Self-Escrowed Public-Key Infrastructures - CiteSeerX

Self-Escrowed Public-Key Infrastructures [Published in J.S. Song, Ed., Information Security and Cryptology, vol. 1787 of Lecture Notes in Computer Science, pp. 257–268, Springer-Verlag, 2000.] Pascal Paillier1 and Moti Yung2 1

Gemplus Card International 34 rue Guynemer, 92447 Issy-les-Moulineaux, France [email protected] 2 CertoCo, Inc. New York, NY, USA [email protected]

Abstract. This paper introduces a cryptographic paradigm called selfescrowed encryption, a concept initiated by kleptography. In simple words, a self-escrowed public-key cryptosystem features the property that the scheme’s public and private keys are connected to each other by the mean of an other cryptosystem, called the master scheme. We apply this notion to the design of auto-recoverable autocertifiable cryptosystems, a solution to software key escrow due to Young and Yung, and provide a new cryptographic escrow system called selfescrowed public key infrastructure. In addition, we give an example of such a system based on ElGamal and Paillier encryption schemes which achieves a high level of both efficiency and security. Keywords. Key escrow, public-key infrastructures, auto-recoverable cryptosystems, self-escrowed encryption, self-escrowed public-key infrastructures, kleptography.

1

Introduction

In recent years, considerable research efforts have been invested by the cryptographic community into the quest for an efficient and fair solution to the key escrow problem. Although the widespread use of nowadays communication networks such as the Internet would require the urgent deployment of a large-scale key recovery system for law-enforcement purposes, the complexity of the problem is such that very few satisfactory proposals have appeared so far. Tamperresistant hardware solutions, such as the Clipper and Capstone chips, arouse the users’ suspicion about the (unscrutinized) cryptographic algorithms executed inside the device [12, 5, 9]; many proposed systems require the escrow authorities to get involved in interactive computations at an undesirable level; finally, other investigated constructions suffer from not resisting various kinds of attacks (cf. shadow-public-key non-resistance [8]) from the system users.

2

Pascal Paillier and Moti Yung

Young and Yung [15, 16] recently introduced the concept of auto-recoverable auto-certifiable cryptosystems (ARC), a software-based cryptographic protocol that fulfills most of identified desirable requirements. ARCs conjugate functionalities of a typical public-key infrastructure (see below for definitions) with the ability to escrow private keys of the system users. To achieve this, the certification procedure of a given public key demands the key to be submitted along with a publicly verifiable zero-knowledge proof that the escrow authorities can efficiently recover the corresponding private key. The proof forms a certificate of recoverability which has to be stored securely by the certification authority (CA). If a key recovery procedure is authorized for some suspect user, the escrow authorities query the CA for the matching certificate which allows them to completely recover the user’s private key. The same authors also proposed a particular embodiment of their concept which relies on ElGamal encryption as well as on a specific key generation technique involving an extensive (hence costly) use of double decker exponentiations [11]. In this paper, we propose a new cryptographic notion which we call selfescrowed encryption. We show how to employ this technique to design a cryptographic protocol that meets all specifications of an auto-recoverable cryptosystem and presents other additional advantages. In particular, it confers on escrow authorities the ability to recover private keys directly from public ones. Consequently, the storage of some certificate of recoverability is no longer required. We call such a system a self-escrowed public key infrastructure (or SE-PKI for short). For completeness, we provide an practical example of an SE-PKI which is based on the joint use of ElGamal [7] and Paillier [10] encryption schemes and achieves a high level of both efficiency and security. The paper is divided as follows. The next two sections briefly recall the definitions of a public-key infrastructure and of an auto-recoverable cryptosystem. Section 2 introduces the notion of self-escrowed encryption, which is then used to define SE-PKIs in section 3. In section 4, we propose a discrete-log based selfescrowed encryption scheme and analyze the corresponding SE-PKI in terms of efficiency and security. 1.1

Public-Key Infrastructures

A public-key infrastructure (PKI) is a distributed cryptographic protocol involving system users and trusted third parties called certification authorities (CA). Let S = hG, E , Di denote an encryption scheme where G(1k ) = (x, y) is a probabilistic key generator (for a certain scheme parameter k), and where m 7→ Ey (m) and c 7→ Dx (c) represent the encryption and decryption functions, respectively. A PKI based on S is a protocol that fulfills the following specifications: 1. Setup. CA’s addresses and parameters are published and distributed. 2. Key Generation. Each user runs G to generate a public/private key pair (x, y) and submits y (together with an ID string including personal system attributes) to a CA. 3. Certification Process. The CA verifies the ID string, signs y and enters the certified key (y + signature) in the public key database.

