WO2001022654A1 - Procede de decryptage de documents cryptes selon un procede de cryptage hybride en cas de perte de la cle cryptographique privee - Google Patents

Procede de decryptage de documents cryptes selon un procede de cryptage hybride en cas de perte de la cle cryptographique privee Download PDF

Info

Publication number
WO2001022654A1
WO2001022654A1 PCT/EP2000/008746 EP0008746W WO0122654A1 WO 2001022654 A1 WO2001022654 A1 WO 2001022654A1 EP 0008746 W EP0008746 W EP 0008746W WO 0122654 A1 WO0122654 A1 WO 0122654A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
session key
user
message recovery
document
Prior art date
Application number
PCT/EP2000/008746
Other languages
German (de)
English (en)
Other versions
WO2001022654A8 (fr
Inventor
Jörg Schwenk
Original Assignee
Deutsche Telekom Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Deutsche Telekom Ag filed Critical Deutsche Telekom Ag
Priority to AU76512/00A priority Critical patent/AU7651200A/en
Publication of WO2001022654A1 publication Critical patent/WO2001022654A1/fr
Publication of WO2001022654A8 publication Critical patent/WO2001022654A8/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols

Definitions

  • the cryptographic technique of encryption is increasingly being used to secure communication data and stored data.
  • the data is encrypted under the control of a cryptographic (symmetrical) key and can only be decrypted with this.
  • a cryptographic (symmetrical) key can only be decrypted with this.
  • Marketable products and software libraries are available for this.
  • hybrid encryption methods are predominantly used today. With these methods, the data are first encrypted using a fast symmetrical algorithm and a randomly selected session key k. Then the session key k itself is encrypted using a public key method and the public key of the recipient (when communicating) or the PC user (when storing the data). A header containing the encrypted session key and other information required for decryption (exact specification of the algorithms used, coding, ...) is added to the data.
  • the public key method and the private key of the recipient or user are first required in order to decrypt the session key k.
  • the data can then itself be decrypted using the symmetrical method and the session key k.
  • Key recovery is the recovery of the private key from the public key system that belongs to the public key used. By everyone Key recovery process can decrypt all data whose session keys have been encrypted with the public key in question. Key recovery methods are not the subject of this invention.
  • Message recovery is the restoration of the cryptographic session key k used to encrypt a specific data record.
  • Each message recovery process can only decrypt a data record or a document N structured as a data record.
  • the method according to the invention is based on a method for message recovery. Message recovery methods are generally implemented in that the
  • the session key was additionally encrypted with the (public or secret symmetrical) key of a recovery point and attached to the message (Dorothy E. Denning, "Resolving the Encryption Dilemma: The Case for Clipper.” .M.http: //www.techreview. com / articles / iuly95 / Denninp.html), or that a trusted server assigns the session key to the two communication participants (see D. Fox, The Royal Holloway System. A Key Recovery Protocol for Europe? Data Protection and Security, Issue 1/98 Both solutions were designed at the request of government agencies to allow government access, including encrypted communications, and user interest and practicality did not matter.
  • the object of the invention is a method for reconstructing the cryptographic key k for sent or stored documents N.
  • the mechanisms of this method should be under the control of the user who has lost his private key and can therefore no longer decrypt the document N.
  • the method should be secure against misuse by third parties and should not offer any back doors for "unauthorized third parties" to reconstruct the session key k in order to access the encrypted document N.
  • the solution should meet the following conditions:
  • the method according to the invention for the reconstruction of the lost session key from sent or stored documents N is intended to enable the user to determine for himself how and under what circumstances the session key k is reconstructed.
  • the principle of Diffie-Hellman key exchange is used.
  • At least one center Z is included in the method, which acts as a message recovery center Z in the reconstruction of the lost cryptographic key k. If more than one message recovery center Z is to be included in the method, it is it makes sense to select independent message recovery centers. Independent centers are understood to mean message recovery centers that are operated by various institutions, such as Weg, the Federal Office for Information Security and the Chaos Computer Club.
  • the principle of operation of the method according to the invention is described in more detail below with the inclusion of a message recovery center Z:
  • Publicly known, general parameters are an element g of a publicly known mathematical group G of large multiplicative order. The problem of discrete logarithm should be practically insoluble in group G.
  • the method is based on the fact that the user provides each data record that he sends as document N or that he stores with a preceding data record (header), which contains information that enables a reconstruction (recovery) of the lost session key k. At least one message recovery center Z that was selected by the user as “trustworthy” is involved in the method.
