Cryptographic key recovery system

Assignee

• International Business Machines Corporation · US

Inventors

• Donald B. Johnson · Manassas, US
• Paul A. Karger · Chappaqua, US
• Charles W. Kaufman · Northborough, US
• Stephen M. Matyas · Manassas, US
• Marcel Mordechay Yung · New York, US
• Nevenko Zunic · Wappingers Falls, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/0894
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A cryptographic key recovery system for generating a cryptographic key for use by a pair of communicating parties while simultaneously providing for its recovery using one or more key recover agents. A plurality of m-bit shared key parts (P, Q) are generated which are shared with respective key recovery agents, while an n-bit nonshared key part (R) is generated that is not shared with any key recovery agent. The shared key parts (P, Q) are combined to generate an m-bit value which is concatenated with the nonshared key part (R) to generate an (m+n)-bit value from which an encryption key is generated. The cryptographic system has the effective work factor of an n-bit key to all of the key recovery agents acting in concert, but has the effective work factor of an (m+n)-bit to any other combination of third parties. The quantity n is selected to make authorized key recovery feasible, but not so trivial as to permit routine decryption of intercepted communications, while the quantity m is selected to make decryption by unauthorized third parties infeasible. Means are provided for verifying that the shared key parts have been shared with the key recovery agents before permitting encrypt…