Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.

Certificateless strong key-insulated signature without random oracles

Abstract: It is important to ensure the private key secure in cryptosystem. To reduce the underlying danger caused by the private key leakage, Dodis et al. (2003) introduced the notion of key-insulated security. To handle the private key leakage problems in certificateless signature schemes, we propose a new certificateless strong key-insulated signature scheme. Our scheme has two desirable properties. First, its security can be proved without utilizing the random oracle model. Second, it solves the key escrow problems in identity-based key-insulated signatures (IBKISs).

Leakage-Resilient Certificate-Based Signature Resistant to Side-Channel Attacks

Abstract: Certificate-based cryptography is an attractive public-key setting, and it not only simplifies certificate management in the traditional public-key cryptography but also eliminates the key escrow problem inherent in the identity-based cryptography. Recently, leakage-resilient cryptography resistant to side-channel attacks has received significant attention from cryptographic researchers. By side-channel attacks, adversaries could obtain partial information of secret and private keys involved in cryptographic algorithms by perceiving execution time or energy consumptions of each algorithm invocation. The certificate-based signature (CBS) is a class of important public-key signature. Up to date, there exists no leakage-resilient CBS (LR-CBS) scheme resistant to side-channel attacks. In this paper, the first LR-CBS scheme is proposed and it possesses overall unbounded leakage property, namely, it permits adversaries to continuously obtain partial information of secret or private keys involved in the associated algorithm invocations. The security analysis is given to prove that the proposed LR-CBS scheme is existential unforgeability against adaptive chosen-message attacks for adversaries in the generic bilinear group model.

Towards Anonymous Ciphertext Indistinguishability with Identity Leakage

Abstract: Key escrow is a major drawback of identity-based encryption (IBE) The key generation centre (KGC) can generate the user secret key of any user by using the master secret key and the user's identity This paper presents a systematic study of what it takes to prevent a malicious KGC from decrypting a ciphertext encrypted for an honest user, which covers the case for certificateless encryption, and shows the impossibility of ideal escrow-free IBE, unless there is uncertainty in the user's identity Our study also explains the underpinning idea of anonymous ciphertext indistinguishability (ACI), formalized by Chow in PKC 2009 An ACI-secure IBE prevent a KGC (or any logical entity which get holds of the master secret key, such as the collusion of a number of authorities holding the sufficient number of master secret's shares) from decrypting if it does not know the intended recipient of the ciphertext, a guarantee that none of the existing attempts in the literature can provide The notion of ACI crucially relies on the privacy of user's identity in the eyes of the KGC The only privacy leakage allowed in Chow's model is via querying an embedded-identity encryption oracle In this paper, we strengthen his model to allow arbitrary bounded leakage of the recipient's identity We also give a generic construction on how to achieve this notion when the identity has enough entropy

RIKE+ : using revocable identities to support key escrow in public key infrastructures with flexibility

Abstract: Public key infrastructures (PKIs) are proposed to provide various security services. Some security services such as confidentiality require key escrow in certain scenarios, whereas some others such as non-repudiation and authentication usually prohibit key escrow. Moreover, these two conflicting requirements can coexist for one PKI user. The popular solution in which each user has two different certificates and an escrow authority backs up all escrowed private keys faces the problems of efficiency and scalability. In this study, a novel key management infrastructure called RIKE+ is proposed to integrate the ‘inherent key escrow’ of identity-based encryption (IBE) into PKIs. In RIKE+ , (the hash value of) a user's PKI certificate also serves as a ‘revocable identity’ to derive the user's IBE public key, and the revocation of this IBE key pair is achieved by the certificate revocation of PKIs. Therefore the certificate binds the user with two key pairs, one of which is escrowed inherently and the other is not. Furthermore, RIKE+ employs chameleon hash to flexibly control the relationship between the certificate and the IBE key pair. In the case of certificate renewal and revocation, chameleon hash enables RIKE+ to manipulate the hash value of the new certificate, so the user's IBE key pair is not unconditionally changed unless it is necessary. RIKE+ is an effective certificate-based solution compatible with traditional PKIs and can be built on existing X.509 PKIs.

Protecting against key escrow and key exposure in identity-based cryptosystem

Abstract: Standard identity-based cryptosystems typically rely on the assumption that secret keys are kept perfectly secure. However, in practice, there are two threats to the key security in identity-based cryptosystems. One inherent problem is key escrow, that is, the Key Generation Center (KGC) always knows a user's secret key and the malicious KGC can impersonate the user. Meanwhile, another threat is that a user's secret key may be exposed to an adversary in an insecure device, and key exposure typically means that security is entirely lost. At present, there is no solution that can simultaneously solve both of above problems. In this paper, we first present a secure key issuing and updating model for identity-based cryptosystems. Our suggestion is an intermediate between the identity-based key insulation and distributing authorities approach, and can simultaneously solve both key escrow and key exposure problems. We formalize the definition and security notion of the corresponding encryption scheme (IBKUE) and signature scheme (IBKUS), and then propose an IBKUE scheme based on Boneh-Franklin's scheme [2] and an IBKUS scheme based on Cha-Cheon's scheme [9]. Both of the schemes are secure in the remaining time periods against an adversary who compromises the KGC and obtains a user's secret key for the time periods of its choice. All the schemes in this paper are provably secure in the random oracle model.