Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Recovery and Secret Sharing -- Towards balancing the interests of individuals and those of governments --

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Key Recovery and Secret Sharing -- Towards balancing the interests of individuals and those of governments --"— Presentation transcript:

1 Key Recovery and Secret Sharing -- Towards balancing the interests of individuals and those of governments --

2 2 Outline n the need of balance between the interests of individuals and those of governments n key escrow as a possible solution n controversy over key escrow n commercial key escrow (a positive use of key escrow) n secret sharing

3 3 Use & Abuse of encryption n Proper use: çprotects privacy of individuals çprotects commercial interests of companies n Abuse: çorganised crimes (s.a. drug trafficking) çfraud and corruption çterrorism ç......

4 4 Conflict of interests n individuals’ freedom of speech & communications v.s. n needs of law enforcement

5 5 Different directions n Banning cryptography, i.e., the use of encryption is prohibited. çlaw enforcement is happy, but individuals are not n Free and un-controlled use of encryption çindividuals are happy, but law enforcement may be in trouble

6 6 Spectrum of crypto-usage Total ban of encryption Free use of encryption ?

7 7 US proposal n Key escrow was proposed by US government in 1993 as “something in between”, with the aim to balance between the interests of individuals and those of governments

8 8 Basic idea behind the proposal n Individuals (and companies) are allowed to use encryption n But, keys used by a individual must be available to law enforcement when they wish to monitor the individual’s communications

9 9 “Escrow” 1. n. written legal engagement to do something, kept in third person’ custody until some condition has been fulfilled; money or good so kept; 2. v.t. place in escrow

10 10 Key escrow n A key used by an individual is “split into two halves” n One half is stored in Escrow Agency A n The other half is stored in Escrow Agency B n Both agencies are organisations independent of governments

11 11 Key escrow (2) n When police wish to monitor an individual’s communications, they first obtain a court order from judges (the court system) n Police then present the court order çto Escrow Agency A to obtain the 1st half of the individual’s key çto Escrow Agency B to obtain the 2nd half of the individual’s key

12 12 Key escrow (3) n Now police can put the 2 halves together and get the individual’s key n With the key in their hands, police can now monitor all communications of the individual

13 13 Escrowed key E Network or Storage Plain Text Cipher Text D Original Plain Text Bob Secret Key Alice Secret Key Escrow Agency A Escrow Agency B

14 14 Analogue n you are allowed to lock your door n but you have to leave a copy of your key, half of which is kept by Locksmith A and the other half by Locksmith B n When police wish to break into your home, they get a court order with which they can get the two halves of the copy and hence your key

15 15 Controversy n does it really work ? çhow about double encryption by a “bad” guy ? çwhat happens if Escrow Agencies A and B conspire çhow do governments trust each other ? n where is freedom of individuals ? çdoes a government have the right to intrude into individuals’ privacy ? çother implications ?

16 16 A positive use of key escrow n Encrypted data become useless if the key is lost or forgotten ! çHave you ever forgotten your password ? n To prevent loss of corporate information, a company can build a company-wide “key escrow” system çQuestion: HOW ? (hint: no police or court system is involved in this case.)

17 17 How to “split” a user key n bad way(s): çK = K a K b, K a is kept by Escrow Agency A, K b is kept by Escrow Agency B n good ways:  K = K1 XOR K2, K1 is kept by Escrow Agency A, K2 is kept by Escrow Agency B çsecret sharing schemes

18 18 An exercise & a question n an exercise çHow to “split” a key if there are 3 or more escrow agencies ? n In the above discussions, all agencies have to be consulted in order to recover a key. An important question: çIs it possible to design a system so that some of the agencies, say 4 out of 5, can recover a key ?

19 19 Secret sharing in a bank n a real world problem: çA bank branch has a safe and 3 senior tellers. çThe safe can be opened only by senior tellers, but they do not trust each other. çCan we design a system for the branch whereby any 2 of the 3 senior tellers together can open the safe, but NO individual teller can do so.

20 20 (t,n)-threshold secret sharing n Consider a group of n participants (=people). Let t <= n. n A (t,n)-threshold secret sharing scheme is a method of sharing a key K among n participants, such that çany t or more participants from the group can recover the key K, and çany t-1 or less participants from the group can NOT do so.

21 21 Real world problems n bank branch çto design a (2,3)-threshold secret sharing n key escrow agency ç(2,2)-threshold secret sharing çmore generally, (t,n)-threshold secret sharing. E.g. (4,5)-threshold secret sharing n millionaire’s will ça millionaire with 8 children of which 5 of them are there when the will is read.

