A Timed-Release Key Management Scheme for Backward Recovery

  • Maki Yoshida
  • Shigeo Mitsunari
  • Toru Fujiwara
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3935)


The timed-release encryption scheme is to encrypt a message so that a ciphertext can be decrypted when specific time in the future comes. Recently, interesting constructions of the timed-release encryption scheme have been proposed. The central concept of the constructions is a public agent which periodically broadcasts self-authenticated time information, called a time token. A time token contains absolute time information such as “08:09AM Dec. 1, 2005 GMT.” A sender encrypts a message so that a receiver of the ciphertext can generate a decryption key from a time token of the designated release time. Although the constructions have many advantages, resilience to missing time tokens is not still satisfactory since a time token can be used only for computing a decryption key of the corresponding time. A promising approach is to construct decryption keys so that a decryption key (e.g., of 08:09AM) can be computed not only from the corresponding time token but also from decryption keys of later time instants (e.g., 08:10AM, 08:11AM and so on). A trivial construction to realize such backward recovery is to use keys, which constitute a hash chain, for encrypting messages and encrypt these keys by using the timed-release encryption scheme. This construction is simple but requires the overhead of encryption. To reduce the overhead, this paper introduces a timed-release key management scheme in which decryption keys are related so that the backward property is provided. The feature is that a sender can choose freely and flexibly the time instants of which decryption keys have the backward property. The paper also gives an efficient construction based on a bilinear map.


Time Server Hash Function Time Instant Previous Construction Hash Chain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Goldwasser, S.: Encapsulated Key-Escrow. MIT LCS Tech. Report MIT/LCS/TR-688 (1996)Google Scholar
  2. 2.
    Boneh, D., Boyen, X.: Short Signatures without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Blake, I.F., Chan, A.C.-F.: Scalable, Server-Passive, User Anonymous Timed Release Public Key Encryption from Bilinear Pairing (2004),
  4. 4.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Naor, M.: Timed Commitments (extended abstract). In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Goldwasser, S., Bellare, M.: Lecture Notes on Cryptography (2001),
  8. 8.
    Garay, J., Jakobsson, M.: Timed Release of Standard Digital Signatures. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 168–182. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Garay, J., Pomerance, C.: Timed Fair Exchange of Standard Signatures. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 190–207. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Hwang, Y.H., Yum, D.H., Lee, P.J.: Timed-Release Encryption with Pre-open Capability and Its Application to Certified E-mail System. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 344–358. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Mao, W.: Timed-Release Cryptography. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 342–357. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    May, T.: Timed-Release Crypto (1992),
  13. 13.
    Mont, M.C., Harrison, K., Sadler, M.: The HP Time Vault Service: Innovating the Way Confidential Information is Disclosed at the Right Time. HP Lab. Report HPL-2002-243 (2002)Google Scholar
  14. 14.
    Mitsunari, S., Sakai, R., Kasahara, M.: A New Traitor Tracing. IEICE Trans. Fundamentals E85-A(2), 481–484 (2002)Google Scholar
  15. 15.
    Nali, D., Adams, C., Miri, A.: Time-Based Release of Confidential Information in Hierachical Settings. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 29–43. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Osipkov, I., Kim, Y., Cheon, J.H.: New Approaches to Timed-Release Cryptography (2004),
  17. 17.
    Pederson, T.P.: A Threshold Cryptosystem without a Trusted Party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  18. 18.
    Rivest, R.L., Shamir, A., Wagner, D.A.: Time-Lock Puzzles and Timed-Release Crypto. MIT LCS Tech. Report MIT/LCS/TR-684 (1996)Google Scholar
  19. 19.
    Yoshida, M., Mitsunari, S.: A Time-Capsule Encryption. the IPAX Autumn 2004 (oral presentation) (in Japanese) (2004),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Maki Yoshida
    • 1
  • Shigeo Mitsunari
    • 2
  • Toru Fujiwara
    • 1
  1. 1.Osaka UniversityOsakaJapan
  2. 2.u10 NetworksTokyoJapan

Personalised recommendations