Paper 2023/1785

There Is Always a Way Out! Destruction-Resistant Key Management: Formal Definition and Practical Instantiation

Yuan Zhang, University of Electronic Science and Technology of China
Yaqing Song, University of Electronic Science and Technology of China
Shiyu Li, University of Electronic Science and Technology of China
Weijia Li, University of Electronic Science and Technology of China
Zeqi Lai, Tsinghua University
Qiang Tang, The University of Sydney
Abstract

A central advantage of deploying cryptosystems is that the security of large high-sensitive data sets can be reduced to the security of a very small key. The most popular way to manage keys is to use a $(t,n)-$threshold secret sharing scheme: a user splits her/his key into $n$ shares, distributes them among $n$ key servers, and can recover the key with the aid of any $t$ of them. However, it is vulnerable to device destruction: if all key servers and user's devices break down, the key will be permanently lost. We propose a $\mathrm{\underline{D}}$estruction-$\mathrm{\underline{R}}$esistant $\mathrm{\underline{K}}$ey $\mathrm{\underline{M}}$anagement scheme, dubbed DRKM, which ensures the key availability even if destruction occurs. In DRKM, a user utilizes her/his $n^{*}$ personal identification factors (PIFs) to derive a cryptographic key but can retrieve the key using any $t^{*}$ of the $n^{*}$ PIFs. As most PIFs can be retrieved by the user $\textit{per se}$ without requiring $\textit{stateful}$ devices, destruction resistance is achieved. With the integration of a $(t,n)-$threshold secret sharing scheme, DRKM also provides $\textit{portable}$ key access for the user (with the aid of any $t$ of $n$ key servers) before destruction occurs. DRKM can be utilized to construct a destruction-resistant cryptosystem (DRC) in tandem with any backup system. We formally prove the security of DRKM, implement a DRKM prototype, and conduct a comprehensive performance evaluation to demonstrate its high efficiency. We further utilize Cramer's Rule to reduce the required buffer to retrieve a key from 25 MB to 40 KB (for 256-bit security).

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Key managementDestruction resistance
Contact author(s)
zhangyuan @ uestc edu cn
YaqingS @ 163 com
Shai_Li @ yeah net
tokio_0 @ 163 com
zeqilai @ tsinghua edu cn
qiang tang @ sydney edu au
History
2023-12-02: last of 2 revisions
2023-11-18: received
See all versions
Short URL
https://ia.cr/2023/1785
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX

@misc{cryptoeprint:2023/1785,
      author = {Yuan Zhang and Yaqing Song and Shiyu Li and Weijia Li and Zeqi Lai and Qiang Tang},
      title = {There Is Always a Way Out! Destruction-Resistant Key Management: Formal Definition and Practical Instantiation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1785},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1785}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.