Recoverable Encryption through a Noised Secret over a Large Cloud

The safety of keys is the Achilles’ heel of cryptography. A key backup at an escrow service lowers the risk of loosing the key, but increases the danger of key disclosure. We propose Recoverable Encryption (RE) schemes that alleviate the dilemma. RE encrypts a backup of the key in a manner that restricts practical recovery by an escrow service to one using a large cloud. For example, a cloud with ten thousand nodes could recover a key in at most 10 minutes with an average recovery time of five minutes. A recovery attempt at the escrow agency, using a small cluster, would require seventy days with an average of thirty five days. Large clouds have become available even to private persons, but their pay-for-use structure makes their use for illegal purposes too dangerous. We show the feaibility of two RE schemes and give conditions for their deployment.

[1]  Dorothy E. Denning,et al.  Key Escrow Encryption Policies and Technologies , 1996 .

[2]  Witold Litwin,et al.  LH*—a scalable, distributed data structure , 1996, TODS.

[3]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[4]  Yutaka Okabe,et al.  GPU-based single-cluster algorithm for the simulation of the Ising model , 2012, J. Comput. Phys..

[5]  Benne de Weger,et al.  Partial Key Exposure Attacks on RSA up to Full Size Exponents , 2005, EUROCRYPT.

[6]  Yue Zhang,et al.  Key Escrow Attack Risk and Preventive Measures , 2012 .

[7]  John D. Owens,et al.  GPU Computing , 2008, Proceedings of the IEEE.

[8]  Sanjit Chatterjee,et al.  Avoiding Key Escrow , 2011 .

[9]  David Safford,et al.  Two-phase cryptographic key recovery system , 1997, Comput. Secur..

[10]  Mihir Bellare,et al.  Verifiable partial key escrow , 1997, CCS '97.

[11]  Darrell D. E. Long,et al.  Strong Security for Network-Attached Storage , 2002, FAST.

[12]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[13]  Dorothy E. Denning,et al.  A taxonomy for key escrow encryption systems , 1996, CACM.

[14]  Eric R. Verheul,et al.  Binding ElGamal: A Fraud-Detectable Alternative to Key-Escrow Proposals , 1997, EUROCRYPT.

[15]  Colin Boyd,et al.  Practical client puzzles in the standard model , 2012, ASIACCS '12.

[16]  Matt Blaze Key escrow from a safe distance: looking back at the Clipper Chip , 2011, ACSAC '11.

[17]  Sushil Jajodia,et al.  Privacy of data outsourced to a cloud for selected readers through client-side encryption , 2011, WPES '11.

[18]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[19]  Peter G. Neumann,et al.  The risks of key recovery, key escrow, and trusted third-party encryption , 1997, World Wide Web J..

[20]  Johannes Blömer,et al.  New Partial Key Exposure Attacks on RSA , 2003, CRYPTO.

[21]  Darrell D. E. Long,et al.  Clasas: A Key-Store for the Cloud , 2010, 2010 IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[22]  Sarbari Gupta A Common Key Recovery Block Format: Promoting Interoperability Between Dissimilar Key Recovery Mechanisms , 2000, Comput. Secur..

[23]  Sushil Jajodia,et al.  LH*RE: A Scalable Distributed Data Structure with Recoverable Encryption , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.