Self-Escrowed Public-Key Infrastructures

3

4. Encryption. To send a message, a user queries the CA to obtain the public key y of the recipient and verifies the CA’s signature on y. If the verification holds, the user encrypts the message m using y and sends the ciphertext c = Ey (m) to the recipient. 5. Decryption. The recipient decrypts the ciphertext with his/her private key to recover the message m = Dx (c). 1.2

Auto-Recoverable Auto-Certifiable Cryptosystems

The notion was introduced in [15]. The system is a classical public-key infrastructure to which are added escrowing mechanisms. The protocol indeed ensures that some escrow agents, called hereafter escrow authorities, are capable of recovering the private key of any user suspected to misbehave. The cryptosystem is denoted S = hG, E , D, V , Ri where: – G(1k ) = (x, y, P ) is a probabilistic key generator that outputs a public/private key pair (x, y) and a publicly verifiable non-interactive zero-knowledge proof P that x is recoverable by the escrow authorities using P . – V (y, P ) ∈ {0, 1} is a publicly known algorithm such that (with overwhelming probability) V (y, P ) = 1 iff x is recoverable by the escrow authorities using P. – R takes as inputs P and some private information and returns x, provided that (x, y, P ) is a possible output of G such that V (y, P ) = 1. Optionally (distributed key recovery), R can also be an m-tuple (R1 , . . . , Rm ) such that each Ri , run on P and some private input, returns the share xi of x w.r.t some (perfect) secret sharing scheme. Escrow authorities then collaborate to recover x. The problem of computing x given (y, P ) without R is assumed to be intractable. An ARC based on S is a protocol specified by the following: 1. Setup. The escrow authorities generate a set of public parameters along with the corresponding private algorithm R. The public parameters and CA’s parameters are published and distributed. 2. Key Generation. Each user runs G to generate a public/private key pair (x, y) and a certificate of recoverability P . The user then submits the pair (y, P ) (together with an ID string including personal system attributes) to a CA. 3. Certification Process. The CA checks the ID string and verifies that V (y, P ) = 1. If the verification holds, the CA signs y and enters the certified key (y + signature + certificate P ) in the public key database. 4. Encryption. To send a message, a user queries the CA to obtain the public key y of the recipient and verifies the CA’s signature on y. If the verification holds, the user encrypts the message m using y and sends the ciphertext c = Ey (m) to the recipient. 5. Decryption. The recipient decrypts the ciphertext with his/her private key to recover the message m = Dx (c).

4

Pascal Paillier and Moti Yung

6. Key Recovery. If key recovery is authorized for a given user, the escrow authorities query the CA for the corresponding certificate P and run R on P to recover the user’s private key x.

2

Self-Escrowed Encryption Schemes

In this section, we rigorously formalize the notion of self-escrowed encryption, initiated in spirit by kleptography [13, 14]. The usual way of formally describing a public-key encryption scheme S consists in decomposing it into three distinct algorithms S = hG, E , Di where G is a key generator (e.g. a probabilistic algorithm that outputs a typical key pair (x, y) in polynomial-time), and where m 7→ Ey (m) and c 7→ Dx (c) represent the encryption and decryption algorithms parameterized by the respective keys. To provide one-wayness, the scheme is necessarily built in such a way that the public key y is derived from the secret key x by the mean of some compliant one-way function y = F (x) such as integer multiplication or exponentiation in a well-chosen group . A self-escrowed encryption scheme can be defined as an encryption scheme for which the function F , in addition to being one-way, also presents partial or total trapdoorness. When it does, F can then be expressed as some encryption function EY for some existing encryption key Y . This also means that a public/private key pair (x, y) of S such that x falls into the “trapdoorness domain” of F reaches the property that x = DX (y) i.e. there exist some trapdoor information X which allows to recover x from y. This property can be captured precisely, as follows. Definition 1. An encryption scheme S = hG, E , Di is said to be perfectly selfescrowed when there exist an encryption scheme Σ = hG, E, Di and a key pair (X, Y ) of Σ such that for all key pair (x, y) of S the relation y = EY (x)