  • the user proceeds as follows to generate the data record preceding the actual encrypted document N as a header:
  • the user generates a cryptographic key k on the basis of the known Diffie / Hellmann method.
  • the publicly known components of the encryption method are the mathematical group G, which is also known to the message recovery center Z (for example the multiplicative group of all integers modulo a large prime number p) and a publicly known element g of the group G (for example a number 0 ⁇ g ⁇ p) with large multiplicative order.
  • group G which is also known to the message recovery center Z (for example the multiplicative group of all integers modulo a large prime number p) and a publicly known element g of the group G (for example a number 0 ⁇ g ⁇ p) with large multiplicative order.
  • other suitable mathematical structures can also be used for group G, such as.
  • B the multiplicative group of a finite field or the group of points of an elliptic curve.
  • the user calculates
  • the user first generates a random number r.
  • the user turns the publicly known element g into the Group G and the random number r generated by the user additionally generates a number according to the relationship g r .
  • the element g and the group G must meet the additional condition that the problem of the discrete logarithm cannot be solved with regard to their parameters.
  • the cryptographic session key k encrypted with the public key of the user / recipient and the number g r are added to each document N as a header.
  • the user or recipient If the user or recipient has lost his private key or can no longer access it, he can no longer decrypt the document N. In this case, he contacts the message recovery center Z and there presents the encrypted document N or only the number (the element of the group G) g r from the header of the encrypted document N.
  • An increase in the security of the method according to the invention is achieved for the user by including several message recovery centers ZI - Zn.
  • Each message recovery center Zi must use its secret number zi to reconstruct the session key k. This means that in this variant, none of the centers ZI to Zn is able to reconstruct the session key k alone.
  • Each center ZI to Zn can only reconstruct a partial secret of the session key k. When all centers ZI to Zn have transmitted their partial secret to the user, the user can reconstruct the session key k by combining all partial secrets.
  • the user regenerates a random number r, for example by means of a
  • XOR denotes the bitwise Addition modulo 2.
  • any combination of the two values can also be used instead of XOR, with this session key k the document N of the user is encrypted.
  • the user calculates an additional number g r from the publicly known element g of the mathematical group G and the random number r generated by him and the document N together with that with a private one
  • Key of the user encrypted session key k is added as a header.
  • Document N or just the number g r from the header of document N for which he has lost his private key.
  • the message recovery centers ZI and Z2 each calculate part of the lost key k from the number g r and their own secret number zl or z2.
  • Center ZI calculates the partial key (g 1 ) 2 ', and the center Z2 calculates the partial key (g ") z2 .
  • the user can use these two values
  • the cryptographic session key k can be restricted to a suitable part (for example the last 128 bits) of the values (g z ) r for each message recovery center ZI to Zn become.
  • Another advantage of the solution is that any number of message recovery centers can be included in the method according to the invention without this being apparent from the message format. In an extreme case, an attacker who came into possession of a document N and who has complete control over all n message recovery centers would have to try 2 n possibilities before finding the subset of message recovery centers that can reconstruct the session key k.
  • n-t + 1 values must be stored in the MRF. It follows from this construction that an (n, n + (n-t)) threshold method must be used.
  • the decisive step is again the generation of the session key. Alice does this as follows: • Alice selects the parameters n and t, and n different centers Z ⁇ , ..., Z n .
  • n shares (i, s-) clearly define a polynomial f (x) of degree n-1 over a finite field of sufficient size (eg GF (2 64 ) or GF (2 128 )).
  • email messages can be encrypted using the methods outlined above, with the difference that the recipient's public key (referred to here as Bob) is used to encrypt the session key. Another important difference is that the message recovery centers chosen by Bob must be publicly known so that Alice can correctly calculate the session key. The additional protection factor that an attacker does not know the message recovery centers used is therefore not applicable here.
  • IP packets could also be used for the encryption of IP packets. However, this would only be necessary to implement a legally required monitoring option, since encrypted IP packets are nowhere stored for a long time.
  • IPSec IPSec
  • the IPSec standard [IPSec] would have to be expanded to include a new key agreement protocol in addition to OAKLEY. Should such an internet surveillance regulation ever be enacted, the advantages of the proposed procedure would come into play. Users can share access to the data they encrypt with a wide variety of organizations without sacrificing performance that is important at the IP level.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Compression, Expansion, Code Conversion, And Decoders (AREA)

