Topic
Key escrow
About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.
Papers published on a yearly basis
Papers
More filters
01 Jan 2010
TL;DR: This thesis proposes an IBE scheme with ACI-KGC and a new system architecture with an anonymous secret key generation protocol such that the KGC can issue keys to authenticated users without knowing the list of users' identities, thus making ABE more usable in practice.
Abstract: The notion of identity-based encryption (IBE) was proposed as an economical alternative to public-key infrastructures. IBE is also a useful building block in various cryptographic primitives such as searchable encryption. A generalization of IBE is attribute-based encryption (ABE). A major application of ABE is fine-grained cryptographic access control of data. Research on these topics is still actively continuing.
However, security and privacy of IBE and ABE are hinged on the assumption that the authority which setups the system is honest. Our study aims to reduce this trust assumption.
The inherent key escrow of IBE has sparkled numerous debates in the cryptography/security community. A curious key generation center (KGC) can simply generate the user's private key to decrypt a ciphertext. However, can a KGC still decrypt if it does not know the intended recipient of the ciphertext? This question is answered by formalizing KGC anonymous ciphertext indistinguishability ( ACI-KGC ). All existing practical pairing-based IBE schemes without random oracles do not achieve this notion. In this thesis, we propose an IBE scheme with ACI-KGC , and a new system architecture with an anonymous secret key generation protocol such that the KGC can issue keys to authenticated users without knowing the list of users' identities. This also matches the practice that authentication should be done with the local registration authorities. Our proposal can be viewed as mitigating the key escrow problem in a new dimension.
For ABE, it is not realistic to trust a single authority to monitor all attributes and hence distributing control over many attribute-authorities is desirable. A multi-authority ABE scheme can be realized with a trusted central authority (CA) which issues part of the decryption key according to a user's global identifier (GID). However, this CA may have the power to decrypt every ciphertext, and the use of a consistent GID allowed the attribute-authorities to collectively build a full profile with all of a user's attributes. This thesis proposes a solution without the trusted CA and without compromising users' privacy, thus making ABE more usable in practice.
Underlying both contributions are our new privacy-preserving architectures enabled by borrowing techniques from anonymous credential.
32 citations
•
06 Jun 2006TL;DR: In this paper, an embodiment pertains generally to a method of storing keys, which includes receiving a request for generating a subject private key at a token processing system, and generating subject key pair, where the subject key pairs includes a subject public and the subject private keys.
Abstract: An embodiment pertains generally to a method of storing keys The method includes receiving a request for generating a subject private key at a token processing system and generating a subject key pair, where the subject key pair includes a subject public and the subject private key The method also includes archiving the subject private key within the token processing system
32 citations
••
TL;DR: The partially-blind signature approach is extended into certificateless public key cryptography to eliminate the key escrow problem that occurs with identities in publicKey cryptography and it is proved to be unforgeable in the face of message attacks under the computational Diffie-Hellman assumption.
32 citations
••
TL;DR: This paper presents a strongly secure one-round escrowable identity-based two-party authenticated key agreement protocol, which captures all basic desirable security properties including perfect forward secrecy, ephemeral secrets reveal resistance and so on, and is provably secure in the extended Canetti–Krawczyk (eCK) model.
Abstract: Escrowable identity-based authenticated key agreement protocols are welcome in certain closed groups applications, where audit trail is a legal requirement. In this paper, we present a strongly secure one-round escrowable identity-based two-party authenticated key agreement protocol, which captures all basic desirable security properties including perfect forward secrecy, ephemeral secrets reveal resistance and so on, and is provably secure in the extended Canetti–Krawczyk (eCK) model. We show that the security of the protocol can be reduced to the standard computational bilinear Diffie–Hellman assumption in the random oracle model. Assuming that no adversary can obtain the master private key for the escrow mode, our scheme is secure as long as each party has at least one uncompromised secret. To the best of our knowledge, our scheme is the first escrowable identity-based authenticated key agreement protocol provably secure in the eCK model.
32 citations
••
TL;DR: This paper uses certificateless cryptography to solve the problem of key escrow and avoid the situation where a key generation center (KGC) impersonates a user to decrypt the ciphertext and improves the efficiency of the proof of ownership (PoW).
32 citations