Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.

Certificateless designated verifier signature revisited: achieving a concrete scheme in the standard model

Abstract: In a designated verifier signature (DVS) scheme, the signer (Alice) creates a signature which is only verifiable by a designated verifier (Bob). Furthermore, Bob cannot convince any third party that the signature was produced by Alice. A DVS scheme is applicable in scenarios where Alice must be authenticated to Bob without disturbing her privacy. The de-facto construction of DVS scheme is achieved in a traditional public key infrastructure (PKI) setting, which unfortunately requires a high-cost certificate management. A variant of identity-based (ID-based) setting DVS eliminates the need of certificates, but it introduces a new inherent key escrow problem, which makes it impractical. Certificateless public key cryptography (CL-PKC) is empowered to overcome the problems of PKI and ID-based settings, where it does not suffer from any of the aforementioned problems. However, only a few number of certificateless DVS (CL-DVS) schemes have been proposed in the literature to date. Moreover, all existing CL-DVS schemes are only proven secure in the random oracle model, while some of them are already known to be insecure. We provide three contributions in this paper. First, we revisit the security proofs of existing CL-DVS schemes in the literature and show that unfortunately there are some drawbacks in the proofs of all of those schemes. Second, we concentrate on the recently proposed CL-DVS scheme (IEEE Access 2018) and show a drawback in its security proof which makes it unreliable. Furthermore, we show that this scheme is delegatable in contrast to the author’s claim. Finally, we propose a CL-DVS scheme and prove its security requirements in the standard model. Our scheme is not only the first scheme with a complete and correct security proofs, but also the only scheme in the standard model.

A note on the Certificateless Multi-receiver Signcryption Scheme.

Abstract: Certificateless cryptography aims at combining the advantages of identity based and public key cryptography, so as to avoid the key escrow problem inherent in the identity based system and cumbersome certificate management in public key infrastructure. Signcryption achieves confidentiality and authentication simultaneously in an efficient manner. Multi-receiver signcryption demands signcrypting the same message efficiently for a large number of receivers. In this note, we strengthen the security of the certificateless multi-receiver signcryption scheme in [23] by proposing suitable enhancement to the scheme.

Accountable Large-Universe Attribute-Based Encryption Supporting Any Monotone Access Structures

Abstract: Ciphertext-policy attribute-based encryption CP-ABE is a promising cryptographic primitive for fine-grained access control on data outsourced to clouds. However, there still exists one critical functionality missing in existing CP-ABE schemes, which is the prevention of key abuse. Specifically, two kinds of key abuse problems are considered in this paper: malicious key sharing among colluding users, and key escrow problem of the semi-trusted authority. For a user, any malicious behavior including illegal key sharing should be traced. For the semi-trusted authority, it should be accountable for its misbehavior including illegal key re-distribution. For better performance and security, it is also indispensable to support large universe and full security in CP-ABE. To the best of our knowledge, none of the existing traceable CP-ABE schemes simultaneously supports large universe and full security. In this paper, we construct a white-box traceable CP-ABE scheme with weak public user traceability, weak public authority accountability and weak public auditing in the sense that no additional secret keys are needed. The scheme supports large universe, and attributes do not need to be pre-specified during the system setup phase. Our scheme is proven fully-secure in the random oracle model and it can take any monotonic access structures as ciphertext policies.

Accountable authority identity-based encryption with public traceability

Abstract: At Crypto'07, Goyal introduced the notion of accountable authority identity-based encryption (A-IBE) in order to mitigate the inherent key escrow problem in identity-based encryption, and proposed two concrete constructions. In an A-IBE system, if the private key generator (PKG) distributes a decryption key or produces an unauthorized decryption box for a user maliciously, it runs the risk of being caught and sued in the court of law with the help of a tracing algorithm. Subsequent efforts focused on constructions of A-IBE schemes with enhanced security. In these A-IBE constructions, the tracing algorithm needs to take a user's decryption key as input. If the user lost his key or is deliberately uncooperative in court, then we cannot implicate the PKG or the user. An interesting open problem left by Goyal et al. at CCS'08 is to consider the possibility of tracing a decryption box using only a public tracing key, or with the assistance of a tracing authority. In this paper, we address this problem positively. We first extend the original model of A-IBE to accommodate public traceability, and then propose an A-IBE scheme in the new model. To the best of our knowledge, the proposed scheme is the first A-IBE with public traceability.

ID-Based signature scheme without trusted PKG

Abstract: Key escrow is an inherent disadvantage for traditional ID-based cryptosystem, i.e., the dishonest PKG can forge the signature of any user. On the other hand, the user can deny the signature actually signed by him/herself. To avoid the key escrow problem, we present an ID-based signature scheme without trusted Private Key Generator (PKG). We also presented the exact proof of security to demonstrate that our scheme is secure against existential forgery on adaptively chosen messages and ID attacks assuming the complexity of Computational Diffie-Hellman (CDH) problem. Compared with other signature schemes, the proposed scheme is more efficient.