Failsafe key escrow system
First Claim
1. A method of generating cryptographic keys for use in securing communications among users in a cryptosystem having an authority and a plurality of trustees, where trustees must cooperate in a predetermined manner to reveal a secret key, comprising the steps of:
- for each user, verifiably secret sharing a first seed value with the plurality of trustees, the first seed value alone being insufficient to reveal a secret key even if the trustees cooperate; and
for each user, generating a secret key by computing a given function of the first seed value associated with that user and a second seed value generated by the authority, wherein neither the user nor the authority can derive the given function from just their respective seed values.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of generating cryptographic keys to implement a Failsafe Key Escrow system. A prime modulus Q and a generator G for ZQ are publicly known. The public key PX that is escrowed for user X is GSX mod Q, where Sx is the secret key for user X. The user picks a random secret value A from [0, Q-2] and announces the value of GA mod Q to a set of trustees or a central authority. Next the user "shares" A with the trustees using a verifiable secret sharing scheme. The trustees and/or the central authority selects a random value B from the interval [0, Q-2] and they set the user'"'"'s public key to be PX =(GA)GB mod Q. The value of B is returned to the user and is escrowed with the public key for X. The value of B is not released to the public. The user'"'"'s then sets his secret key to be SX =A+B mod (Q-1).
-
Citations
10 Claims
-
1. A method of generating cryptographic keys for use in securing communications among users in a cryptosystem having an authority and a plurality of trustees, where trustees must cooperate in a predetermined manner to reveal a secret key, comprising the steps of:
-
for each user, verifiably secret sharing a first seed value with the plurality of trustees, the first seed value alone being insufficient to reveal a secret key even if the trustees cooperate; and for each user, generating a secret key by computing a given function of the first seed value associated with that user and a second seed value generated by the authority, wherein neither the user nor the authority can derive the given function from just their respective seed values. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In a cryptosystem having a plurality of users, one or more trustees and a central authority, where the one or more trustees and the authority cooperate under predetermined circumstances to reveal a secret key, an improved method for generating and using cryptographic keys, comprising the unordered steps of:
-
for each user, generating a first seed value, shares of which are provided to the trustees so that the first seed value can be reconstructed if the trustees reveal their shares; having the authority generate a second seed value; and for each user, generating a secret key by computing a given function of the first seed value and the second seed value generated by the authority, wherein the given function cannot be derived from just the first seed value or from just the second seed value; for each user, generating a public key for the secret key; encrypting at least one message using a key derived according to a publicly-known process from the public key; and having the authority and the trustees cooperate under a predetermined circumstance to reconstruct the secret key to thereby decrypt the message.
-
-
7. A method of securing communications among users in a cryptosystem having a plurality of trustees, comprising the unordered steps of:
-
for each user, verifiably secret sharing a first seed value with the plurality of trustees; for each user, generating a secret key by computing a given function of the first seed value associated with that user and a second seed value, wherein the user cannot derive the given function from just the first seed value; for each user, escrowing a public key associated with that user; upon a predetermined occurrence, having a sufficient number of trustees cooperate to reveal the first seed value associated with a suspect user to enable reconstruction of that user'"'"'s secret key; and having the authority use the reconstructed secret key and the public key of the suspect user to monitor communications. - View Dependent Claims (8, 9, 10)
-
Specification