Lenstra, A., Winkler, P. and Yacobi, Y. (1995) A key escrow system with warrant bounds. In Proc. Advances in Cryptology---CRYPTO '95, Santa Barbara, CA, August 27-- 31. Lecture Notes in Computer Science, 963, 197--207. Springer, Berlin.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....rights by giving a proxy key to his assistent. The proxy key transforms a signature created by the vice president into the president s signature, thus allowing the assistent to cosign only if the document was first signed by the vicepresident. Another example is that of a key escrow system [13, 23, 18, 17, 14, 27], where a trusted party can mediate the conflicts between users and the law enforcement agencies. The problem is to allow the law enforcement agency to read messages encrypted for a set of users, for a limited period of time, without knowing the users secrets. The solution is to locate a key ....

A. K. Lenstra, P. Winkler, and Y. Yacobi. A Key Escrow System with Warrant Bounds. Advances in Cryptology - CRYPTO, pages 197--207, 1995.

....section 54(4,a) Although the RIP act may be somewhat controversial, the idea of confiscating a key is worth comparing with the concept of key escrow. There are several good reasons for this. The most important one being that numerous papers have already been published on key escrow (see e.g. [18, 20, 2, 17, 5, 1]) and most of its problems have been addressed. Furthermore, key recovery has often been used as a synonym for key escrow and there are also several papers published on this topic (e.g. in [7] As far as we know there are no scientific papers on key confiscation. We do not claim that our ....

....fact that, once the key has been recovered, 1 Losing or forgetting keys is not an offense( 3 it can be used to decipher ciphertexts sent well before the warrant was issued and or well after the warrant has expired. Several researchers have pointed out this problem. Lenstra Winkler Yacobi [20] state that: the key is supposed to be returned ( at the expiration of the warrant, but non compliance with this or other Dept. of Justice procedures explicitly shall not provide the basis for any motion to suppress or other objection to the introduction of electronic surveillance ....

[Article contains additional citation context not shown here]

A. K. Lenstra, P. Winkler, and Y. Yacobi. A key escrow system with warrant bounds. In D. Coppersmith, editor, Advances in Cryptology --- Crypto '95, Proceedings, Lecture Notes in Computer Science #963, Springer 1995, 197--207

....of our protocol is that after setting up A to use the system, E is only involved when it is actually needed to determine A s identity. Keywords: Cryptography, Key escrow, Proofs of identity. 1 Introduction Key escrow has proven an active and contentious field of research and discussion (c.f. [20, 21, 18, 13, 15, 19, 22]) Essentially all of the attention in this area has been restricted to the simple case of communication: party A sends an encrypted message EK (M) to party B; some centralized authority is given the capability to recover either K or the specific message M . We consider a new domain for the ....

A. Lenstra, P. Winkler and Y. Yacobi. A Key Escrow System with Warrant Bounds. Advances in Cryptology -- CRYPTO '95 Proceedings, Berlin: Springer-Verlag, 1995.

....to society (Big Brother [7] which may, in certain circumstances, abuse it. In a society oriented key escrow system this power must be equally shared between the individual and society (for an analysis of fair cryptosystems see [2] 8] Furthermore it must have a limited life span (see e.g. [5], 6] Indeed a major objection to currently proposed key escrow schemes (e.g. the Clipper [3] is that there is no effective time control. Once an order to recover a key by the escrow agents has been given, there is nothing to prevent the agents from abusing their power and decrypting all ....

A.K. Lenstra and P. Winkler and Y. Yacobi, "A key escrow system with warrant bounds," in Advances in Cryptology -- Crypto '95, Lecture Notes in Computer Science #963, D. Coppersmith, Ed., 1995, pp. 197--207, Springer-Verlag.

....proposal [13] su ered from this weakness. In the proposal, when the law enforcement agency (LEA) obtains a single court order it can decrypt past, present and future communications from to the target without any form of restraint . Limiting escrow activity in time is essential for escrow systems [9, 7]. Many proposals relied on tamper proof hardware (or software) to accomplish this requirement. Reliance on tamper proofness, especially in software, is dicult and will a ect scalability of the implementation. Many proposals [4] relied only on certi cation procedures to accomplish the goal of the ....

Arjen K. Lenstra, Peter Winkler, and Yacov Yacobi. A key escrow system with warrant bounds. In Advances in Cryptology - CRYPTO95, Lecture Notes in Computer Science, pages 197 - 207, 1995.

