A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
Symmetric public-key encryption
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
How to share a function securely
STOC '94 Proceedings of the twenty-sixth annual ACM symposium on Theory of computing
Proceedings of the 4th ACM conference on Computer and communications security
On Characterization of Escrow Encryption Schemes
ICALP '97 Proceedings of the 24th International Colloquium on Automata, Languages and Programming
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
A Key Escrow System with Warrant Bounds
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Escrow Encryption Systems Visited: Attacks, Analysis and Designs
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Fair Cryptosystems, Revisited: A Rigorous Approach to Key-Escrow (Extended Abstract)
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Efficient Generation of Shared RSA Keys (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Publicly verifiable secret sharing
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Kleptography: using cryptography against cryptography
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Binding ElGamal: a fraud-detectable alternative to key-escrow proposals
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
On the Difficulty of Key Recovery Systems
ISW '99 Proceedings of the Second International Workshop on Information Security
Toward Fair International Key Escrow
PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
| Hi-index | 0.00 |
In this paper we survey the recent work on Auto-Recoverable Auto-Certifiable Cryptosystems. This notion has been put forth to solve the "software key escrow" problem in an efficient manner within the context of a Pubic Key Infrastructure (PKI). This survey presents the exact specification of the problem which is based on what software key escrow can hope to achieve. The specification attempts to separate the truly difficult technical issues in the area from the ones that are only seemingly difficult. We then review the work in Eurocrypt '98 and PKC '99, which gives an efficient reduction to a software key escrow system from a certified public key system (PKI). Namely, we show how to construct an escrowed PKI for essentially the same cost and effort required for a regular PKI. More specifically, the schemes presented are as efficient for users to use as a PKI, do not require tamper-resistant hardware (i.e., they can be distributed in software to users), and the schemes are shadow public key resistant as defined in Crypto '95 by Kilian and Leighton (namely, they do not allow the users to publish public keys other then the ones certified). The schemes enable the efficient verification of the fact that a given user's private key is escrowed properly. They allow the safe and efficient recovery of keys (and plaintext messages) which is typical in emergency situations such as in the medical area, in secure file systems, and in criminal investigations. We comment that we do not advocate nor deal with the policy issues regarding the need of governments to control access to messages; our motivation is highly technical: in cases that escrow is required or needed we would like to minimize its effect on the overall PKI deployment. We then briefly mention forthcoming developments in the area which include further flexibility/compatibility requirements for auto-recoverable cryptosystems, as well as design of such systems which are based on traditional public key methods (RSA and discrete logs).