article

Free access

How to break fraud-detectable key recovery

Authors:

Birgit Pfitzmann,

Michael WaidnerAuthors Info & Claims

ACM SIGOPS Operating Systems Review, Volume 32, Issue 1

Pages 23 - 28

https://doi.org/10.1145/280559.280563

Published: 01 January 1998 Publication History

PDF eReader

Abstract

Fraud detection for software key recovery schemes means that, without knowing the session key, a third party can verify whether the correct session key could be recovered. This concept and a construction by so-called binding data was introduced by Verheul et al. at Eurocrypt '97 to provide for dishonest users that make simple modifications to messages, e.g., delete the key recovery information, and manipulate the recipient's software such that it decrypts messages even if the key recovery information is incorrect.We show how to break their general construction within their model, in particular without using any other encryption system or any pre-established shared secrets.We conclude that the concept of binding data does not improve the security of software key recovery but illustrates once more its fundamental problem: it does not improve an authorized third party's ability to eavesdrop on serious criminals.

References

[1]

AABB_97 H. Abelson, R. Anderson, S. M. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, P. G. Neumann, R. L. Rivest, J. I. Schiller, B. Schneier: The Risk of Key Recovery, Key Escrow, and Trusted Third-Party Encryption; The World Wide Web Journal 2/3 (1997) 241-257.

Digital Library

Google Scholar

[2]

Desm_95 Y. Desmedt: Securing Traceability of Ciphertexts - Towards a Secure Software Key Escrow System; Eurocrypt '95, LNCS 921, Springer-Verlag, Berlin 1995, 147-157.

Digital Library

Google Scholar

[3]

FrYu_95 Y. Frankel, M. Yung: Escrow Encryption Systems Visited: Attacks, Analysis and Designs; Crypto '95, LNCS 963, Springer-Verlag, Berlin 1995, 222-235.

Digital Library

Google Scholar

[4]

KnPe_96 L.R. Knudsen, T. P. Pedersen: On the difficulty of software key escrow; Eurocrypt '96, LNCS 1070, Springer-Verlag, Berlin 1996, 237-244.

Digital Library

Google Scholar

[5]

VeTi_97 E.R. Verheul, H. C. A. van Tilborg: Binding ElGamal: A Fraud-Detectable Alternative to Key-Escrow Proposals; Eurocrypt '97, LNCS 1233, Springer-Verlag, Berlin 1997, 119-133.

Digital Library

Google Scholar

[6]

WLEB_96 S.T. Walker, S. B. Lipner, C. M. Ellison, D. M. Balenson: Commercial Key Recovery; Communications of the ACM 39/3 (1996) 41-47.

Digital Library

Google Scholar

[7]

Zimm_95 Philip R. Zimmermann: The Official PGP User's Guide; MIT Press, Cambridge 1995.

Digital Library

Google Scholar

Cited By

View all

Park J(2010)Privacy-enhanced Key Recovery in mobile communication environmentsThe Journal of Supercomputing10.1007/s11227-009-0287-454:1(82-93)Online publication date: 1-Oct-2010
https://dl.acm.org/doi/10.1007/s11227-009-0287-4
Rantos KMitchell C(2005)Matching key recovery mechanisms to business requirementsComputers and Security10.1016/j.cose.2004.08.01024:3(232-245)Online publication date: 1-May-2005
https://dl.acm.org/doi/10.1016/j.cose.2004.08.010
Viswanathan KBoyd CDawson E(2001)Hybrid Key EscrowComputers and Security10.1016/S0167-4048(02)00111-621:1(77-92)Online publication date: 1-Jan-2001
https://dl.acm.org/doi/10.1016/S0167-4048%2802%2900111-6
Show More Cited By

Recommendations

Attribute Based Key-Insulated Signatures with Message Recovery
Information and Communications Security
Abstract
In order to minimize the impact of secret signing key exposure in attribute based signature scenario, we design two attribute based key-insulated signature (ABKIS) with message recovery schemes for expressive linear secret-sharing scheme (LSSS)-...
Bandwidth-efficient attribute-based key-insulated signatures with message recovery