....now present a key recovery attack under the assumption that an attacking user i has a public key y i = fig x i mod p. This attack will demonstrate the importance of the checking step in the certification process. We first consider the zero message DH key exchange with public keys (e.g. used in [22]) 4 : Two users A and B share a session key K by computing K = h(y xA B mod p; d) h(y xB A mod p; d) where d is time date information. In this protocol, suppose that user B with public key y B = g xB mod p uses a session key computed by K = h(y xB A mod p; d) to send a message m to ....

A.K.Lenstra, P.Winkler and Y.Yacobi, A key escrow system with warrant bounds, In Advances in Cryptology - CRYPTO'95, LNCS 963, Springer-Verlag, 1995, pp.197-207.

....This second tier is only accessible with the help of a third party, which is separate from (and not under the control of) the party managing access. We describe identity escrow schemes in Section 1.1 below. Key escrow has proven an active and contentious field of research and discussion (c.f. [24, 25, 22, 18, 21, 23, 27]) Most of the attention in this area has been restricted to the simple case of communication: party A sends an encrypted message EK (M) to party B; some centralized authority is given the capability to recover either K or the specific message M . As discussed in Section 3, group signatures has an ....

A. Lenstra, P. Winkler and Y. Yacobi. A Key Escrow System with Warrant Bounds. Advances in Cryptology -- CRYPTO '95 Proceedings, Berlin: Springer-Verlag, 1995.

....such abuses, giving deviant users greater leeway in their abuses. A number of approaches could be used to prevent the above abuses, such as, keeping all old escrowed keys in a valid period to check if they are used again, and monitoring all communication channels between suspected criminal users [10]. Unfortunately, these approaches may not be practical, particularly, in complicated mobile telecommunications systems. In fact, it is impossible for a key escrow system to force two users to use only the current escrow key if the users share a secret or can use their own security system. For ....

A.K. Lenstra, P. Winkler, and Y. Yacobi. A key escrow system with warrant bounds. In D. Coppersmith, editor, Lecture Notes in Computer Science 963, Advances in Cryptology - CRYPTO '95, pages 197--207. Springer -- Verlag, 1995.

....agency chooses the key and puts it in tamper proof hardware [41] Several objections, both on the social and on the technical fronts, have been raised to these approaches. Also many enhancements and variations, and some alternatives, have been considered. We refer the reader in particular to [15, 16, 10, 8, 17, 24, 22, 26, 30, 42, 5]. The summary from all this work is that no existing proposal seem to be acceptable to all parties involved, and new technical solutions are sought after. 1.2 The climate today Political debate will not make the user versus law enforcement conflict vanish. Even though some would prefer to not ....

A. Lenstra, P. Winkler and Y. Yacobi. A key escrow system with warrant bounds. Advances in Cryptology -- Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.

....now present a key recovery attack under the assumption that an attacking user i has a public key y i = fig x i mod p. This attack will demonstrate the importance of the checking step in the certification process. We first consider the zero message DH key exchange with fixed keys (e.g. used in [22]) 3 : Two users A and B share a session key K by computing K = h(y xA B mod p; d) h(y xB A mod p; d) where d is time date information. In this protocol, suppose that user B with public key yB = g xB mod p uses a session key computed by K = h(y xB A mod p; d) to send a message m to user ....

A.K.Lenstra, P.Winkler and Y.Yacobi, A key escrow system with warrant bounds, In Advances in Cryptology - CRYPTO'95, LNCS 963, Springer-Verlag, 1995, pp.197-207.

....of our protocol is that after setting up A to use the system, E is only involved when it is actually needed to determine A s identity. Keywords: Cryptography, Key escrow, Proofs of identity. 1 Introduction Key escrow has proven an active and contentious field of research and discussion (c.f. [18, 19, 16, 13, 15, 17, 20]) Essentially all of the attention in this area has been restricted to the simple case of communication: party A sends an encrypted message EK (M) to party B; some centralized authority is given the capability to recover either K or the specific message M . We consider a new domain for the ....

A. Lenstra, P. Winkler and Y. Yacobi. A Key Escrow System with Warrant Bounds. Advances in Cryptology -- CRYPTO '95 Proceedings, Berlin: Springer-Verlag, 1995.

No context found.

Lenstra, A., Winkler, P. and Yacobi, Y. (1995) A key escrow system with warrant bounds. In Proc. Advances in Cryptology---CRYPTO '95, Santa Barbara, CA, August 27-- 31. Lecture Notes in Computer Science, 963, 197--207. Springer, Berlin.

No context found.

A. Lenstra, P. Winkler and Y. Yacobi. A key escrow system with warrant bounds. Advances in Cryptology -- Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.

No context found.

A. Lenstra, P. Winkler and Y. Yacobi. A key escrow system with warrant bounds. Advances in Cryptology -- Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC