Fwd: [IP] A Simpler, More Personal Key to Protect Online Messages

Tim Dierks tim at dierks.org
Mon Jul 7 18:31:20 EDT 2003

>>A Simpler, More Personal Key to Protect Online Messages
>>The New York Times

I wrote this for another list I'm on:

This system is based on an identity-based cryptography scheme developed by 
Dan Boneh with Matt Franklin. You can find a link to his paper "Identity 
based encryption from the Weil pairing" on Dr. Boneh's website, 
http://crypto.stanford.edu/~dabo/pubs.html .

The system allows any predetermined public value (e.g., an e-mail address) 
to be a public key. To encrypt a message, you do a mathematical operation 
as follows:

   EncM = E(M, pubKey, p)

   EncM is the encrypted message
   E is the encryption operation
   M is the message
   pubKey is the public key (e-mail address)
   p is a set of public domain parameters

The parameters p are a set of values which any subset of people can use to 
communicate with each other, but which must be predetermined by a trusted 
party and shared with all communicants. When the trusted third party 
creates the public domain parameters, there is a matched set of secret 
domain parameters (call them sp) which allow the trusted party to determine 
the matching secret key for any public key. Namely, in this system, for 
every pubKey there is a matching secKey which can be used to decrypt an 
encrypted message. The secret domain parameters are needed to be able to 
calculate secKey from pubKey:

   secKey = KD(pubKey, sp)

Where KD is the key derivation algorithm.

So, it all boils down to a system that's not dissimilar to a traditional 
CA-based public key system. In order for you to participate, you go to the 
trusted third party, they verify that you own the e-mail address you're 
claiming to possess (with whatever level of verification they insist upon), 
and if you do, they generate your secret key for you and send it to you. 
You can now decrypt messages which other people encrypt with that public key.

I don't think it's an interesting solution. I don't see any interesting 
application that's possible with this system which you couldn't do with 
existing public-key cryptography: for example, I could write a protocol & 
software where you could request a public key from a server for any e-mail 
address; if the user didn't already have an enrolled key, my trusted server 
would generate one and enroll it on their behalf. When they got an 
encrypted message, they could contact me, authenticate themselves, and I'd 
send them their secret key. The functionality ends up being pretty much the 
same, but you don't need goofy new crypto to accomplish it. Furthermore, 
no-one's bothered to deploy the system I describe (although it's obvious) 
which implies that market demand for such a system hasn't been held back by 
the fact that no one had figured out the math yet. All of this, on top of 
the fact that the private key, is, in essence, escrowed by the trusted 
third party, causes me to believe that this system doesn't fill an 
important unmet need.

  - Tim

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list