scispace - formally typeset
Search or ask a question
Topic

Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.


Papers
More filters
01 Jan 2010
TL;DR: This thesis proposes an IBE scheme with ACI-KGC and a new system architecture with an anonymous secret key generation protocol such that the KGC can issue keys to authenticated users without knowing the list of users' identities, thus making ABE more usable in practice.
Abstract: The notion of identity-based encryption (IBE) was proposed as an economical alternative to public-key infrastructures. IBE is also a useful building block in various cryptographic primitives such as searchable encryption. A generalization of IBE is attribute-based encryption (ABE). A major application of ABE is fine-grained cryptographic access control of data. Research on these topics is still actively continuing. However, security and privacy of IBE and ABE are hinged on the assumption that the authority which setups the system is honest. Our study aims to reduce this trust assumption. The inherent key escrow of IBE has sparkled numerous debates in the cryptography/security community. A curious key generation center (KGC) can simply generate the user's private key to decrypt a ciphertext. However, can a KGC still decrypt if it does not know the intended recipient of the ciphertext? This question is answered by formalizing KGC anonymous ciphertext indistinguishability ( ACI-KGC ). All existing practical pairing-based IBE schemes without random oracles do not achieve this notion. In this thesis, we propose an IBE scheme with ACI-KGC , and a new system architecture with an anonymous secret key generation protocol such that the KGC can issue keys to authenticated users without knowing the list of users' identities. This also matches the practice that authentication should be done with the local registration authorities. Our proposal can be viewed as mitigating the key escrow problem in a new dimension. For ABE, it is not realistic to trust a single authority to monitor all attributes and hence distributing control over many attribute-authorities is desirable. A multi-authority ABE scheme can be realized with a trusted central authority (CA) which issues part of the decryption key according to a user's global identifier (GID). However, this CA may have the power to decrypt every ciphertext, and the use of a consistent GID allowed the attribute-authorities to collectively build a full profile with all of a user's attributes. This thesis proposes a solution without the trusted CA and without compromising users' privacy, thus making ABE more usable in practice. Underlying both contributions are our new privacy-preserving architectures enabled by borrowing techniques from anonymous credential.

32 citations

Patent
06 Jun 2006
TL;DR: In this paper, an embodiment pertains generally to a method of storing keys, which includes receiving a request for generating a subject private key at a token processing system, and generating subject key pair, where the subject key pairs includes a subject public and the subject private keys.
Abstract: An embodiment pertains generally to a method of storing keys The method includes receiving a request for generating a subject private key at a token processing system and generating a subject key pair, where the subject key pair includes a subject public and the subject private key The method also includes archiving the subject private key within the token processing system

32 citations

Journal ArticleDOI
TL;DR: The partially-blind signature approach is extended into certificateless public key cryptography to eliminate the key escrow problem that occurs with identities in publicKey cryptography and it is proved to be unforgeable in the face of message attacks under the computational Diffie-Hellman assumption.

32 citations

Journal ArticleDOI
TL;DR: This paper presents a strongly secure one-round escrowable identity-based two-party authenticated key agreement protocol, which captures all basic desirable security properties including perfect forward secrecy, ephemeral secrets reveal resistance and so on, and is provably secure in the extended Canetti–Krawczyk (eCK) model.
Abstract: Escrowable identity-based authenticated key agreement protocols are welcome in certain closed groups applications, where audit trail is a legal requirement. In this paper, we present a strongly secure one-round escrowable identity-based two-party authenticated key agreement protocol, which captures all basic desirable security properties including perfect forward secrecy, ephemeral secrets reveal resistance and so on, and is provably secure in the extended Canetti–Krawczyk (eCK) model. We show that the security of the protocol can be reduced to the standard computational bilinear Diffie–Hellman assumption in the random oracle model. Assuming that no adversary can obtain the master private key for the escrow mode, our scheme is secure as long as each party has at least one uncompromised secret. To the best of our knowledge, our scheme is the first escrowable identity-based authenticated key agreement protocol provably secure in the eCK model.

32 citations

Journal ArticleDOI
TL;DR: This paper uses certificateless cryptography to solve the problem of key escrow and avoid the situation where a key generation center (KGC) impersonates a user to decrypt the ciphertext and improves the efficiency of the proof of ownership (PoW).

32 citations


Network Information
Related Topics (5)
Encryption
98.3K papers, 1.4M citations
85% related
Routing protocol
46.5K papers, 901.8K citations
80% related
Wireless ad hoc network
49K papers, 1.1M citations
79% related
Key distribution in wireless sensor networks
59.2K papers, 1.2M citations
78% related
Server
79.5K papers, 1.4M citations
78% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20241
202351
202289
202150
202072
201958