Abstract

Procédé de décryptage de documents cryptés selon un procédé de cryptage hybride en cas de perte de la clé cryptographique privée, en particulier procédé de reconstruction de la clé cryptographique (k) de session pour des documents N envoyés ou mis en mémoire selon lequel les mécanismes dudit procédé se trouvent sous la commande de l'utilisateur. Selon la présente invention, l'utilisateur calcule la clé cryptographique (k) de session par analogie avec le procédé Diffie-Hellmann. Pour le décryptage, c'est la clé publique (Pz) d'au moins un centre (Z) de récupération de messages qui est utilisée. Si l'utilisateur perd la clé privée avec laquelle il a crypté la clé cryptographique (k) de session, le centre (Z) de récupération de messages peut reconstruire la clé cryptographique (k) de session du document concerné (N) à partir de l'en-tête du document (N).
PCT/EP2000/008746 1999-09-20 2000-09-07 Procede de decryptage de documents cryptes selon un procede de cryptage hybride en cas de perte de la cle cryptographique privee WO2001022654A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU76512/00A AU7651200A (en) 1999-09-20 2000-09-07 Method of decoding documents encoded by means of a hybrid encoding method in theevent of the loss of the private cryptographic key

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE1999146127 DE19946127A1 (de) 1999-09-20 1999-09-20 Verfahren zur Entschlüsselung von mit einem hybriden Verschlüsselungsverfahren verschlüsselten Dokumenten nach Verlust des privaten kryptografischen Schlüssels
DE19946127.9 1999-09-20

Publications (2)

Publication Number Publication Date
WO2001022654A1 true WO2001022654A1 (fr) 2001-03-29
WO2001022654A8 WO2001022654A8 (fr) 2001-07-05

Family

ID=7923367

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2000/008746 WO2001022654A1 (fr) 1999-09-20 2000-09-07 Procede de decryptage de documents cryptes selon un procede de cryptage hybride en cas de perte de la cle cryptographique privee

Country Status (3)

Country Link
AU (1) AU7651200A (fr)
DE (1) DE19946127A1 (fr)
WO (1) WO2001022654A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2442253A1 (fr) * 2010-10-12 2012-04-18 Research In Motion Limited Procédé pour la sécurisation d'informations dans un référentiel distant
US8756706B2 (en) 2010-10-12 2014-06-17 Blackberry Limited Method for securing credentials in a remote repository
WO2021165625A1 (fr) * 2020-02-19 2021-08-26 Orange Procede de calcul d'une cle de session, procede de recuperation d'une telle cle de session

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10134489B4 (de) * 2001-06-27 2004-03-04 Mediasec Technologies Gmbh Asymmetrisches Kryptographieverfahren

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5920630A (en) * 1997-02-25 1999-07-06 United States Of America Method of public key cryptography that includes key escrow

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5815573A (en) * 1996-04-10 1998-09-29 International Business Machines Corporation Cryptographic key recovery system
US5796830A (en) * 1996-07-29 1998-08-18 International Business Machines Corporation Interoperable cryptographic key recovery system
US5907618A (en) * 1997-01-03 1999-05-25 International Business Machines Corporation Method and apparatus for verifiably providing key recovery information in a cryptographic system
WO1998047260A2 (fr) * 1997-04-11 1998-10-22 Network Associates, Inc. Recuperation de cle verifiable publiquement
US6775382B1 (en) * 1997-06-30 2004-08-10 Sun Microsystems, Inc. Method and apparatus for recovering encryption session keys

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5920630A (en) * 1997-02-25 1999-07-06 United States Of America Method of public key cryptography that includes key escrow

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BETH T ET AL: "TOWARDS ACCEPTABLE KEY ESCROW SYSTEMS", 2ND ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY,XX,XX, 2 November 1994 (1994-11-02), pages 51 - 58, XP000560695 *
KOBLITZ N, MENEZES A J, YI-HONG WU, R J ZUCCHERATO: "Algebraic Aspects of Cryptography", 1999, SPRINGER VERLAG, BERLIN, GERMANY, ISBN: 3-540-63446-0, ISSN: 1431-1550, XP002160873 *
MAHER D P: "CRYPTOBACKUP AND KEY ESCROW", COMMUNICATIONS OF THE ASSOCIATION FOR COMPUTING MACHINERY,US,ASSOCIATION FOR COMPUTING MACHINERY. NEW YORK, vol. 39, no. 3, 1 March 1996 (1996-03-01), pages 48 - 53, XP000584954, ISSN: 0001-0782 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2442253A1 (fr) * 2010-10-12 2012-04-18 Research In Motion Limited Procédé pour la sécurisation d'informations dans un référentiel distant
WO2012051076A3 (fr) * 2010-10-12 2012-06-21 Research In Motion Limited Procédé permettant de mettre en sûreté des justificatifs d'identité dans un organe d'archivage éloigné
US8756706B2 (en) 2010-10-12 2014-06-17 Blackberry Limited Method for securing credentials in a remote repository
US9455830B2 (en) 2010-10-12 2016-09-27 Blackberry Limited Method for securing credentials in a remote repository
WO2021165625A1 (fr) * 2020-02-19 2021-08-26 Orange Procede de calcul d'une cle de session, procede de recuperation d'une telle cle de session