22 22 Shamir’s (t,n)-threshold scheme n Key disposing --- by the dealer çinitialisation çdistributing a share to each of the n participants in the group n Key recovery --- by participants çgathering shares from t participants çreconstructing the key from the t shares

23 23 Shamir (3,5)-threshold scheme n Assume that K=13 is a key. n Initially the only person who knows K=13 is the dealer ! n The aim is to construct a threshold scheme so that 3 our of the 5 participants can recover the key K. n Parameters: çK=13, t=3, n=5

24 24 Key Disposal -- by dealer n Initialisation çchooses a prime p > K & p > n+1. Say p = 17. çchooses 2 (=t-1) random non-zero integers [1,...,p-1], i.e., [1,...,16]. Assume that the following are chosen: la 1 = 10 la 2 = 2  Form a polynomial of degree t-1: p(x) =K + a 1 *x + a 2 *x 2 =13 + 10*x + 2*x 2

25 25 Key disposal -- by dealer n Share distribution çfor Participant 1 l p(1) =13 + 10*1 + 2*1 2 = 8 (mod 17 ) l gives 8 to Participant 1 as his share çfor Participant 2 l p(2) =13 + 10*2 + 2*2 2 = 7 (mod 17 ) l gives 7 to Participant 2 as his share çfor Participant 3 l p(3) =13 + 10*3 + 2*3 2 = 10 (mod 17 ) l gives 10 to Participant 3 as his share

26 26 Key disposal-- by dealer çfor Participant 4 l p(4) =13 + 10*4 + 2*4 2 = 0 (mod 17 ) l gives 0 to Participant 4 as his share çfor Participant 5 l p(5) =13 + 10*5 + 2*5 2 = 11 (mod 17 ) l gives 11 to Participant 5 as his share

27 27 Key recovery -- by 3 participants n Assume that 3 participants, say Participants 1, 3 and 5 decide to recover the key K. n Share gathering çthe 3 participants put together their shares, namely 3 numbers 8, 10, 11

28 28 Key recovery -- by 3 participants n Key reconstruction  solve the following equations K + a 1 * 1 + a 2 * 1 2 = 8 (mod 17) K + a 1 * 3 + a 2 * 3 2 = 10 (mod 17) K + a 1 * 5 + a 2 * 5 2 = 11 (mod 17)  the result a 1 = 10 a 2 = 2 K = 13 n K = 13 is indeed the key !

29 29 Questions n With the the (3,5)-threshold scheme çCan 2 or less participants recover the key K ? çWhat if more than 3 participants wish to recover the key ?

30 30 The Dealer n The dealer has to be honest ! çcan be a person trusted by all participants. çcan also be a dedicated program which erases all relevant information on the key K after the shares are distributed successfully.

31 31 Combination Lock n Assume that a key K is a 4-digit number, i.e., K is in [0000,…,9999] n Initially the only person who knows the key K is the dealer! n Construct a Shamir(2.6)-threshold scheme so that 2 out of the 6 participants can recover the key K. n Hint: choose a 5 digit prime number (say 10007)!

32 32 Escrowing DES keys n Assume that a key is a 56-bits DES key (abut 17 digits) n Initially the only person who knows the key is the dealer! n Construct a Shamir(5.10)-threshold scheme so that 5 out of 10 escrow agencies can recover the key K. n Hine: choose a prime number > 2 56 !

Download ppt "Key Recovery and Secret Sharing -- Towards balancing the interests of individuals and those of governments --"

Similar presentations

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Information Assurance Management Key Escrow Digital Cash Week 12-1.

Information Assurance Management Key Escrow Digital Cash Week 12-1.
Interlock Protocol - Akanksha Srivastava 2002A7PS589.

Interlock Protocol - Akanksha Srivastava 2002A7PS589.
Ch12. Secret Sharing Schemes

Ch12. Secret Sharing Schemes
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
Key Escrow System “like leaving your key with a neighbour in case of an emergency” 10-11-2009 SSIN – MIEIC Micael Fernando Fonseca Oliveira.

Key Escrow System “like leaving your key with a neighbour in case of an emergency” SSIN – MIEIC Micael Fernando Fonseca Oliveira.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
SCB – A Secret Sharing Program Brian M. Fleming Laurence T. Grant.

SCB – A Secret Sharing Program Brian M. Fleming Laurence T. Grant.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Secret Sharing Algorithms

Secret Sharing Algorithms
Lattice Based Attacks on RSA. 2004/9/22Lattice Based Attacks on RSA2 Outline Lattices and Lattice reduction Lattice Based Attacks on RSA Hastad ’ s Attack.

Lattice Based Attacks on RSA. 2004/9/22Lattice Based Attacks on RSA2 Outline Lattices and Lattice reduction Lattice Based Attacks on RSA Hastad ’ s Attack.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Similar presentations

Ads by Google