A Proposal for Authenticated Key Recovery System 1

Information-security technologies are often implemented with redundant data fields attached to message containers. In a Key Recovery System that employs public key cryptography, a data recovery field (DRF) attached to a message typically contains a session key encrypted with a Key Recovery Agent’s public key. At a later time when needs arise, the session key can be retrieved from DRF and used to recover the original message without the involvement of the message originator or recipient. Two problems with such a system are (1) that DRF is at least as long as the public modulo of the Key Recovery Agent, which represents an increasingly large communication overhead, (2) and that DRF is not created in an authenticated way, which opens a door for an originator to create a bogus DRF and deny his/her act at a later time. The main purposes of this paper are to address the two problems and exhibit a possible solution to them. In particular, we propose an authenticated Key Recovery System using a recently discovered signcryption primitive that combines the functions of digital signature with those of public-key encryption. We also carry out a detailed comparison between our proposal and existing Key Recovery Systems.