Key Escrow Protocol Based on a Tripartite Authenticated Key Agreement and Threshold Cryptography

Wang, Zhen; Ma, Zhiliang; Si, Luo; Gao, Hongmin

doi:10.1109/access.2019.2946874

Cited by 8 publications

(3 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…LIKE also provides much stronger guarantees than key-escrow [37,21,7,44,40,10,18,34,32,33,26,35,41,38,19]: we can handle malicious authority input; we fine-grain exceptional opening so that it only holds for one session at a time; we allow authorities to remain offline at all times except for exceptional opening; we minimize storage and computational costs for users and authorities; we have no central key-generation authority which knows all secret keys; and we guarantee the new properties of non-frameability and honest operator, which are tailored to the LI requirements analyzed above. In return, our use-case is narrower than typically considered in key-escrow: by considering the case of mobile communications, we can safely assume that parties always use the operator as a proxy, unlike in generic key-escrow settings.…”

Section: Related Workmentioning

confidence: 99%

How to (Legally) Keep Secrets from Mobile Operators

Arfaoui

Blazy

Bultel

et al. 2021

Computer Security – ESORICS 2021

View full text Add to dashboard Cite

Secure-channel establishment allows two endpoints to communicate confidentially and authentically. Since they hide all data sent across them, good or bad, secure channels are often subject to mass surveillance in the name of (inter)national security. Some protocols are constructed to allow easy data interception . Others are designed to preserve data privacy and are either subverted or prohibited to use without trapdoors. We introduce LIKE, a primitive that provides secure-channel establishment with an exceptional, session-specific opening mechanism. Designed for mobile communications, where an operator forwards messages between the endpoints, it can also be used in other settings. LIKE allows Alice and Bob to establish a secure channel with respect to n authorities. If the authorities all agree on the need for interception, they can ensure that the session key is retrieved. As long as at least one honest authority prohibits interception, the key remains secure; moreover LIKE is versatile with respect to who learns the key. Furthermore, we guarantee non-frameability: nobody can falsely incriminate a user of taking part in a conversation; and honest-operator: if the operator accepts a transcript as valid, then the key retrieved by the authorities is the key that Alice and Bob should compute. Experimental results show that our protocol can be efficiently implemented.

show abstract

Section: Related Workmentioning

confidence: 99%

How to (Legally) Keep Secrets from Mobile Operators

Arfaoui

Blazy

Bultel

et al. 2021

Computer Security – ESORICS 2021

View full text Add to dashboard Cite

show abstract

“…We provide stronger guarantees than typical key-escrow [19,12,4,23,21,6,10,17,15,16,13,18,22,20,11]. First, our chosen use-case (mobile communications) obliges participants to communicate via two serving networks which can now vouchsafe for Alice's and Bob's protocol-compliance.…”

Section: Introductionmentioning

confidence: 99%

Pairing-free secure-channel establishment in mobile networks with fine-grained lawful interception

Bultel¹,

Onete

2022

Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing

View full text Add to dashboard Cite

Modern-day mobile communications allow users to connect from any place, at any time. However, this ubiquitous access comes at the expense of their privacy. Currently, the operators providing mobile service to users learn call-and SMS-metadata, and even the contents of those exchanges. A main reason behind this is the Lawful-Interception (LI) requirement, by which serving networks must provide this (meta-)data to authorities, given a warrant. At ESORICS 2021, Arfaoui et al. pioneered a primitive called Lawful-Interception Key-Exchange, which achieves the best of both worlds: (provably) privacy-enhanced communications, and finegrained fine-grained, limited access to user data. Their work had two important shortcomings. First, their protocol required pairings which, while sufficiently efficient, might not always be available in the mobile setting. More importantly, that scheme was only applicable in a domestic setting, where the concerned users (Alice and Bob) were subject to the same LI authorities. The case of roaming was left as an open question. In this paper we answer that open question. We extend the framework of Arfaoui et al. to allow Alice and Bob (now subject to potentially two sets of authorities) to establish a secure channel that guarantees the strong properties afforded by the LIKE schemes of ESORICS 2021. Our construction is pairing-free, faster than that of Arfaoui et al., and its security relies on standard assumptions.

show abstract

“…On the application side, Key-Escrow (KE) and Key-Recovery (KR) [13,18,23,24] schemes deal with the capability of an authority to decrypt the messages exchanged between two users by recovering their secret key. Some works deal with KR mechanisms for lawful interception [1,13,24], where a set of authorities has to collude to open an encrypted phone conversation between two users. As in APOPKE, the security model ensures that the recovered conversation is the same as the exchanged one.…”

Section: Introductionmentioning

confidence: 99%

CCA Secure A Posteriori Openable Encryption in the Standard Model

Bultel

2022

Topics in Cryptology – CT-RSA 2022

View full text Add to dashboard Cite

A Posteriori Openable Public Key Encryptions (APOPKE) allow any user to generate a constant-size key that decrypts the messages they have sent over a chosen period of time. As an important feature, the period can be dynamically chosen after the messages have been sent. This primitive was introduced in 2016 by Bultel and Lafourcade. They also defined the Chosen-Plaintext Attack (CPA) security for APOPKE, and designed a scheme called GAPO, which is CPA secure in the random oracle model. In this paper, we formalize the Chosen-Ciphertext Attack (CCA) security for APOPKE, then we design a scheme called CHAPO (for CHosen-ciphetext attack resistant A Posteriori Openable encryption), and we prove its CCA security in the standard model. CHAPO is approximately twice as efficient as GAPO and is more generic. We also give news applications, and discuss the practical impact of its CCA security.

show abstract

Key Escrow Protocol Based on a Tripartite Authenticated Key Agreement and Threshold Cryptography

Cited by 8 publications

References 37 publications

How to (Legally) Keep Secrets from Mobile Operators

How to (Legally) Keep Secrets from Mobile Operators

Pairing-free secure-channel establishment in mobile networks with fine-grained lawful interception

CCA Secure A Posteriori Openable Encryption in the Standard Model

Contact Info

Product

Resources

About