(1)

holds. By analogy with the secret key setting, Σ is called the master encryption scheme of S, Y the master public key and X the master private key. As we will see later in the paper, definition 1 may not be reached in a strict sense although the given scheme present some a partial access to the self-escrow property. In particular, there could exist a master key pair for which most of key pairs satisfy relation 1. Situations may also occur wherein the set of escrowable private keys remains of reasonable size, although being a negligible proportion of the whole private key space. Self-escrow properties can still be defined in that case by weakening the strong requirements of definition 1. This is as follows. Definition 2. An encryption scheme S = hG, E , Di is said to be (partially) selfescrowed when there exist an encryption scheme Σ = hG, E, Di, a key pair (X, Y ) of Σ and a pair of probabilistic polynomial-time algorithms hP, Vi such that for all key pair (x, y) of S satisfying relation 1, P(Y, x, y) = P is a non-interactive

Self-Escrowed Public-Key Infrastructures

5

(statistical) zero-knowledge proof that relation 1 holds and P is publicly verifiable i.e. V(Y, y, P ) ∈ {0, 1} equals 1 (with overwhelming probability) if and only if P is a valid proof for y. In other words, we require that any key pair fulfilling the desired property can efficiently be proven such and that the generated proof of recoverability is public and can be publicly verified by anyone: a requirement that imposes zero-knowledgeness. Once more, it is understood that the purpose of kleptographic attacks is no different from attempting to turn a target encryption scheme into a self-escrowed cryptosystem. Kleptography is by nature closely related to key recovery techniques, they differ in spirit only.1 In both cases, the computational dependence of public keys on other public keys (be it subliminal or publicly known) seems to be necessary.

3

Self-Escrowed Public-Key Infrastructures

A self-escrowed public-key infrastructure is a particular case of an auto-recoverable auto-certifiable cryptosystem. The major advantage of an SE-PKI resides in that the proof of recoverability generated by the user is verified by the CA and then immediately discarded, since it is of no use regarding the key recovery procedure. Consequently, this releases certification authorities from the data storage of certificates of recoverability needed in ARCs, and completely removes interaction with escrow authorities during key recovery. This novel property is achieved using self-escrowed encryption as follows. Let S = hG, E , Di be a self-escrowed encryption scheme and Σ = hG, E, Di denote its master scheme. Recall that by definition, there also exist a pair of algorithms hP, Vi allowing to generate and verify proofs of recoverability. An SE-PKI based on S can be defined as follows. 1. Setup. The escrow authorities run G to generate a master public/private key pair (Y, X). The public parameters, including Y and CA’s parameters, are published and distributed. 2. Key Generation. Each user runs G(Y, 1k ) to generate a public/private key pair (x, y), and then runs P(Y, x, y) to get the proof P that y = EY (x) holds. The user then submits the pair (y, P ) (together with an ID string including personal system attributes) to a CA. 3. Certification Process. The CA checks the ID string and runs V to verify that V(Y, y, P ) = 1. If the verification holds, the CA signs y and enters the certified key (y + signature) in the public key database. 4. Encryption. To send a message, a user queries the CA to obtain the public key y of the recipient and verifies the CA’s signature on y. If the verification holds, the user encrypts the message m using y and sends the ciphertext c = Ey (m) to the recipient. 1

the kleptographic adversary wishes the very existence of the ability to recover keys to be secret. A subliminally self-escrowed encryption scheme is called SETUP, see [13].

6

Pascal Paillier and Moti Yung

5. Decryption. The recipient decrypts the ciphertext with his/her private key to recover the message m = Dx (c). 6. Key Recovery. If key recovery is authorized for a given user, the escrow authorities recover the user’s private key x = DX (y) and decipher the transmitted ciphertext(s). Here again, the key recoverability may be distributed among escrow authorities using some threshold decryption scheme. It is worthwhile noticing that an SE-PKI remains extremely close by construction to a regular PKI: a given PKI is self-escrowed iff the underlying encryption scheme is also self-escrowed, the two properties directly derive from each other.

