Unformatted text preview: rect. Each trustee stores the private piece somewhere secure and sends the public piece to the KDC. (4) The KDC performs another calculation on the public pieces and the public key. Assuming that everything is correct, it signs the public key and either sends it back to Alice or posts it in a database somewhere. If the courts order a wiretap, then each of the trustees surrenders his or her piece to the KDC, and the KDC can reconstruct the private key. Before this surrender, neither the KDC nor any individual trustee can reconstruct the private key; all the trustees are required to reconstruct the key. Any publickey cryptography algorithm can be made fair in this manner. Some particular algorithms are discussed in Section 23.10. Micali’s paper [1084, 1085] discusses ways to combine this with a threshold scheme, so that a subset of the trustees (e.g., three out of five) is required to reconstruct the private key. He also shows how to combine this with oblivious transfer (see Section 5.5) so that the trustees do not know whose private key is being reconstructed. Fair cryptosystems aren’t perfect. A criminal can exploit the system, using a subliminal channel (see Section 4.2) to embed another secret key into his piece. This way, he can communicate securely with someone else using this subliminal key without having to worry about courtauthorized wiretapping. Another protocol, called failsafe key escrowing, solves this problem [946, 833]. Section 23.10 describes the algorithm and protocol. The Politics of Key Escrow
Aside from the government’s keyescrow plans, several commercial keyescrow proposals are floating around. This leads to the obvious question: What are the advantages of keyescrow for the user? Well, there really aren’t any. The user gains nothing from key escrow that he couldn’t provide himself. He can already back up his keys if he wants (see Section 8.8). Keyescrow guarantees that the police can eavesdrop on his conversations or read his data files...
View
Full Document
 Fall '10
 ALIULGER
 Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips

Click to edit the document details