Effort-Release Public-Key Encryption from Cryptographic Puzzles
Timed-release cryptography addresses the problem of “sending messages into the future”: a message is encrypted so that it can only be decrypted after a certain amount of time, either (a) with the help of a trusted third party time server, or (b) after a party performs the required number of sequential operations. We generalise the latter case to what we call effort-release public key encryption (ER-PKE), where only the party holding the private key corresponding to the public key can decrypt, and only after performing a certain amount of computation which may or may not be parallelisable. Effort-release PKE generalises both the sequential-operation-based timed-release encryption of Rivest, Shamir, and Wagner, and also the encapsulated key escrow techniques of Bellare and Goldwasser. We give a generic construction for ER-PKE based on the use of moderately hard computational problems called puzzles. Our approach extends the KEM/DEM framework for public key encryption by introducing a difficulty notion for KEMs which results in effort-release PKE. When the puzzle used in our generic construction is non-parallelisable, we recover timed-release cryptography, with the addition that only the designated receiver (in the PKE setting) can decrypt.
Keywordspuzzles difficulty timed-release encryption key escrow
Unable to display preview. Download preview PDF.
- 1.Bellare, M., Goldwasser, S.: Encapsulated key escrow. Technical Report 688, MIT Laboratory for Computer Science (April 1996), http://cseweb.ucsd.edu/~mihir/papers/escrow.html
- 2.Bellare, M., Goldwasser, S.: Verifiable partial key escrow. In: Graveman, R., Janson, P.A., Neumann, C., Gong, L. (eds.) ACM CCS, pp. 78–91. ACM (1997)Google Scholar
- 9.Dwork, C., Naor, M.: Pricing via Processing or Combatting Junk Mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)Google Scholar
- 10.Juels, A., Brainard, J.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: Proc. Network and Distributed System Security Symposium (NDSS) 1999, pp. 151–165. Internet Society (1999)Google Scholar
- 12.Rangasamy, J., Stebila, D., Boyd, C., Gonzalez Nieto, J.: An integrated approach to cryptographic mitigation of denial-of-service attacks. In: Sandhu, R., Wong, D.S. (eds.) Proc. 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2011, pp. 114–123. ACM (2011), http://eprints.qut.edu.au/41285/
- 13.Rangasamy, J., Stebila, D., Boyd, C., Gonzalez Nieto, J., Kuppusamy, L.: Efficient modular exponentiation-based puzzles for denial-of-service protection. In: Proc. International Conference on Information Security and Cryptology (ICISC 2011). LNCS, Springer, Heidelberg (2011) (to appear), http://eprints.qut.edu.au/47894/ Google Scholar
- 14.Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto. Technical Report TR-684, MIT Laboratory for Computer Science (March 1996), http://people.csail.mit.edu/rivest/RivestShamirWagner-timelock.pdf
- 15.Shoup, V.: A proposal for an ISO standard for public key encryption (version 2.1). manuscript (2001), http://shoup.net/papers
- 16.Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Technical report (2004), http://eprint.iacr.org/2004/332
- 17.Stebila, D., Kuppusamy, L., Rangasamy, J., Boyd, C., Gonzalez Nieto, J.: Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 284–301. Springer, Heidelberg (2011), http://eprints.qut.edu.au/40036/ CrossRefGoogle Scholar