Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.

A Certificateless Ordered Sequential Aggregate Signature Scheme Secure against Super Adverssaries.

Abstract: Certificateless cryptosystem is a hybrid scheme of traditional PKI and ID-based scheme and has positive aspects of both of PKI and ID-based cryptosystem, i.e. solving key escrow problem and certificate management problem simultaneously. Cryptographic schemes constructed in such a hybrid setting, generally called certificateless setting, retain these positive aspects and have been extensively studied recently. To the best of our knowledge, an ordered sequential aggregate signature (OSAS) scheme, which is a signature scheme verifying both the validity of a document and a signing order of a group of signers, has never been proposed in the certificateless setting. Therefore we propose an OSAS scheme in a certificateless setting called certificateless ordered sequential aggregate signature (CLOSAS) scheme. Our proposed scheme has advantages in its communication cost and the security proof. In particular, its signature size is fixed with respect to the number of signers, and the security is proven in the random oracle model against super adversaries that are the strongest adversary in certificateless signature scheme. Our scheme resists KGC’s malicious activities associated with key escrow and forgery of signatures as long as both of each user and KGC involve directly in a key generation.

Identity-Based Encryption with Security against the KGC: A Formal Model and Its Instantiations.

Abstract: The key escrow problem is one of the main barriers to the widespread real-world use of identity-based encryption (IBE). Specifically, a key generation center (KGC), which generates secret keys for a given identity, has the power to decrypt all ciphertexts. At PKC 2009, Chow defined a notion of security against the KGC, that relies on assuming that it cannot discover the underlying identities behind ciphertexts. However, this is not a realistic assumption since, in practice, the KGC manages an identity list, and hence it can easily guess the identities corresponding to given ciphertexts. Chow later amended this issue by introducing a new entity called an identity-certifying authority (ICA) and proposed an anonymous key-issuing protocol. Essentially, this allows the users, KGC, and ICA to interactively generate secret keys without users ever having to reveal their identities to the KGC. Unfortunately, since Chow separately defined the security of IBE and that of the anonymous key-issuing protocol, his IBE definition did not provide any formal treatment when the ICA is used to authenticate the users. Effectively, all of the subsequent works following Chow lack the formal proofs needed to determine whether or not it delivers a secure solution to the key escrow problem. In this paper, based on Chow’s work, we formally define an IBE scheme that resolves the key escrow problem and provide formal definitions of security against corrupted users, KGC, and ICA. Along the way, we observe that if we are allowed to assume a fully trusted ICA, as in Chow’s work, then we can construct a trivial (and meaningless) IBE scheme that is secure against the KGC. Finally, we present two instantiations in our new security model: a latticebased construction based on the Gentry–Peikert–Vaikuntanathan IBE scheme (STOC 2008) and Rückert’s lattice-based blind signature scheme (ASIACRYPT 2010), and a pairing-based construction based on the Boneh–Franklin IBE scheme (CRYPTO 2001) and Boldyreva’s blind signature scheme (PKC 2003).

An efficient and provably secure certificateless identification scheme

Abstract: Identity-based identification, first formalized independently by Bellare et al. and Kurosawa and Heng in 2004, still had the inherent key escrow problem, as the TA generating the user secret keys had full access to every user's secret key. In 2003, Al-Riyami and Paterson introduced the notion of certificateless cryptography, and subsequently many certificateless encryption, signature and other schemes were introduced in literature. However, to this date there are still no certificateless identification schemes in existence. Therefore, in this paper, we formalize the notion of certificateless identification schemes and construct the first concrete certificateless identification scheme.

Lattice-based certificateless public-key encryption in the standard model

Abstract: The notion of certificateless public-key encryption (CL-PKE) was introduced by Al-Riyami and Paterson in 2003 that avoids the drawbacks of both traditional PKI-based public-key encryption (i.e., establishing public-key infrastructure) and identity-based encryption (i.e., key escrow). So CL-PKE like identity-based encryption is certificate-free, and unlike identity-based encryption is key escrow-free. In this paper, we introduce simple and efficient CCA-secure CL-PKE based on (hierarchical) identity-based encryption. Our construction has both theoretical and practical interests. First, our generic transformation gives a new way of constructing CCA-secure CL-PKE. Second, instantiating our transformation using lattice-based primitives results in a more efficient CCA-secure CL-PKE than its counterpart introduced by Dent in 2008.

A universal cloud user revocation scheme with key-escrow resistance for ciphertext-policy attribute-based access control

Abstract: Cloud storage service allows its users to store and share data in a cloud environment. To secure the data from unauthorized entities while sharing, cryptographic mechanisms are used. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is one such mechanism, which has been widely used to achieve fine-grained access control over encrypted data. However, user revocation and keyescrow, in CP-ABE, are still remaining as challenging problems. In this paper, we propose a key-escrow resistant CP-ABE based access control scheme to provide efficient user revocation. The security analysis of the scheme has been done using Information Theory Tools. The security analysis establishes that it is unconditionally secure and provides any-wise revocation capability. Moreover, comparison with the other notable works in the area shows that it outperforms them in terms of computational and communication overheads.