrypt 98, LNCS 1403 (Ed. K. Nyberg), pp. 17–32.
Editors and Affiliations
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kilian, J., Petrank, E. (1998). Identity escrow. In: Krawczyk, H. (eds) Advances in Cryptology — CRYPTO '98. CRYPTO 1998. Lecture Notes in Computer Science, vol 1462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055727
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64892-5
Online ISBN: 978-3-540-68462-6
eBook Packages: Springer Book Archive