We propose two attribute-based key-insulated signature with message recovery (ABKIS-MR) schemes for expressive linear secret-sharing scheme-realizable access structures in key-policy framework, the first for small attribute universe and the second for ...
Key Recovery Attack on CRYSTALS-Kyber and Saber KEMs in Key Reuse Scenario
Computer Security – ESORICS 2024
Abstract
Crystals-Kyber, a key encapsulation mechanism (KEM) whose security is based on the Module-LWE problem, has recently been selected by NIST as part of its post-quantum cryptography initiative. At ASIACRYPT 2021, Qin et al. gave a method to evaluate ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGOPS Operating Systems Review

ACM SIGOPS Operating Systems Review Volume 32, Issue 1

Jan. 1998

62 pages

ISSN:0163-5980

DOI:10.1145/280559

Editor:
William M. Waite
Univ. Colorado Boulder, CO

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 January 1998

Published in SIGOPS Volume 32, Issue 1

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
314
Total Downloads

Downloads (Last 12 months)45
Downloads (Last 6 weeks)5

Reflects downloads up to 07 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Park J(2010)Privacy-enhanced Key Recovery in mobile communication environmentsThe Journal of Supercomputing10.1007/s11227-009-0287-454:1(82-93)Online publication date: 1-Oct-2010
https://dl.acm.org/doi/10.1007/s11227-009-0287-4
Rantos KMitchell C(2005)Matching key recovery mechanisms to business requirementsComputers and Security10.1016/j.cose.2004.08.01024:3(232-245)Online publication date: 1-May-2005
https://dl.acm.org/doi/10.1016/j.cose.2004.08.010
Viswanathan KBoyd CDawson E(2001)Hybrid Key EscrowComputers and Security10.1016/S0167-4048(02)00111-621:1(77-92)Online publication date: 1-Jan-2001
https://dl.acm.org/doi/10.1016/S0167-4048%2802%2900111-6
Viswanathan KBoyd CDawson E(2001)An Analysis of Integrity Services in ProtocolsProgress in Cryptology — INDOCRYPT 200110.1007/3-540-45311-3_17(175-187)Online publication date: 26-Nov-2001
https://doi.org/10.1007/3-540-45311-3_17
Kim CLee P(2001)New Key Recovery in WAKE ProtocolPublic Key Cryptography10.1007/3-540-44586-2_24(325-338)Online publication date: 5-Jun-2001
https://doi.org/10.1007/3-540-44586-2_24
Nieto JPark DBoyd CDawson E(2000)Key Recovery in Third Generation Wireless Communication SystemsPublic Key Cryptography10.1007/978-3-540-46588-1_16(223-237)Online publication date: 2000
https://doi.org/10.1007/978-3-540-46588-1_16
González Nieto JViswanathan KBoyd CDawson E(2000)Key Recovery System for the Commercial EnvironmentInformation Security and Privacy10.1007/10718964_13(149-162)Online publication date: 2000
https://doi.org/10.1007/10718964_13
Catalano DGennaro R(2000)New Efficient and Secure Protocols for Verifiable Signature Sharing and Other ApplicationsJournal of Computer and System Sciences10.1006/jcss.1999.168561:1(51-80)Online publication date: 1-Aug-2000
https://dl.acm.org/doi/10.1006/jcss.1999.1685
Viswanathan KBoyd CDawson E(1999)Strong binding for software key escrowProceedings of the 1999 ICPP Workshops on Collaboration and Mobile Computing (CMC'99). Group Communications (IWGC). Internet '99 (IWI'99). Industrial Applications on Network Computing (INDAP). Multimedia Network Systems (MMNS). Security (IWSEC). Parall10.1109/ICPPW.1999.800052(134-139)Online publication date: 1999
https://doi.org/10.1109/ICPPW.1999.800052
Schoenmakers B(1999)A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic VotingAdvances in Cryptology — CRYPTO’ 9910.1007/3-540-48405-1_10(148-164)Online publication date: 16-Dec-1999
https://doi.org/10.1007/3-540-48405-1_10
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Attribute Based Key-Insulated Signatures with Message Recovery

Bandwidth-efficient attribute-based key-insulated signatures with message recovery

Key Recovery Attack on CRYSTALS-Kyber and Saber KEMs in Key Reuse Scenario