Time-Lapse Cryptography

The notion of “sending a secret message to the future” has been around for over a decade. Despite this, no solution to this problem is in common use, or even attained widespread acceptance as a fundamental cryptographic primitive. We name, construct and specify an implementation for this new cryptographic primitive, “Time-Lapse Cryptography”, with which a sender can encrypt a message so that it is guaranteed to be revealed at an exact moment in the future, even if this revelation turns out to be undesirable to the sender. Our solution combines new ideas with Pedersen distributed key generation, Feldman verifiable threshold secret sharing, and ElGamal encryption, all of which rest upon the single, broadly accepted Decisional Diffie-Hellman assumption. We develop a Time-Lapse Cryptography Service (“the Service”) based on a network of parties who jointly perform the service. The protocol is practical and secure: at a given time T the Service publishes a public key so that anyone can use it, even anonymously. Senders encrypt their messages with this public key whose private key is not known to anyone – not even a trusted third party – until a predefined and specific future time T + δ, at which point the private key is constructed and published. At or after that time, anyone can decrypt the ciphertext using this private key. The Service is envisioned as a public utility publishing a continuous stream of encryption keys and subsequent corresponding time-lapse decryption keys. We complement our theoretical foundation with descriptions of specific attacks and defenses, and describe important applications of our service in sealed bid auctions, insider stock sales, clinical trials, and electronic voting. ∗Supported in part by National Science Foundation grant CNS-0205423.

[1]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[2]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[3]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[4]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[5]  Ian F. Blake,et al.  Scalable, Server-Passive, User-Anonymous Timed Release Public Key Encryption from Bilinear Pairing , 2004, IACR Cryptol. ePrint Arch..

[6]  Joonsang Baek,et al.  Token-Controlled Public Key Encryption , 2005, ISPEC.

[7]  K. Hagerty,et al.  The Mandatory Disclosure of Trades and Market Liquidity , 1995 .

[8]  Rafail Ostrovsky,et al.  Conditional Oblivious Transfer and Timed-Release Encryption , 1999, EUROCRYPT.

[9]  Mihir Bellare,et al.  Verifiable partial key escrow , 1997, CCS '97.

[10]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[11]  Jung Hee Cheon,et al.  Timed-Release and Key-Insulated Public Key Encryption , 2006, Financial Cryptography.

[12]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[13]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[14]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[15]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, EUROCRYPT.

[16]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[17]  Yevgeniy Dodis,et al.  Time Capsule Signature , 2005, Financial Cryptography.