Escrow Encryption Systems Visited: Attacks, Analysis and Designs
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Securing traceability of ciphertexts: towards a secure software key escrow system
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
How to break fraud-detectable key recovery
ACM SIGOPS Operating Systems Review
A new public key cryptosystem based on higher residues
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
An Analysis of Integrity Services in Protocols
INDOCRYPT '01 Proceedings of the Second International Conference on Cryptology in India: Progress in Cryptology
On the Difficulty of Key Recovery Systems
ISW '99 Proceedings of the Second International Workshop on Information Security
SP'04 Proceedings of the 12th international conference on Security Protocols
Hi-index | 0.00 |
At Eurocrypt'95, Desmedt suggested a scheme which allows individuals to encrypt in such a way that the receiver can be traced by an authority having additional information. This paper shows that the proposed scheme does not have the required properties, by devising three non-specified protocols misleading the authority. We also discuss how to repair Desmedt's scheme, such that our attacks are no longer possible. However, by allowing slightly more general, but absolutely realistic attacks also this improved system can be broken. In fact, we argue that software key escrow as proposed by Desmedt will be very hard to implement as it requires that the distributed public key can only be used in few, well-defincd systems. Furthermore, even if this is achieved, most applications to key distribution can be broken.