On Solutions to the Key Escrow Problem

  • Mark P. Hoyle
  • Chris J. Mitchell
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1528)


The first part of this paper is devoted to explaining what key escrow is and why it exists, and attempts to put it into a historical context. The subsequent focus is primarily on key escrow schemes which will work in an international environment. The possibility of using conventional key distribution techniques to provide key escrow services in an international context is first considered, and the associated problems are explored. The “Royal Holloway” (RH) key escrow scheme is then described in a way which is intended to clarify and motivate its design, and the properties of this scheme and some related schemes are considered.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    D.M. Balenson, C.M. Ellison, S.B. Lipner, and S.T. Walker. A new approach to software key escrow encryption. Draft, August 1994. Trusted Information Systems, 3060 Washington Rd., Glenwood, MD.Google Scholar
  2. 2.
    M. Bellare and S. Goldwasser. Encapsulated key escrow. Technical Report 688, MIT Laboratory for Computer Science, April 1996.Google Scholar
  3. 3.
    M. Bellare and S. Goldwasser. Verifiable partial key escrow. In Proceedings of the 4th Annual ACM Conference on Computer and Communications Security, 1997.Google Scholar
  4. 4.
    M. Bellare and R.L. Rivest. Translucent cryptography — An alternative to key escrow, and its implementation via fractional oblivious transfer. Technical Report 683, MIT Laboratory for Computer Science, February 1996.Google Scholar
  5. 5.
    L. Chen, D. Gollmann, and C.J. Mitchell. Key escrow in mutually mistrusting domains. In M. Lomas, editor, Security Protocols-International Workship, Cambridge, UK, April 1996, pages 139–153. Springer-Verlag LNCS 1189, 1997.Google Scholar
  6. 6.
    L. Chen and C.J. Mitchell. Key escrow in multiple domains. In Proceedings of INFOSEC'COM 97, Paris, June 1997. To appear.Google Scholar
  7. 7.
    D.E. Denning. Descriptions of key escrow systems, February 1997. See:
  8. 8.
    D.E. Denning and D.K. Branstad. A taxonomy for key escrow encryption systems. Communications of the ACM, 39(3):34–40, March 1996.Google Scholar
  9. 9.
    W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Trans. Inform. Theory, IT-22(6): 644–654, 1976.CrossRefMathSciNetGoogle Scholar
  10. 10.
    Y. Frankel and Moti Yung. Escrow encryption systems visited: Attacks, analysis and designs. In D. Coppersmith, editor, Advances in Cryptology: CRYPTO ‘95, pages 222–235. Springer-Verlag LNCS 963, 1995.Google Scholar
  11. 11.
    IBM. IBM SecureWay key recovery technology, 1997. See
  12. 12.
    International Organization for Standardization, Genéve, Switzerland. ISO/IEC 9798-2, Information technology-Security techniques-Entity authentication-Part 2: Mechanisms using symmetric encipherment algorithms, December 1994.Google Scholar
  13. 13.
    International Organization for Standardization, Genève, Switzerland. ISO/IEC 11770-2, Information technology-Security techniques-Key management-Part 2: Mechanisms using symmetric techniques, 1996.Google Scholar
  14. 14.
    N. Jefferies, C.J. Mitchell, and M. Walker. Trusted Third Party based key management allowing warranted interception. In Proceedings: Public Key Infrastructure Invitational Workshop, MITRE, McLean, Virginia, USA, September 1995. National Institute of Standards and Technology, 1995.Google Scholar
  15. 15.
    N. Jefferies, C.J. Mitchell, and M. Walker. Practical solutions to key escrow and regulatory aspects. In Proceedings of Public Key Solutions ‘96, Zurich, September 1996.Google Scholar
  16. 16.
    N. Jefferies, C.J. Mitchell, and M. Walker. A proposed architecture for trusted third party services. In E. Dawson and J. Golic, editors, Cryptography: Policy and Algorithms-Proceedings: International Conference, Brisbane, Australia, July 1995, pages 98–104. Springer-Verlag LNCS 1029, 1996.Google Scholar
  17. 17.
    L.R. Knudsen. Key escrow schemes — properties and options: New schemes for warranted interception, 1996. Preprint.Google Scholar
  18. 18.
    A.K. Lenstra, P. Winkler, and Y. Yacobi. A key escrow system with warrant bounds. In D. Coppersmith, editor, Advances in Cryptology-CRYPTO ‘95, pages 197–207. Springer-Verlag LNCS 963, 1995.Google Scholar
  19. 19.
    NIST. Escrowed Encryption Standard (EES). Federal Information Processing Standards Publication (FIPS PUB) 185, 1994.Google Scholar
  20. 20.
    US Interagency Working Group on Cryptographic Policy. Enabling privacy, commerce, security and public safety in the global information infrastructure. See, 17th May 1996.
  21. 21.
    A. Shamir. Partial key escrow: A new approach to software key escrow. The Weizmann Institute, presentation at NIST Key Escrow meeting, Sept. 15 1995.Google Scholar
  22. 22.
    E.R. Verheul, B.-J. Koops, and H.C.A. van Tilborg. Binding cryptography. A fraud-detectible alternative to key-escrow proposals. Computer Law and Security Report, pages 3–14, January-February 1997.Google Scholar
  23. 23.
    E.R. Verheul and H.C.A. van Tilborg. Binding Elgamal: a fraud-detectable alternative to key-escrow proposals, 1997. To be presented at Eurocrypt ‘97.Google Scholar
  24. 24.
    S.T. Walker, S.B. Lipner, C.M. Ellison, and D.M. Balenson. Commercial key recovery. Communications of the ACM, 39(3):41–47, March 1996.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Mark P. Hoyle
    • 1
  • Chris J. Mitchell
    • 1
  1. 1.Information Security GroupUniversity of LondonEgham

Personalised recommendations