Cryptography Reference
In-Depth Information
GK
##$
G(
%
,
G
%
,
Figure 19.2
Key escrow and key encapsulation.
The EES was basically a secret splitting scheme with two governmental bodies
acting as escrow agents. This was the major problem of the EES. People were
concerned about the possibility of having the government illegitimitely decrypting
their communications (without any restriction in time). Also, it was argued that
key escrow on transmitted data is neither necessary nor particularly useful (because
either end of the communication can always provide the data in unencrypted form).
The controversy about the EES and the Clipper chip suddenly came to an end
when it was shown that the original design of the EES was deeply flawed [10] (you
may also refer to [11] for the entire story about the EES, the Clipper chip, and the
crypto debate). The flaw was an authentication field that was too short to provide
protection against a brute-force attack.
In 1997, a group of recognized cryptographers wrote and published an influen-
tial paper entitled
The Risks of Key Recovery, Key Escrow, and Trusted Third-Party
Encryption
[12]. This paper provides a good summary about all relevant arguments
against key recovery that is controlled by external TTPs, such as governmental agen-
cies. As a result of the relaxation of the U.S. export controls on cryptography (as
briefly addressed in the Preface), the situation is more relaxed today, and many com-
mercial products implement key recovery mechanisms and services for voluntary
use.
