Recoverable Encryption through Noised Secret over a Large Cloud

The safety of keys is the Achilles' heel of cryptography. A key backup at an escrow service lowers the risk of loosing the key, but increases the danger of key disclosure. We propose Recoverable Encryption (RE) schemes that alleviate the dilemma. RE encrypts a backup of the key in a manner that restricts practical recovery by an escrow service to one using a large cloud. For example, a cloud with ten thousand nodes could recover a key in at most 10 minutes with an average recovery time of five minutes. A recovery attempt at the escrow agency, using a small cluster, would require seventy days with an average of thirty five days. Large clouds have become available even to private persons, but their pay-for-use structure makes their use for illegal purposes too dangerous. We show the feaibility of two RE schemes and give conditions for their deployment.

[1]  David M. Balenson,et al.  Commercial key recovery , 1996, CACM.

[2]  Matt Blaze Key escrow from a safe distance: looking back at the Clipper Chip , 2011, ACSAC '11.

[3]  Colin Boyd,et al.  Practical client puzzles in the standard model , 2012, ASIACCS '12.

[4]  Darrell D. E. Long,et al.  Clasas: A Key-Store for the Cloud , 2010, 2010 IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[5]  Sushil Jajodia,et al.  Privacy of data outsourced to a cloud for selected readers through client-side encryption , 2011, WPES '11.

[6]  E. Miller,et al.  Strong security for distributed file systems , 2001, Conference Proceedings of the 2001 IEEE International Performance, Computing, and Communications Conference (Cat. No.01CH37210).

[7]  Sarbari Gupta A Common Key Recovery Block Format: Promoting Interoperability Between Dissimilar Key Recovery Mechanisms , 2000, Comput. Secur..

[8]  John D. Owens,et al.  GPU Computing , 2008, Proceedings of the IEEE.

[9]  Dorothy E. Denning,et al.  A taxonomy for key recovery encryption systems , 1997 .

[10]  Benne de Weger,et al.  Partial Key Exposure Attacks on RSA up to Full Size Exponents , 2005, EUROCRYPT.

[11]  Dorothy E. Denning,et al.  Key Escrow Encryption Policies and Technologies , 1996 .

[12]  David Safford,et al.  Two-phase cryptographic key recovery system , 1997, Comput. Secur..

[13]  Darrell D. E. Long,et al.  Strong Security for Network-Attached Storage , 2002, FAST.

[14]  Yutaka Okabe,et al.  GPU-based single-cluster algorithm for the simulation of the Ising model , 2012, J. Comput. Phys..

[15]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[16]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[17]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[18]  Mukesh Singhal,et al.  Construction of efficient authentication schemes using trapdoor hash functions , 2011 .

[19]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[20]  David M. Balenson,et al.  Commercial key recovery : How to use key escrow , 1996 .

[21]  Eric R. Verheul,et al.  Binding ElGamal: A Fraud-Detectable Alternative to Key-Escrow Proposals , 1997, EUROCRYPT.

[22]  Mihir Bellare,et al.  Verifiable partial key escrow , 1997, CCS '97.

[23]  Matt Blaze,et al.  Oblevious Key Escrow , 1996, Information Hiding.

[24]  Sushil Jajodia,et al.  LH*RE: A Scalable Distributed Data Structure with Recoverable Encryption , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[25]  Johannes Blömer,et al.  New Partial Key Exposure Attacks on RSA , 2003, CRYPTO.

[26]  John L. Bennett,et al.  Building relationships for technology transfer , 1996, CACM.

[27]  Witold Litwin,et al.  LH*—a scalable, distributed data structure , 1996, TODS.

[28]  Peter G. Neumann,et al.  The risks of key recovery, key escrow, and trusted third-party encryption , 1997, World Wide Web J..

[29]  Yue Zhang,et al.  Key Escrow Attack Risk and Preventive Measures , 2012 .

[30]  Sanjit Chatterjee,et al.  Avoiding Key Escrow , 2011 .

[31]  Dorothy E. Denning,et al.  A taxonomy for key escrow encryption systems , 1996, CACM.

[32]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[33]  Ioana Manolescu,et al.  Web Data Management , 2011 .

[34]  Ernest F. Brickell,et al.  Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[35]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.