Score:1

Can this kind of encryption scheme be useful in practice?

in flag

Recently, I have an idea to construct an public-key encryption scheme which contains five algorithms:

  1. Setup($1^k$): generate public parameters $pp$ and a master key $mk$.
  2. KeyGen($pp$): take $pp$ as input and generate public key $pk$ and secret key $sk$.
  3. Encryption($msg, pk$): take $msg, pk$ as inputs, output ciphertext $c$.
  4. Decryption($c, sk$): take $c, sk$ as inputs, output message $msg$.
  5. GlobalDecryption($c, mk$): take $c, mk$ as inputs, output message $msg$.

In the above algorithms, the master key $mk$ can decrypt each ciphertext generated by encryption algorithm using different $pk$.

So, if this kind of encryption scheme was existed, can it be meaning in real life? or is it suitable for some scenes? what kind of scene?

jjj avatar
cn flag
jjj
You obviously would not use it if you don't want any 3rd party to know the encrypted message. But if you would want that, there would be no need for such an algorithm, because you could just encrypt it for both, the recipient and the 3rd party.
ming alex avatar
in flag
@jjj Assuming there is a company whose security requirements are: 1. All messages transmitted in the internal network of company are needed to be encrypted, also in the database. 2. A content auditor need to check all the encrypted message whether contains sensitive information, such as business secret or illegal msg. Do you think the scheme is meaningful for this scene?
fgrieu avatar
ng flag
Some setups/variants of PGP operate like in the question. The encryption is configured to always encipher with the company's public key (which is your $pp$) in addition to the recipient's public key, and the company's private key is your $mk$. In what you describe the security parameter determining the size of your $(pk,sk)$ comes from your $pp$, I can't remember if that's automated in these variants of PGP, and if the UI keeps $pp$ with $pk$ to automate the encryption with $pp$. In GPG, these things are voluntary: users chooses size of their key and to put `encrypt-to pp` in the config file.
poncho avatar
my flag
Actually, IBE (Identity Based Encryption) already comes pretty close to meeting your definition; the only differences are in step 2 (where the KeyGen depends on the master key as well), and step 5 (where the GlobalDecrypt operation would need the public key)
jjj avatar
cn flag
jjj
@mingalex yes, it would be useful. But it can also be achieved as I described. The company can just make it a requirement for the employees to always encrypt with both keys
ming alex avatar
in flag
@poncho Yes! just because that I studied the IBE, the idea of IBE inspired me to design another encryption scheme meeting some strange requirements... In my design, duo to orignal IBE needed trusted party to generate private key for each ID, I try to overcome the shortcoming to make each user generate private key by itself without mk.
poncho avatar
my flag
It's not clear to me how big IBE's 'need the master key to generate a secret key' is as a shortcoming. After all, with any method that meets your requirements, anyone with the master key can already decrypt anything they want, hence they effectively hold everyone's secret keys; does where the actual computation takes place matter?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.