On Solutions to the Key Escrow Problem
The first part of this paper is devoted to explaining what key escrow is and why it exists, and attempts to put it into a historical context. The subsequent focus is primarily on key escrow schemes which will work in an international environment. The possibility of using conventional key distribution techniques to provide key escrow services in an international context is first considered, and the associated problems are explored. The “Royal Holloway” (RH) key escrow scheme is then described in a way which is intended to clarify and motivate its design, and the properties of this scheme and some related schemes are considered.
Unable to display preview. Download preview PDF.
- 1.D.M. Balenson, C.M. Ellison, S.B. Lipner, and S.T. Walker. A new approach to software key escrow encryption. Draft, August 1994. Trusted Information Systems, 3060 Washington Rd., Glenwood, MD.Google Scholar
- 2.M. Bellare and S. Goldwasser. Encapsulated key escrow. Technical Report 688, MIT Laboratory for Computer Science, April 1996.Google Scholar
- 3.M. Bellare and S. Goldwasser. Verifiable partial key escrow. In Proceedings of the 4th Annual ACM Conference on Computer and Communications Security, 1997.Google Scholar
- 4.M. Bellare and R.L. Rivest. Translucent cryptography — An alternative to key escrow, and its implementation via fractional oblivious transfer. Technical Report 683, MIT Laboratory for Computer Science, February 1996.Google Scholar
- 5.L. Chen, D. Gollmann, and C.J. Mitchell. Key escrow in mutually mistrusting domains. In M. Lomas, editor, Security Protocols-International Workship, Cambridge, UK, April 1996, pages 139–153. Springer-Verlag LNCS 1189, 1997.Google Scholar
- 6.L. Chen and C.J. Mitchell. Key escrow in multiple domains. In Proceedings of INFOSEC'COM 97, Paris, June 1997. To appear.Google Scholar
- 7.D.E. Denning. Descriptions of key escrow systems, February 1997. See: http://www.cs.georgetown.edu/~denning/crypto.
- 8.D.E. Denning and D.K. Branstad. A taxonomy for key escrow encryption systems. Communications of the ACM, 39(3):34–40, March 1996.Google Scholar
- 10.Y. Frankel and Moti Yung. Escrow encryption systems visited: Attacks, analysis and designs. In D. Coppersmith, editor, Advances in Cryptology: CRYPTO ‘95, pages 222–235. Springer-Verlag LNCS 963, 1995.Google Scholar
- 11.IBM. IBM SecureWay key recovery technology, 1997. See ftp://service2.boulder.ibm.com/software/icserver/doc/keyrec.pdf.
- 12.International Organization for Standardization, Genéve, Switzerland. ISO/IEC 9798-2, Information technology-Security techniques-Entity authentication-Part 2: Mechanisms using symmetric encipherment algorithms, December 1994.Google Scholar
- 13.International Organization for Standardization, Genève, Switzerland. ISO/IEC 11770-2, Information technology-Security techniques-Key management-Part 2: Mechanisms using symmetric techniques, 1996.Google Scholar
- 14.N. Jefferies, C.J. Mitchell, and M. Walker. Trusted Third Party based key management allowing warranted interception. In Proceedings: Public Key Infrastructure Invitational Workshop, MITRE, McLean, Virginia, USA, September 1995. National Institute of Standards and Technology, 1995.Google Scholar
- 15.N. Jefferies, C.J. Mitchell, and M. Walker. Practical solutions to key escrow and regulatory aspects. In Proceedings of Public Key Solutions ‘96, Zurich, September 1996.Google Scholar
- 16.N. Jefferies, C.J. Mitchell, and M. Walker. A proposed architecture for trusted third party services. In E. Dawson and J. Golic, editors, Cryptography: Policy and Algorithms-Proceedings: International Conference, Brisbane, Australia, July 1995, pages 98–104. Springer-Verlag LNCS 1029, 1996.Google Scholar
- 17.L.R. Knudsen. Key escrow schemes — properties and options: New schemes for warranted interception, 1996. Preprint.Google Scholar
- 18.A.K. Lenstra, P. Winkler, and Y. Yacobi. A key escrow system with warrant bounds. In D. Coppersmith, editor, Advances in Cryptology-CRYPTO ‘95, pages 197–207. Springer-Verlag LNCS 963, 1995.Google Scholar
- 19.NIST. Escrowed Encryption Standard (EES). Federal Information Processing Standards Publication (FIPS PUB) 185, 1994.Google Scholar
- 20.US Interagency Working Group on Cryptographic Policy. Enabling privacy, commerce, security and public safety in the global information infrastructure. See http://www.cdt.org/crypto/clipperIII, 17th May 1996.
- 21.A. Shamir. Partial key escrow: A new approach to software key escrow. The Weizmann Institute, presentation at NIST Key Escrow meeting, Sept. 15 1995.Google Scholar
- 22.E.R. Verheul, B.-J. Koops, and H.C.A. van Tilborg. Binding cryptography. A fraud-detectible alternative to key-escrow proposals. Computer Law and Security Report, pages 3–14, January-February 1997.Google Scholar
- 23.E.R. Verheul and H.C.A. van Tilborg. Binding Elgamal: a fraud-detectable alternative to key-escrow proposals, 1997. To be presented at Eurocrypt ‘97.Google Scholar
- 24.S.T. Walker, S.B. Lipner, C.M. Ellison, and D.M. Balenson. Commercial key recovery. Communications of the ACM, 39(3):41–47, March 1996.Google Scholar