Secure key issuing cryptography
Encyclopedia
Secure key issuing is variant of ID-based cryptography
that reduces the level of trust that needs to be placed in a trusted third party
by spreading the trust across multiple third parties. In addition to the normally transmitted information the user supplies what is known as "blinding" information
which can be used to blind (hide) data so that only the user can later retrieve it. The third party provides a "blinded" partial private key, which is then passed on to several other third party in order, each adding another part of the key before blinding it and passing it on. Once the user gets the key they (and only they) can unblind it and retrieve their full private key, after which point the system becomes the same as identity based cryptography.
If all of the third parties cooperate they can recover the private key, so key escrow
problems arise only if all of the third parties are untrustworthy. In other areas of information security this is known as a cascade
, if every member of the cascade is independent and the cascade is large then the system may be considered trustworthy in actual practice.
The paper below states that "Compared with certificate-based cryptography, ID-based cryptography is advantageous in key management, since key distribution and key revocation are not required." However this poses a problem in long-lived environments where an identity (such as an email address) may shift in ownership over time and old keys need to be revoked and new keys associated with that identity provided to a new party.
ID-based cryptography
ID-based encryption is an important primitive of ID-based cryptography. As such it is a type of public-key encryption in which the public key of a user is some unique information about the identity of the user...
that reduces the level of trust that needs to be placed in a trusted third party
Trusted third party
In cryptography, a trusted third party is an entity which facilitates interactions between two parties who both trust the third party; The Third Party reviews all critical transaction communications between the parties, based on the ease of creating fraudulent digital content. In TTP models, the...
by spreading the trust across multiple third parties. In addition to the normally transmitted information the user supplies what is known as "blinding" information
which can be used to blind (hide) data so that only the user can later retrieve it. The third party provides a "blinded" partial private key, which is then passed on to several other third party in order, each adding another part of the key before blinding it and passing it on. Once the user gets the key they (and only they) can unblind it and retrieve their full private key, after which point the system becomes the same as identity based cryptography.
If all of the third parties cooperate they can recover the private key, so key escrow
Key escrow
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys...
problems arise only if all of the third parties are untrustworthy. In other areas of information security this is known as a cascade
Cascade
- Ecology :* a type of waterfall or a series of waterfalls.* Trophic cascade, when predators in a food web suppress their prey, releasing the next lower trophic level from predation* Cascade effect , the triggering of series of secondary extinctions...
, if every member of the cascade is independent and the cascade is large then the system may be considered trustworthy in actual practice.
The paper below states that "Compared with certificate-based cryptography, ID-based cryptography is advantageous in key management, since key distribution and key revocation are not required." However this poses a problem in long-lived environments where an identity (such as an email address) may shift in ownership over time and old keys need to be revoked and new keys associated with that identity provided to a new party.