Design and analyses of two basic protocols for use in TTP-based key escrow

Abstract

In this paper, we study two basic protocols which are important in realizing TTP-based key escrow systems. A TTP-based key escrow system was studied in [3] under the scenario of multiple domains (e.g., countries), where a protocol based on verifiable secret sharing scheme was proposed to transfer a shared secret from one set of TTPs to another set of TTPs. However, the protocol only allows one step transfer, i.e., transfer a shared secret from set A to set B, but the same shared secret can not be further transferred from B to any other set. Our first protocol improves the protocol in [3] to allow multiple step transfers. The problem of subliminal channel in key escrow was studied in [10] and [3], where they listed five properties a protocol should satisfy in order to avoid subliminal channel and proposed a protocol which fulfills the five properties. We argue that the first property is unnecessarily strong and propose a weaker property as a replacement. We also present a new protocol which satisfies the modified first and the other four properties. Finally, we discuss the two protocols in the presence of dishonest TTPs.