Verifiable cryptographic time capsules with application to key escrow

Mihir Bellare, UCSD
Tuesday 8 Oct 1996, 4:15pm, Gates 104


We are in the midst of a heated debate on cryptographic policy. Corporations and individuals want un-restricted use of strong encryption. The government is opposed since it wants to retain the ability to obtain information via wiretapping in cases of suspected criminal activity. Technical solutions which can span this rift are being sought.

This talk will begin by explaining the issues and the kinds of solutions that are being discussed. I will explain what is KEY ESCROW and its status. We will see that while the possibility of some form of key escrow being adopted is high, no current proposal seems acceptable to all parties.

We introduce a new approach to key escrow called verifiable encapsulated key escrow (VEKE). The goal is to add a second line of defense to the normal procedure, and guard against the possibility of a total breakdown in the system of trust. Our system imposes a time delay between the obtaining of the escrowed information of a user by the authority and obtaining the actual user secret key, thereby preventing large scale wiretapping (as opposed to selective wiretapping).

We achieve VEKE by a new cryptographic tool called a verifiable cryptographic time capsules. This is a box into which one can put information in such a way that an authority can verify that it can obtain the contents after a specified time delay.

These time capsules have applications beyond key escrow: we can conceive their use for ``sending information into the future'' with applications to deferred electronic payments, and the sealing of documents for limited time periods.

Joint work with: Shafi Goldwasser, MIT.