Cryptology ePrint Archive: Report 2008/190

User-Sure-and-Safe Key Retrieval

Daniel R. L. Brown

Abstract: In a key retrieval scheme, a human user interacts with a client computer to retrieve a key. A scheme is user-sure if any adversary without access to the the user cannot distinguish the retrieved key from a random key. A scheme is user-safe if any adversary without access to the client's keys, or simultaneous user and client access, cannot exploit the user to distinguish the retrieved key from a random key. A multiple-round key retrieval scheme, where the user is given informative prompts to which the user responds, is proved to be user-sure and user-safe. Remote key retrieval involves a keyless client and a remote, keyed server. User-sure and user-safe are defined similarly for remote key retrieval. The scheme is user-anonymous if the server cannot identify the user. A remote version of the multiple-round key retrieval scheme is proved to be user-sure, user-safe and user-anonymous.

Category / Keywords: cryptographic protocols / user security

Date: received 28 Apr 2008

Contact author: dbrown at certicom com

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20080429:153125 (All versions of this report)

Discussion forum: Show discussion | Start new discussion