首页 | 本学科首页   官方微博 | 高级检索  
     

基于ElGamal体制的门限密钥托管方案
引用本文:曹珍富,李继国.基于ElGamal体制的门限密钥托管方案[J].计算机学报,2002,25(4):346-350.
作者姓名:曹珍富  李继国
作者单位:1. 上海交通大学计算机科学与工程系,上海,200030
2. 哈尔滨工业大学计算机科学与工程系,哈尔滨,150001
基金项目:国家自然科学基金 (60 0 72 0 18)资助
摘    要:该文基于ElGamal密码体制提出了一个门限密钥托管方案,这个方案不仅有效地解决了“一次监听,永久监听”问题,而且每个托管代理能够验证他所托管的子密钥的正确性,并且在监听阶段,监听机构能够切地知道门限密钥托管方案中哪些托管代理伪造或篡改子密钥,由于该方案是门限密钥托管方案,所以在各托管代理中有一个或几个托管代理不愿合作或无法合作时,监听机构仍能很容易地重构出会话密机,此外,还具有抵抗LEAF反馈攻击的特性。

关 键 词:密钥托管  门限方案  ElGamal体制  托管代理  门限密钥托管  密码学  计算机安全
修稿时间:2000年5月29日

A Threshold Key Escrow Scheme Based on ElGamal Public Key Cryptosystem
CAO Zhen Fu,LI Ji Guo.A Threshold Key Escrow Scheme Based on ElGamal Public Key Cryptosystem[J].Chinese Journal of Computers,2002,25(4):346-350.
Authors:CAO Zhen Fu  LI Ji Guo
Affiliation:CAO Zhen Fu 1) LI Ji Guo 2) 1)
Abstract:In order to protect sensitive information against unauthorized interception, the communication can be encrypted before they are transmitted and decrypted upon receipt. At the same time, encryption also is used to conceal criminal and terrorist activities. On April 16, 1993, the U.S. Government announced a new encryption initiative aimed at providing a high level of communication security and privacy without jeopardizing effective law enforcement, public safety, and national security. The initiative is based on a special tamper resistant hardware encryption device (Clipper Chip) and a key escrow system. In the existing most (threshold) key escrow schemes, the monitor agency firstly recovers the system key and then decrypts LEAF to obtain session key. Once the monitor agency monitors a user, it may monitor communications of all users, namely "once monitor, monitor for ever". In this paper, we propose a threshold key escrow schemes based on ElGamal cryptosystem. In our scheme, every escrow agency gets sub message using his secret shadow. Each time monitor agency can recover the whole message (session key) by using k sub messages. But nothing about the whole message can be obtained when the number of the sub messages is less then k . The attacker cannot get any information about system key and secret shadow by the known sub messages. The proposed scheme not only solves the problem of "once monitor, monitor for ever", but also solves the Shamir's problem. In the scheme, every escrow agency can verify correctness of the secret shadow that he escrows during secret shadow distribution and monitor agency can exactly decide which escrow agency forges or tampers secret shadow during monitor procedure. Thus the scheme has the property of robustness. Since the proposed theme is threshold key escrow scheme, monitor agency can easily reconstruct session key sk when an escrow agency or few agencies is not cooperating. In addition, it can also resist LEAF Feedback attacks.
Keywords:key escrow  threshold scheme  ElGamal cryptosystem  escrow agent  monitor
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号