Showing papers on "Key escrow published in 2005"
20 Sep 2005
TL;DR: The proposed scheme meets the strong security requirements of the new model of CLPKE such as security against public key replacement attack and chosen ciphertext attack, assuming that the standard Computational Diffie-Hellman problem is intractable.
Abstract: “Certificateless Public Key Cryptography” has very appealing features, namely it does not require any public key certification (cf traditional Public Key Cryptography) nor having key escrow problem (cf Identity-Based Cryptography) Unfortunately, construction of Certificateless Public Key Encryption (CLPKE) schemes has so far depended on the use of Identity-Based Encryption, which results in the bilinear pairing-based schemes that need costly operations In this paper, we consider a relaxation of the original model of CLPKE and propose a new CLPKE scheme that does not depend on the bilinear pairings We prove that in the random oracle model, our scheme meets the strong security requirements of the new model of CLPKE such as security against public key replacement attack and chosen ciphertext attack, assuming that the standard Computational Diffie-Hellman problem is intractable
233 citations
15 Dec 2005
TL;DR: A pairing based certificateless signature scheme that is efficient than the existing scheme and combines the advantages of both certificate based and identity based cryptosystems as it avoids the usage of certificates and does not suffer from key escrow.
Abstract: Traditional certificate based cryptosystem requires high maintenance cost for certificate management. Although, identity based cryptosystem reduces the overhead of certificate management, it suffers from the drawback of key escrow. Certificateless cryptosystem combines the advantages of both certificate based and identity based cryptosystems as it avoids the usage of certificates and does not suffer from key escrow. In this paper, we propose a pairing based certificateless signature scheme that is efficient than the existing scheme.
137 citations
04 Apr 2005
TL;DR: This paper uses a simple blinding technique to eliminate the need of secure channel and multiple authorities approach to avoid the key escrow problem and shows that the protocol overcomes the disadvantages of other pairing based schemes and is efficient compared to the existing key issuing protocol.
Abstract: This paper presents an efficient and secure protocol for key issuing in ID-based cryptosystems using bilinear pairings. We use a simple blinding technique to eliminate the need of secure channel and multiple authorities approach to avoid the key escrow problem. We show that our protocol overcomes the disadvantages of other pairing based schemes and is efficient compared to the existing key issuing protocol.
40 citations
Posted Content•
TL;DR: An efficient CL-PKE scheme which is based on the nice algebraic properties of Weil pairing is proposed which is more efficient on computation or published public key information than the existing certificateless public key encryption scheme.
Abstract: Certificateless public key cryptography was introduced to overcome the key escrow limitation of the identity-based cryptography. It combines the advantages of the identity-based cryptography and the traditional PKI. Recently, Dae Hyun Yum1 and Pil Joong Lee have proposed a generic series construction model of certificateless public key encryption (CL-PKE) which is built from generic primitives: identity-based encryption and public key encryption. However, this model pays much attention on the generic construction and neglects the nice properties of the bilinear pairings. In this paper, we propose an efficient CL-PKE scheme which is based on the nice algebraic properties of Weil pairing. The scheme works in a kind of parallel model and it is more efficient on computation or published public key information than the existing
35 citations
Patent•
15 Sep 2005TL;DR: In this article, a digital data can be escrowed by receiving escrow parameters, including a condition(s) for releasing the data, and an escrow recipient, which can be a payment sum, date, an indication from a depositor, a trustee or a vault administrator, and/or fulfillment of another escrow contract.
Abstract: Digital data can be escrowed by receiving escrow parameters including a condition(s) for releasing the escrowed data, and an escrow recipient. An escrow contract is then created based upon the specified escrow parameters. The escrowing further includes storing the digital data in a secure information vault, and storing the escrow contract, along with a pointer to the stored data, in a database. When the condition has been satisfied, the data is released to the escrow recipient. The condition(s) for release can be a payment sum, a date, an indication from a depositor, a trustee or a vault administrator, and/or fulfillment of another escrow contract.
27 citations
Posted Content•
TL;DR: This paper shows that the proposed certificateless public-key encryption scheme proposed by Al-Riyami and Paterson is vulnerable to adaptive chosen ciphertext attacks, and presents a countermeasure to overcome such a security flaw.
