Time-Lapse Cryptography Technical Report TR-2206

The notion of “sending a secret message to the future” has been around for over a decade. Despite this, no solution to this problem is in common use, or even attained widespread acceptance as a fundamental cryptographic primitive. We name, construct and specify an implementation for this new cryptographic primitive, “Time-Lapse Cryptography”, with which a sender can encrypt a message so that it is guaranteed to be revealed at an exact moment in the future, even if this revelation turns out to be undesirable to the sender. Our solution combines new ideas with Pedersen distributed key generation, Feldman verifiable threshold secret sharing, and ElGamal encryption, all of which rest upon the single, broadly accepted Decisional Diffie-Hellman assumption. We develop a Time-Lapse Cryptography Service (“the Service”) based on a network of parties who jointly perform the service. The protocol is practical and secure: at a given time T the Service publishes a public key so that anyone can use it, even anonymously. Senders encrypt their messages with this public key whose private key is not known to anyone – not even a trusted third party – until a predefined and specific future time T + δ, at which point the private key is constructed and published. At or after that time, anyone can decrypt the ciphertext using this private key. The Service is envisioned as a public utility publishing a continuous stream of encryption keys and subsequent corresponding time-lapse decryption keys. We complement our theoretical foundation with descriptions of specific attacks and defenses, and describe important applications of our service in sealed bid auctions, insider stock sales, clinical trials, and electronic voting. ∗Supported in part by National Science Foundation grant CNS-0205423.

[1]  Rafail Ostrovsky,et al.  Conditional Oblivious Transfer and Timed-Release Encryption , 1999, EUROCRYPT.

[2]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[3]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[4]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[5]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[6]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[7]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[8]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[9]  Yevgeniy Dodis,et al.  Time Capsule Signature , 2005, Financial Cryptography.

[10]  Jung Hee Cheon,et al.  Timed-Release and Key-Insulated Public Key Encryption , 2006, Financial Cryptography.

[11]  Mihir Bellare,et al.  Verifiable partial key escrow , 1997, CCS '97.

[12]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[13]  David C. Parkes,et al.  Practical secrecy-preserving, verifiably correct and trustworthy auctions , 2006, ICEC '06.

[14]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[15]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[16]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[17]  Joonsang Baek,et al.  Token-Controlled Public Key Encryption , 2005, ISPEC.

[18]  K. Hagerty,et al.  The Mandatory Disclosure of Trades and Market Liquidity , 1995 .

[19]  Ian F. Blake,et al.  Scalable, Server-Passive, User-Anonymous Timed Release Public Key Encryption from Bilinear Pairing , 2004, IACR Cryptol. ePrint Arch..