[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Translucent Cryptography



http://link.springer.de/link/service/journals/00145/bibs/12n2p117.html

-------------------------------- CUT --------------------------------

        J. Cryptology 12:117-139 (1999)
        c 1999 by Springer-Verlag New York, Inc. 

        Translucent Cryptography - An Alternative to Key Escrow, and
        Its Implementation via Fractional Oblivious Transfer

        Mihir Bellare, Ronald L. Rivest 


        Subscribers may view full text in PDF (see notes on formats
        here.) 


        Abstract

        We present an alternative to the controversial ``key-escrow''
        techniques for enabling law enforcement and national security
        access to encrypted communications. Our proposal allows such
        access with probability p for each message, for a parameter p
        between 0 and 1 to be chosen (say, by Congress) to provide an
        appropriate balance between concerns for individual privacy,
        on the one hand, and the need for such access by law
        enforcement and national security, on the other. (For example,
        with p=0.4 , a law-enforcement agency conducting an authorized
        wiretap which records 100 encrypted conversations would expect
        to be able to decrypt (approximately) 40 of these
        conversations; the agency would not be able to decrypt the
        remaining 60 conversations at all.) Our scheme is remarkably
        simple to implement, as it requires no prior escrowing of
        keys.

        We implement translucent cryptography based on noninteractive
        oblivious transfer. Extending the schemes of Bellare and
        Micali [2], who showed how to transfer a message with
        probability ½ , we provide schemes for noninteractive
        fractional oblivious transfer, which allow a message to be
        transmitted with any given probability p . Our protocol is
        based on the Diffie - Hellman assumption and uses just one El
        Gamal encryption (two exponentiations), regardless of the
        value of the transfer probability p . This makes the
        implementation of translucent cryptography competitive, in
        efficiency of encryption, with current suggestions for
        software key escrow.


        Online publication: 29 March, 1999
        Email: link@springer-ny.com 
        c 1999 by Springer-Verlag New York, Inc. 

-------------------------------- CUT --------------------------------