On the Difficulty of Software Key Escrow

Abstract

At Eurocrypt'95, Desmedt suggested a scheme which allows individuals to encrypt in such a way that the receiver can be traced by an authority having additional information. This paper shows that the proposed scheme does not have the required properties, by devising three non-specified protocols misleading the authority. We also discuss how to repair Desmedt's scheme, such that our attacks are no longer possible. However, by allowing slightly more general, but absolutely realistic attacks also this improved system can be broken. In fact, we argue that software key escrow as proposed by Desmedt will be very hard to implement as it requires that the distributed public key can only be used in few, well-defined systems. Furthermore, even if this is achieved, most applications to key distribution can be broken. 1 Introduction In key escrow systems, such as Clipper [5], it is necessary to be able to identify ciphertexts sent to a person whose messages are to be read by the authorities (given..

    Similar works

    Full text

    thumbnail-image

    Available Versions