A Simpler, More Personal Key to Protect Online Messages

By JOHN MARKOFF
The New York Times

I wrote this for another list I'm on:


This system is based on an identity-based cryptography scheme developed by Dan Boneh with Matt Franklin. You can find a link to his paper "Identity based encryption from the Weil pairing" on Dr. Boneh's website, http://crypto.stanford.edu/~dabo/pubs.html .

The system allows any predetermined public value (e.g., an e-mail address) to be a public key. To encrypt a message, you do a mathematical operation as follows:

EncM = E(M, pubKey, p)

Where:
  EncM is the encrypted message
  E is the encryption operation
  M is the message
  pubKey is the public key (e-mail address)
  p is a set of public domain parameters

The parameters p are a set of values which any subset of people can use to communicate with each other, but which must be predetermined by a trusted party and shared with all communicants. When the trusted third party creates the public domain parameters, there is a matched set of secret domain parameters (call them sp) which allow the trusted party to determine the matching secret key for any public key. Namely, in this system, for every pubKey there is a matching secKey which can be used to decrypt an encrypted message. The secret domain parameters are needed to be able to calculate secKey from pubKey:

secKey = KD(pubKey, sp)

Where KD is the key derivation algorithm.

So, it all boils down to a system that's not dissimilar to a traditional CA-based public key system. In order for you to participate, you go to the trusted third party, they verify that you own the e-mail address you're claiming to possess (with whatever level of verification they insist upon), and if you do, they generate your secret key for you and send it to you. You can now decrypt messages which other people encrypt with that public key.

I don't think it's an interesting solution. I don't see any interesting application that's possible with this system which you couldn't do with existing public-key cryptography: for example, I could write a protocol & software where you could request a public key from a server for any e-mail address; if the user didn't already have an enrolled key, my trusted server would generate one and enroll it on their behalf. When they got an encrypted message, they could contact me, authenticate themselves, and I'd send them their secret key. The functionality ends up being pretty much the same, but you don't need goofy new crypto to accomplish it. Furthermore, no-one's bothered to deploy the system I describe (although it's obvious) which implies that market demand for such a system hasn't been held back by the fact that no one had figured out the math yet. All of this, on top of the fact that the private key, is, in essence, escrowed by the trusted third party, causes me to believe that this system doesn't fill an important unmet need.

- Tim




--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to