Browse Prior Art Database

Protecting Keys and Signature Keys Disclosure Number: IPCOM000131590D
Original Publication Date: 1983-Feb-01
Included in the Prior Art Database: 2005-Nov-11
Document File: 12 page(s) / 43K

Publishing Venue

Software Patent Institute

Related People

Dorothy E. Denning: AUTHOR [+3]


Public-key cryptography offers certain advantages, providing the keys can be adequately protected. For every security threat there must be an appropriate countermeasure.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 9% of the total text.

Page 1 of 12


This record contains textual material that is copyright ©; 1983 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Contact the IEEE Computer Society (714-821-8380) for copies of the complete work that was the source of this textual material and for all use beyond that as a record from the SPI Database.

Protecting Keys and Signature Keys

Dorothy E. Denning,

Purdue University

Public-key cryptography offers certain advantages, providing the keys can be adequately protected. For every security threat there must be an appropriate countermeasure.

With conventional one-key cryptography, the sender and receiver of a message share a secret encryption/ decryption key that allows both parties to encipher (encrypt) and decipher (decrypt) secret messages transmitted between them. By separating the encryption and decryption keys, public-key (two-key) cryptography has two attractive properties that conventional cryptography lacks: the ability to transmit messages in secrecy without any prior exchange of a secret key, and the ability to implement digital signatures that are legally binding. Publickey encryption alone, however, does not guarantee either message secrecy or signatures. Unless the keys are adequately protected, a penetrator may be able to read encrypted messages or forge signatures.

This article discusses the problem of protecting keys in a nationwide network using public-key cryptography for secrecy and digital signatures. Particular attention is given to detecting and recovering from key compromises, especially when a high level of security is required.

Public key cryptosystems

The concept of public-key cryptography was introduced by Diffie and Hellman in 1976.~ The basic idea is that each user A has a public key EA, which is registered in a public directory, and a private key DA, which is known only to the user. EA is the key to a public enciphering transformation, which is also written as EA. DA IS the key to a private deciphering transformation DA, which is related to EA but cannot be computationally determined from EA. We assume the public-key system is unbreakable; in particular, a cryptanalyst cannot determine a secret key from intercepted ciphertext even when the corresponding plaintext is known to or chosen by the cryptanalyst.

(Image Omitted: Figure 1. Network with key server.)

Consider an application environment in which each user has an intelligent terminal or personal workstation where his private key is stored and all cryptographic operations are performed. This terminal is connected to a nationwide network through a shared host, as shown in Figure 1. The public-key directory is managed by a network key server. Users communicate with each other or

with the server through electronic mail. When a user A needs the public key for another user B. A sends a message to the server requesting EB. A can then...