Also Published As

Publication number Publication date
DE19946127A1 (de) 2001-04-12
AU7651200A (en) 2001-04-24
WO2001022654A8 (fr) 2001-07-05

Similar Documents

Publication Publication Date Title
DE69534192T2 (de) Verfahren zur gemeinsamen Nutzung einer geheimen Information, zur Erzeugung einer digitalen Unterschrift und zur Ausführung einer Beglaubigung in einem Kommunikationssystem mit mehreren Informationsverarbeitungseinrichtungen und Kommunikationssystem zur Anwendung dieses Verfahrens
DE60215332T2 (de) System und Verfahren zum Verabreiten eines gemeinsamen Geheimnisses
DE60036112T2 (de) Serverunterstützte wiedergewinnung eines starken geheimnisses aus einem schwachen geheimnis
EP1793525B1 (fr) Procédé pour changer la clé de groupe dans un groupe d'éléments de réseau dans un réseau
DE69929251T2 (de) Verschlüsselungssystem mit einem schlüssel veränderlicher länge
DE69725659T2 (de) Verfahren und Einrichtung zur Ablage eines in einem RSA-Kryptosystem benutzten Geheimschlüssels
DE69633590T2 (de) Verfahren zur Unterschrift und zur Sitzungsschlüsselerzeugung
DE69233613T2 (de) Kryptographisches Protokoll zur gesicherten Kommunikation
DE102009001718B4 (de) Verfahren zur Bereitstellung von kryptografischen Schlüsselpaaren
DE602004004029T2 (de) Verfahren zur Verteilung von Konferenzschlüsseln, gemäss einem identitätsbasierten Verschlüsselungssystem
WO1991014980A1 (fr) Procede d'authentification d'un utilisateur utilisant une station de donnees
LU93024B1 (de) Verfahren und Anordnung zum Aufbauen einer sicheren Kommunikation zwischen einer ersten Netzwerkeinrichtung (Initiator) und einer zweiten Netzwerkeinrichtung (Responder)
DE10129285A1 (de) Verschlüsselungsverfahren mit beliebig wählbaren Enmalschlüsseln
DE60109805T2 (de) Verfahren und system zur benützung eines ungesicherten krypto-beschleunigers
EP1298834A1 (fr) Procédé et dispositif de chiffrement et de déchiffrement des données
DE102015103251B4 (de) Verfahren und System zum Verwalten von Nutzerdaten eines Nutzerendgeräts
EP1116357B1 (fr) Procede de generation sure repartie d'une cle de codage
WO2001022654A1 (fr) Procede de decryptage de documents cryptes selon un procede de cryptage hybride en cas de perte de la cle cryptographique privee
EP1221223A1 (fr) Procede destine a generer/regenerer une cle de codage pour un procede de cryptographie
EP3050244B1 (fr) Production et utilisation de clés pseudonymes dans le cryptage hybride
EP1208669B1 (fr) Procede permettant d'etablir une cle commune d'un groupe d'au moins trois abonnes
DE10046642A1 (de) System und Verfahren zur Geheimcode-Emulation zwischen zwei Hardwaremodulen
WO2000022776A1 (fr) Technique permettant d'etablir une cle commune entre un central telephonique et un groupe de participants
DE10114157A1 (de) Verfahren zur rechnergestützten Erzeugung von öffentlichen Schlüsseln zur Verschlüsselung von Nachrichten und Vorrichtung zur Durchführung des Verfahrens
WO1995034968A1 (fr) Dispositif de dechiffrement d'algorithmes de dechiffrement et procede pour le chiffrement et le dechiffrement au moyen d'un tel dispositif

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU CA US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

WWE Wipo information: entry into national phase

Ref document number: 2000965938

Country of ref document: EP

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: C1

Designated state(s): AU CA US

AL Designated countries for regional patents

Kind code of ref document: C1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

CFP Corrected version of a pamphlet front page

Free format text: REVISED TITLE RECEIVED BY THE INTERNATIONAL BUREAU AFTER COMPLETION OF THE TECHNICAL PREPARATIONS FOR INTERNATIONAL PUBLICATION

WWW Wipo information: withdrawn in national office

Ref document number: 2000965938

Country of ref document: EP

WA Withdrawal of international application