Abstract: Certificateless public-key cryptosystem is a recently proposed attractive paradigm using public key cryptosystem, which avoids the key escrow inherent in identity-based public-key cryptosystems, and does not need certificates to generate trust in public keys. Recently, Al-Riyami and Paterson proposed a new certificateless public-key encryption scheme [2, 3] and proved its security in the random oracle model. This paper shows that their scheme is vulnerable to adaptive chosen ciphertext attacks, and presents a countermeasure to overcome such a security flaw.
23 citations
19 Dec 2005
TL;DR: A secure identity-based encryption scheme to support a fine-grained revocation without key escrow is considered and a mediated key agreement protocol based on the same setting is presented.
Abstract: In identity-based cryptography, a user's public key is easily derived from the user's identity and a corresponding private key is generated for the user by a trusted third party, known as a Key Generation Center (KGC). The direct derivation of public keys in identity-based cryptography can eliminate the need for certificates and can solve certain public key management problems. Identity-based cryptography has many advantages for public key management, but it has two drawbacks that prevent its practical application in the real world: key escrow problems and lack of support for a fine-grained revocation of identity. At present, there is no solution that can simultaneously solve both problems; schemes that can solve the key escrow problem still have the identity revocation problem, and vice versa. In this paper, we consider a secure identity-based encryption scheme to support a fine-grained revocation without key escrow and also present a mediated key agreement protocol based on the same setting. Using the proposed scheme, we can apply identity-based cryptography more securely and practically in the real world.
22 citations
KISA1
TL;DR: The first mediated certificateless public key encryption and signature schemes are presented in this paper, which does not suffer from the key escrow property that seems to be inherent in mediated identity-based schemes.
Abstract: This paper presents the first mediated certificateless public key encryption and signature schemes We also extend our schemes into hierarchical schemes Our schemes does not suffer from the key escrow property that seems to be inherent in the mediated identity-based schemes Key escrow is not always a good property for all applications because the exposure of a master key enable all the users' private keys to be leaked Our mediated certificateless public key encryption and hierarchical schemes also support role based access control (RBAC) without the key escrow to manage the access to resources of a system We finally describe security of our schemes and compare our schemes with the mediated identity based schemes from efficiency points of view
21 citations
15 Dec 2005
TL;DR: This work has presented the exact proof of security to demonstrate that the proposed ID-based signature scheme without trusted Private Key Generator (PKG) is secure against existential forgery on adaptively chosen messages and ID attacks assuming the complexity of Computational Diffie-Hellman (CDH) problem.
Abstract: Key escrow is an inherent disadvantage for traditional ID-based cryptosystem, i.e., the dishonest PKG can forge the signature of any user. On the other hand, the user can deny the signature actually signed by him/herself. To avoid the key escrow problem, we present an ID-based signature scheme without trusted Private Key Generator (PKG). We also presented the exact proof of security to demonstrate that our scheme is secure against existential forgery on adaptively chosen messages and ID attacks assuming the complexity of Computational Diffie-Hellman (CDH) problem. Compared with other signature schemes, the proposed scheme is more efficient.
14 citations
Patent•
24 Feb 2005
TL;DR: In this article, the authors propose an escrow system that comprises correlating confidential data defining a fixed condition or set of conditions for a release of escrow with data presented in an indefinite series of confidential presentations seeking to satisfy that condition, both disclosed and undisclosed.
Abstract: An escrow system that comprises correlating confidential data defining a fixed condition or set of conditions for a release of escrow with data presented in an indefinite series of confidential presentations seeking to satisfy that condition or set of conditions. The system involves a process whereby the conditions for a release of the escrow are fixed (i.e. reduced to writing and not subject to change for a specified period of time) but are not fully disclosed to a party seeking a release of the escrow. Instead, a party seeking a release of the escrow is permitted to submit an indefinite number of confidential presentations seeking to satisfy all of those fixed conditions, both disclosed and undisclosed. The fact and contents of each such presentation are treated as confidential unless the presentation results in a determination by the System that all of the fixed conditions have been satisfied.
11 citations
15 Dec 2005
TL;DR: This paper presents two types of group signature schemes from bilinear pairings: the mini type and the improved type, which are very simple and efficient, and satisfies all the security requirements of a group signature scheme.
