Recovering Keys in Open Networks

| In recent years, key recovery has been the subject of a lot of discussion, of much controversy and of extensive research. The widespread opinion of the research community, expressed in a technical report 13], written by well known experts, is that large-scale deployment of a key recovery system is essentially impossible. Despite this fact, key recovery might be needed at a corporate level, as a form of key management. The basic observation of the present paper is that cryptographic solutions that have been proposed so far, completely ignore the communication context. Surprisingly, static systems are put forward for key recovery at network layer and solutions that require connections with a server are proposed at application layer. We give two examples showing that it is possible to take advantage of the communication environment in order to design key recovery protocols that are better suited and more eecient. I. Introduction In recent years, key recovery has been the subject of a lot of discussion, of much controversy and of extensive research, fostered by the rapid development of worldwide networks such as the Internet. A quick deenition of a large-scale public key infrastructure is required in order to manage signature keys and to allow secure encryption. However, a completely liberal use of cryptography is not completely accepted by governments and companies so that escrowing mechanisms need to be developed in order to fullll current regulations. Because of the technical complexity of this problem, many rather unsatisfactory proposals have been published. Some of them are based on tamper-resistant hardware, others make extensive use of trusted third parties. Furthermore, most of them notably increase the number of messages exchanged by the various parties , as well as the size of the communications. Based on these reasons, the widespread opinion of the research community, expressed in a technical report 13], written by well known experts , is that large-scale deployment of a key recovery system is still beyond the current competency of cryptography. Despite this fact, key recovery might be needed at a corporate level, as a form of key management. The basic observation of the present paper is that cryptographic solutions that have been proposed so far, completely ignore the communication context. Surprisingly, static systems are put forward for key recovery at network layer and solutions that require connections with a server are proposed at application layer. We give two examples showing that it …