Abstract
The definition of robust threshold key escrow scheme (RTKES) is proposed. Namely, in RTKES, malice escrow agency fail to obtain the system secret key or user's secret key, even if the number of malice escrow agency is more than or equal to the value of threshold. Clearly, the problem of user's secret key completely depends on the trusted escrow agency is solved if RTKES exists. It is proved that the RTKES does exist, and some concrete designs of two classes of RTKES are given. In these schemes, the problem of 'once monitor, monitor for ever' is solved effectively, every escrow agency can verify correctness of the secret shadow that the escrows during secret shadow distribution and monitor agency can exactly decide which escrow agency forges or tampers secret shadow during monitor procedure. Since the proposed RTKES is also threshold key escrow scheme, when an escrow agency or few agencies is not cooperating, monitor agency can easily reconstruct session key to monitor as long as there are other k effective escrow agencies. In addition, it also resists against LEAF feedback attack.
| Original language | English |
|---|---|
| Pages (from-to) | 1164-1171 |
| Number of pages | 8 |
| Journal | Ruan Jian Xue Bao/Journal of Software |
| Volume | 14 |
| Issue number | 6 |
| State | Published - Jun 2003 |
| Externally published | Yes |
Keywords
- ElGamal cryptosystem
- Escrow agent
- Improved RSA cryptosystem
- Key escrow
- Monitor
- Robustness
- Threshold scheme