[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] Translucent Cryptography
- To: debate@fitug.de
- Subject: [FYI] Translucent Cryptography
- From: Horns@t-online.de (Axel H. Horns)
- Date: Wed, 31 Mar 1999 09:28:53 +0100
- Comment: This message comes from the debate mailing list.
- Comments: Sender has elected to use 8-bit data in this message. If problems arise, refer to postmaster at sender's site.
- Organization: Private Site
- Reply-to: horns@t-online.de
- Sender: owner-debate@fitug.de
http://link.springer.de/link/service/journals/00145/bibs/12n2p117.html
-------------------------------- CUT --------------------------------
J. Cryptology 12:117-139 (1999)
c 1999 by Springer-Verlag New York, Inc.
Translucent Cryptography - An Alternative to Key Escrow, and
Its Implementation via Fractional Oblivious Transfer
Mihir Bellare, Ronald L. Rivest
Subscribers may view full text in PDF (see notes on formats
here.)
Abstract
We present an alternative to the controversial ``key-escrow''
techniques for enabling law enforcement and national security
access to encrypted communications. Our proposal allows such
access with probability p for each message, for a parameter p
between 0 and 1 to be chosen (say, by Congress) to provide an
appropriate balance between concerns for individual privacy,
on the one hand, and the need for such access by law
enforcement and national security, on the other. (For example,
with p=0.4 , a law-enforcement agency conducting an authorized
wiretap which records 100 encrypted conversations would expect
to be able to decrypt (approximately) 40 of these
conversations; the agency would not be able to decrypt the
remaining 60 conversations at all.) Our scheme is remarkably
simple to implement, as it requires no prior escrowing of
keys.
We implement translucent cryptography based on noninteractive
oblivious transfer. Extending the schemes of Bellare and
Micali [2], who showed how to transfer a message with
probability ½ , we provide schemes for noninteractive
fractional oblivious transfer, which allow a message to be
transmitted with any given probability p . Our protocol is
based on the Diffie - Hellman assumption and uses just one El
Gamal encryption (two exponentiations), regardless of the
value of the transfer probability p . This makes the
implementation of translucent cryptography competitive, in
efficiency of encryption, with current suggestions for
software key escrow.
Online publication: 29 March, 1999
Email: link@springer-ny.com
c 1999 by Springer-Verlag New York, Inc.
-------------------------------- CUT --------------------------------