New patent: Auto-escrowable and auto-certifiable cryptosystems with fast key generation
Patent 6,243,466, granted june 5. 2001. Auto-escrowable and auto-certifiable cryptosystems with fast key generation Abstract A method is provided for an escrow cryptosystem that is overhead-free, does not require a cryptographic tamper-proof hardware implementation (i.e., can be done in software), is publicly verifiable, and cannot be used subliminally to enable a shadow public key system. A shadow public key system is an unescrowed public key system that is publicly displayed in a covert fashion. The keys generated by the method are auto-recoverable and auto-certifiable (abbrev. ARC). The ARC Cryptosystem is based on a key generation mechanism that outputs a public/private key pair, and a certificate of proof that the key was generated according to the algorithm. Each generated public/private key pair can be verified efficiently to be escrowed properly by anyone. The verification procedure does not use the private key. Hence, the general public has an efficient way of making sure that any given individual's private key is escrowed properly, and the trusted authorities will be able to access the private key if needed. Since the verification can be performed by anyone, there is no need for a special trusted entity, known in the art as a "trusted third party". Furthermore, the system is designed so that its internals can be made publicly scrutinizable (e.g., it can be distributed in source code form). This differs from many schemes which require that the escrowing device be tamper-proof hardware. The system has a novel feature that the system parameters can be generated very efficiently and at the same time provide a very high level of security. Another novel feature is a method for making the certificates of recoverability publishable. The system is applicable for law-enforcement, file systems, e-mail systems, certified e-mail systems, and any scenario in which public key cryptography can be employed and where private keys or information encrypted under public keys need to be recoverable. http://164.195.100.11/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1='6,243,466'.WKU.&OS=PN/6,243,466&RS=PN/6,243,466 -- EOT
On Sat, Jun 09, 2001 at 08:44:04PM +0200, Bo Elkjaer wrote:
Patent 6,243,466, granted june 5. 2001.
Auto-escrowable and auto-certifiable cryptosystems with fast key generation
[snip]
So, anyone know if this is any good? -Robin -- http://www.digitalkingdom.org/~rlpowell/ BTW, I'm male, honest. le datni cu djica le nu zifre .iku'i .oi le so'e datni cu to'e te pilno je xlali -- RLP http://www.lojban.org/
On Fri, 15 Jun 2001, Robin Lee Powell wrote:
So, anyone know if this is any good?
There was a paper on a similar topic in this year's ASIACRYPT from the same authors. I have *not* reviewed the patent yet to see if the claimed techniques are the same as that paper. The paper seems to work; it's based on a cute technique involving what they call "double-decker exponentiation." Instead of working with g^x, you work with g1^(g2^x). They use this to perform what could be called "RSA in the exponent" and leverage this to acheive the claimed signature-only property. Double-decker exponentiation is interesting in its own right, too. One of the sections in their paper note that after too many signatures, the scheme could leak a "shadow" public key. The signatures were needed to solve a system of simultaneous equations; it made me wonder how a lattice reduction algorithm would fare in practice. I apologize for being so imprecise here, but the paper is at http://link.springer-ny.com/link/service/series/0558/bibs/1976/19760097.htm -David
participants (3)
-
Bo Elkjaer
-
dmolnar
-
Robin Lee Powell