Abstract: This paper presents two types of group signature schemes from bilinear pairings: the mini type and the improved type. The size of the group public keys and the length of the signatures in both schemes are constant. An on-line third party is introduced to help the schemes to realize the “join” of group members, the “opening” of group signatures, and the immediate “revocation” of group membership. It is shown that the introduction of this party makes our schemes much more simple and efficient than the previous schemes of this kind. The mini group signature is in fact only a BLS short signature. Unfortunately, it has a drawback of key escrow. A dishonest group manager can forge any group signature at his will. To avoid this drawback, we put forward an improved scheme, which is also very simple and efficient, and satisfies all the security requirements of a group signature scheme.
TL;DR: A new dynamic threshold commercial key escrow scheme (DTCKE) based on conic and combines the merits of conic curve is proposed which effectively solves the conflicting between human privacies and authorized law enforcement access to suspectable communications.
18 Jul 2005
TL;DR: An improved protocol is presented which guarantees anonymity even if all but one of the escrow holders are corrupt, and also identifies some other less significant weaknesses of the protocol.
Abstract: Anonymity with identity escrow attempts to allow users of a service to remain anonymous, while providing the possibility that the service owner can break the anonymity in exceptional circumstances, such as to assist in a criminal investigation. A protocol for achieving anonymity with identity escrow has been presented by Marshall and Molina-Jiminez. In this paper, we show that that protocol suffers from some serious flaws. We also identify some other less significant weaknesses of the protocol, and we present an improved protocol which fixes these flaws. Our improved protocol guarantees anonymity even if all but one of the escrow holders are corrupt.
05 Sep 2005
TL;DR: This work introduces a series of adversary models for dishonest TAs in ad hoc networks, including a new model where a TA uses spy nodes that record communications in the network and report them to the TA.
Abstract: Recently, identity-based cryptography (IBC) schemes are considered as a tool to secure ad hoc networks. In this work we focus on the role of the Trust Authority (TA) as a key escrow, a property that is inherent to all IBC schemes. We explore the special role of key escrow in ad hoc networks and show that this role significantly differs from key escrows in other networks. We introduce a series of adversary models for dishonest TAs in ad hoc networks, including a new model where a TA uses spy nodes that record communications in the network and report them to the TA. Our analytical results show that in many ad hoc network applications the TA can be prevented from being a key escrow.
Posted Content•
TL;DR: In this article, a malicious key generation center (KGC) can successfully attack the protocol to obtain users' private keys, which means that in the protocol, the key escrow problem is not really removed.
Abstract: Most recently, Lee B. et al proposed a key issuing protocol for ID-based cryptography to solve the key escrow problem. However in this letter, we show that a malicious key generation center (KGC) can successfully attack the protocol to obtain users’ private keys. This means that in the protocol, the key escrow problem isn’t really removed.
20 Apr 2005
TL;DR: A new framework for authentication mechanisms that seek to interact with users in a friendlier way is proposed that essentially implement a human-centric key escrow and recovery mechanism.
Abstract: We propose a new framework for authentication mechanisms that seek to interact with users in a friendlier way. Human or community-centric authentication supports vanilla access to users who fail an initial attempt to identify themselves. This limited access enables them to communicate with their peer community to achieve authentication. The actions of users with vanilla access can be rolled back in case they do not progress to full authentication status.
This mechanism is supported by a peer community trust infrastructure that exploits the effectiveness that humans have in understanding their communal roles in order to mitigate their lesser skill in remembering passwords or pins. The techniques involved essentially implement a human-centric key escrow and recovery mechanism.
Posted Content•
TL;DR: It is shown that the proposed secure key issuing protocol suffers from impersonation, insider attacks and incompetency of the key privacy authorities, and is cryptanalyze Sui et al.
Abstract: To remove key escrow problem and avoid the need of secure channel in ID based cryptosystem Lee et al.[1] proposed a secure key issuing protocol. However we show that it suffers from impersonation, insider attacks and incompetency of the key privacy authorities. We also cryptanalyze Sui et al.’s[2] separable and anonymous key issuing protocol.