4

An Efficient Self-Escrowed PKI

We now proceed to describe a practical example of a SE-PKI. As just pointed out above, this requires to set up a self-escrowed cryptosystem first. Our scheme proposal is based on the joint use of ElGamal and Paillier encryption schemes and achieves (partial) self-escrow in the sense of definition 2, as will be shown later. We begin by a brief overview of useful mathematical facts. 4.1

Self-Escrowed Discrete Log-Based Cryptosystems

Paillier Encryption Recently, Paillier [10] introduced public-key probabilistic encryption schemes based on composite residuosity classes over Z∗n2 where n is an RSA modulus n = pq. To briefly describe the trapdoor, the knowledge of the factors of n happens to allow a fast extraction of discrete logarithms modulo n 2 , provided that the base g ∈ Z∗n2 is of order nα for some α with gcd(n, α) = 1. In the sequel, g will be chosen of maximal order nλ where λ = λ(n) = lcm(p−1, q − 1) must be relatively prime to n. We define over Un = {u < n2 | u = 1 mod n} the integer-valued function L(u) = (u − 1)/n where the division takes place in Z. The public key is then the pair (n, g) while the private key is λ or equivalently the factors p and q. Encryption of a plaintext m < n is done as follows. Pick an integer r uniformly at random in [0, 2` ] where ` denotes the bitlength of n, and compute the ciphertext c = g m+n·r mod n2 .

(2)

To decrypt, compute m=

L(cλ mod n2 ) mod n . L(g λ mod n2 )

(3)

The one-wayness of the scheme is known to be equivalent to the partial discrete logarithm problem with base g, which is thought to be intractable provided that n is hard to factor. We refer the reader to [10] for more details. In this paper, we will be considering a deterministic version of this encryption scheme,

Self-Escrowed Public-Key Infrastructures

7

Public Key n, g of maximal order. Private Key λ = lcm(p − 1, q − 1). Encryption plaintext m < n ciphertext c = g m mod n2 Decryption ciphertext c < n2 L(cλ mod n2 ) plaintext m = mod n. L(g λ mod n2 ) Fig. 1. Paillier’s Deterministic Encryption Scheme.

i.e. encryption of a message m < n is done by a simple exponentiation c = g m mod n2 while decryption is carried out as in equation 3. The encryption scheme is depicted on figure 1. From a theoretical viewpoint, making the cryptosystem deterministic somehow decreases its security level, since computing partial logarithms then reduces to computing simple discrete logarithms2 . However, since we do not know any way of extracting discrete logs without the secret factors, we will make the assumption that inverting the encryption function still remains an intractable problem in this context. Self-Escrowed Diffie-Hellman The celebrated Diffie-Hellman key exchange protocol [3] exploits the (conjectured) hardness of extracting discrete logarithms over Z∗p (for some well-chosen large prime p) and the additive homomorphicity of modular exponentiation. The protocol can straightforwardly be executed using other kinds of groups over which the discrete log problem is also thought to be intractable: we focus here on the specific group Z∗n2 where n is an RSA modulus n = pq just as before. As pointed out above, the knowledge of the factors p and q is sufficient to recover the discrete logarithm of y = g x mod n2 provided that x < n. This leads to a simple self-escrowed Diffie-Hellman variant (cf. figure 2) in which some escrow authority, whose private key is (p, q), can easily open the session key after wiretapping data exchanged during the protocol. Self-Escrowed ElGamal Encryption Because ElGamal encryption is a noninteractive instance of the Diffie-Hellman protocol, the previous self-escrow property also extends to ElGamal encryption over Z∗n2 . The resulting cryptosystem is displayed on figure 3 below. It clearly appears that the encryption (ElGamal) possesses a master scheme (Paillier). We claim: Theorem 1. The encryption scheme of figure 3 is self-escrowed. 2

the scheme also looses semantic security.

8

Pascal Paillier and Moti Yung

Setup The escrow authority generates n = pq and publishes n. Protocol 1. User A picks a random a < n and sends g a mod n2 to user B 2. User B picks a random b < n and sends g b mod n2 to user A 3. Both users compute K = g ab mod n2 . Key Recovery If key recovery is authorized, the escrow authority computes a (or b) from wiretapped g a (or g b ) and easily recovers K.

Fig. 2. Self-Escrowed Diffie-Hellman Key Establishment.

Master Public Key n, g of maximal order, ` = 2|n|. Master Private Key λ Public Key

y = g x mod n2 where x