This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ncies, XORs them together, decrypts the session key, and then uses the session key to decrypt the message traffic. There are more complications to make this scheme work in the face of cheaters; see Section 24.16 for details. The same thing can be done in software, using publickey cryptography [77, 1579, 1580, 1581]. Micali calls his idea fair cryptosystems [1084, 1085]. (The U.S. government reportedly paid Micali $1, 000, 000 for the use of his patents [1086, 1087] in their Escrowed Encryption Standard; Banker’s Trust then bought Micali’s patent.) In these cryptosystems, the private key is broken up into pieces and distributed to different authorities. Like a secret sharing scheme, the authorities can get together and reconstruct the private key. However, the pieces have the additional property that they can be individually verified to be correct, without reconstructing the private key. Alice can create her own private key and give a piece to each of n trustees. None of these trustees can recover Alice’s private key. However, each trustee can verify that his piece is a valid piece of the private key; Alice cannot send one of the trustees a randombit string and hope to get away with it. If the courts authorize a wiretap, the relevant law enforcement authorities can serve a court order on the n trustees to surrender their pieces. With all n pieces, the authorities reconstruct the private key and can wiretap Alice’s communications lines. On the other hand, Mallory has to corrupt all n trustees in order to be able to reconstruct Alice’s key and violate her privacy. Here’s how the protocol works: (1) Alice creates her privatekey/publickey key pair. She splits the private key into several public pieces and private pieces. (2) Alice sends a public piece and corresponding private piece to each of the trustees. These messages must be encrypted. She also sends the public key to the KDC. (3) Each trustee, independently, performs a calculation on its public piece and its private piece to confirm that they are cor...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details