JntroductionIn information based systems, the integrity of the information (from unauthorized scrutiny or disclosure, manipulation or alteration, forgery, false dating, etc.) is commonly provided for by requiring operation(s) on the information that one or more of the participants, who know some private piece(s) of information not known to all of the other participants, can carry out but which (probably) can't be carried out by anyone who doesn't know the private information. Encryption/decryption in a single key cryptoalgorithm is a paradigm of such an operation, with the key being the private (secret) piece of information. Although it is implicit, it is almost never stated explicitly that in a single-key cryptographic communications link, the transmitter and the receiver must unconditionally trust each other since either can do anything that the other can. a system are trustworthy, so long as there exists at least one identified unconditionally trustworthy element (individual or device), it is generally possible to devise protocols to transfer trust from this element to other elements of Unknown trustworthiness to make it possible for users to trust the integrity of the information in the system even though they may not trust all of the elements. A paradigm for such a protocol is the cryptographic key distribution system described in ANSI X9.17 which makes it possible for Even if it can't be assumed that all of the elements in S. Goldwasser (Ed.): Advances in Cryptology