Two Classes of Robust Threshold Key Escrow Schemes

The definition of robust threshold key escrow scheme (RTKES) is proposed in this paper. Namely, in RTKES, malice escrow agency fail to obtain the system secret key or user抯 secret key, even if the number of malice escrow agency is more than or equal to the value of threshold. Clearly, the problem of 搖ser抯 secret key completely depends on the trusted escrow agency?is solved if RTKES exists. In this paper, it is proved that the RTKES does exist, and some concrete designs of two classes of RTKES are given. In these schemes, the problem of 搊nce monitor, monitor for ever?is solved effectively, every escrow agency can verify correctness of the secret shadow that he escrows during secret shadow distribution and monitor agency can exactly decide which escrow agency forges or tampers secret shadow during monitor procedure. Since the proposed RTKES is also threshold key escrow scheme, when an escrow agency or few agencies is not cooperating, monitor agency can easily reconstruct session key to monitor as long as there are other k effective escrow agencies. In addition, it also resists against LEAF feedback attack.

[1]  Zhenfu Cao A threshold key escrow scheme based on public key cryptosystem , 2001 .

[2]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[3]  H. Imai,et al.  Efficient and secure multiparty generation of digital signatures based on discrete logarithms , 1993 .

[4]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, EUROCRYPT.

[5]  J. Nechvatal,et al.  A Public-Key - Based Key Escrow System , 1996, J. Syst. Softw..

[6]  Wang Gui-lin Weaknesses of Some Threshold Group Signature Schemes , 2000 .

[7]  Silvio Micali,et al.  A Simple Method for Generating and Sharing Pseudo-Random Functions, with Applications to Clipper-like Escrow Systems , 1995, CRYPTO.

[8]  M. Smid,et al.  Key escrowing today , 1994, IEEE Communications Magazine.

[9]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[10]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[11]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[12]  Moti Yung,et al.  Witness-based cryptographic program checking and robust function sharing , 1996, STOC '96.

[13]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[14]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, CRYPTO.

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  Peter Winkler,et al.  A Key Escrow System with Warrant Bounds , 1995, CRYPTO.