06 Dec 2005
TL;DR: A new type of signature is proposed, broadcast group oriented signature, to make the signer easier, which has the properties: is easy to manage public keys; has no characteristic of key escrow; nobody outside the designated group can verify the signature.
Abstract: When some one wants to sign a message for a designated group in distributed networks, he can sign the message one by one for each member in designated group, but the efficiency is very low In this paper, we propose a new type of signature, broadcast group oriented signature, to make the signer easier The signature has the properties: is easy to manage public keys; has no characteristic of key escrow; nobody outside the designated group can verify the signature The signature is very fit for the condition that the signer only has limited computational resource or bandwidth and each member in designated group is asked to independently verify the signature
Journal Article•
TL;DR: 可以根据托管代理的具体情况, 设计出更多类型的可灵活设置�’笡代
Abstract: 一般密钥托管方案都没有考虑托管方的权重,文章基于门限思想和高级门限方案,设计了一种可灵活设置托管方权重的密钥托管方案,具体给出了某一托管代理必须参与才能恢复用户密钥的托管方案和两组托管代理共同参与才能恢复用户密钥的托管方案.可以根据托管代理的具体情况,设计出更多类型的可灵活设置托管代理的密钥托管方案,该方案还能克服阀下信道攻击和部分托管代理共谋或泄密等情况.
TL;DR: An efficient protocol for verifiable encryption of digital signatures that improves the security and efficiency of the verifiableryption scheme of Ateniese is presented.
Abstract: Verifiable encryption is a primitive that can be used to build extremely efficient fair exchange protocols where the items exchanged represent digital signatures. Such protocols may be used to digitally sign contracts on the Internet. This paper presents an efficient protocol for verifiable encryption of digital signatures that improves the security and efficiency of the verifiable encryption scheme of Ateniese. Our protocol can be applied to group signatures, key escrow and publicly verifiable secret and signature sharing to prove the fairness.
The author is presently at “Centre for Quantifiable Quality of Service in Communication Systems” (Q2S), NTNU, Trondheim, Norway. The centre is appointed Centre of Excellence by The Research Council of Norway. It is financed by the Research Council, NTNU and UNINETT, and supported by Telenor.
Journal Article•
TL;DR: A new verifiable partial key escrow scheme is proposed, which has both provable partiality and independency and is proposed to use McCurley encryption scheme as underlying scheme.
Abstract: In this paper, firstly we propose two new concepts concerning the notion of key escrow encryption schemes: provable partiality and independency. Roughly speaking we say that a scheme has provable partiality if existing polynomial time algorithm for recovering the secret knowing escrowed information implies a polynomial time algorithm that can solve a well-known intractable problem. In addition, we say that a scheme is independent if the secret key and the escrowed information are independent. Finally, we propose a new verifiable partial key escrow, which has both of above criteria. The new scheme use McCurley encryption scheme as underlying scheme.
Posted Content•
TL;DR: In this article, the authors proposed two new concepts concerning the notion of key escrow encryption schemes: provable partiality and independency, and they proposed a verifiable partial-key escrow scheme using the McCurley encryption scheme.
Abstract: In this paper, firstly we propose two new concepts concerning the notion of key escrow encryption schemes: provable partiality and independency. Roughly speaking we say that a scheme has provable partiality if existing polynomial time algorithm for recovering the secret knowing escrowed information implies a polynomial time algorithm that can solve a well-known intractable problem. In addition, we say that a scheme is independent if the secret key and the escrowed information are independent. Finally, we propose a new verifiable partial key escrow, which has both of above criteria. The new scheme use McCurley encryption scheme as underlying scheme.
25 Sep 2005
TL;DR: This paper proposes a system in which a set of people is able to confidentially communicate using a common session key that will be escrowed using a multi-party version of the ElGamal cryptosystem.
Abstract: In this paper we propose a system in which a set of people is able to confidentially communicate using a common session key. Due to required governmental surveillance properties, this key will be escrowed using a multi-party version of the ElGamal cryptosystem. The resulting shares of the ciphertext are stored over a set of trusted servers to provide availability and to hamper ciphertext-based attacks. Using a particular tree-based multi-party decryption, the session key can be reconstructed by a tree-structured set of escrow agencies without reconstructing the private ElGamal key and the ciphertext.