An Approach to Remove Key Escrow Problem in ID-Based Encryption From Pairing

TL;DR

This paper introduces a novel identity-based encryption scheme that balances government access and user privacy by distributing key escrow between two entities, enhancing security and privacy in cryptographic communications.

Contribution

It proposes an efficient democratic IBE model with dual key escrow, allowing government monitoring while protecting user privacy, addressing the key escrow problem in ID-based encryption.

Findings

The scheme enables government access to lawful messages.

It maintains user privacy through partial key escrow at PKPO.

The approach improves security over traditional key escrow methods.

Abstract

Key escrow refers to storing a copy of a cryptographic key with a trusted third party, typically a government agency or some other organization. Key escrow aims to ensure that law enforcement agencies can access encrypted data when necessary, for example, in criminal investigations or national security matters. However, key escrow also raises concerns about privacy and security. If the trusted third party is compromised, the stored keys could be exposed, and unauthorized parties could access sensitive information. This could result in a significant breach of privacy and potentially harm national security. In identity-based cryptography, the key escrow problem arises because a trusted third party, the Private Key Generator (PKG), generates the private keys for all users. This means that the PKG has complete control over the private keys, which raises concerns about the security and privacy of the users. To balance security and privacy concerns, some approaches have been proposed to address the key escrow problem. We propose an efficient democratic identity-based encryption model that balances the government's and users' rights while ensuring security and privacy. The key objective of the proposed scheme is to provide the government with authority to monitor unlawful messages while ensuring the user's privacy for their lawful messages. To achieve this, the scheme involves two entities: PKG and PKPO. The user's partial key is escrowed at PKG, while the partial key is stored at PKPO. The latter provides a privacy service to the user by confusing their signature, which the user with their personal information can only unlock.