Time Encryption Algorithm?

Question

Time Encryption Algorithm?

I have an idea, but I have no idea which magic words to use on Google. I hope to describe this idea here, and maybe someone will find out what I'm looking for.

Imagine you have a database. Lots of data. It is encrypted. What I'm looking for is encryption, according to which, for decryption, the variable N must at some time hold the value of M (received from a third party, for example, a hardware token) or could not decrypt.

So imagine AES - well, AES is just one key. If you have a key, you are. Now imagine that AES is changed in such a way that the algorithm itself requires an additional fact, above and above the key - this is an additional binding from an external source and where this date changes with time.

Does it exist? Does he have a name?

+7

encryption

user82238 Jul 10 '12 at 15:31

source share

6 answers

Ilmari karonen · Answer 1 · 2013-08-15T19:00:48+0000

This is easy to do with a trusted third party. Yes, I know, you probably want a solution that does not need it, but carry me. we get to this, or at least close to it.

In any case, if you have a suitable trusted third-party organization, it’s easy: after encrypting your file with AES, you simply send your AES key to a third party, ask them to encrypt it with your key , send the result back to you and publish your key at a specific time in future. At this point (but not earlier), anyone with an AES encrypted key can now decrypt it and use it to decrypt the file.

Of course, a third party may require many key encryption keys, each of which will be published at a different time. Instead of storing them all on disk or something else, an easier way is to generate each key encryption key from a secret master key and an assigned release time, for example. applying the appropriate key generation function to them. Thus, a separate and (apparently) independent key can be generated for any desired release date or time.

In some cases, this solution can be practical. For example, a “trusted third party” may be an unauthorized access protected hardware security module with a built-in real-time clock and a secure external interface that allows keys to be encrypted for any release date, but should only be decrypted for past dates.

However, if the trusted third party is a remote entity providing a global service, sending each AES key for them to encrypt can be impractical, not to mention a potential security risk. In this case , public key cryptography can provide a solution: instead of using symmetric encryption to encrypt file encryption keys (for which they need to know the file encryption key or unlock the key encryption key), a trusted third-party organization can instead generate a pair of public / private keys for each release date and publicly publish the open half of the key pair, but refuse to disclose the private half before the specified release date. Anyone holding a public key can encrypt their own keys, but no one can decrypt them until the corresponding private key is revealed.

(Another private solution would be to use a secret exchange to split the AES key into shares and send only one share to a third party used for encryption. Like the public key solution described above, this will avoid disclosing the AES key to a third party, but unlike public key solutions will still require two-way communication between the cipher and a trusted third party.)

The obvious problem with both of the above solutions is that you (and everyone else) need to trust a third party generating the keys: if the third party is dishonest or compromised by an attacker, they can easily divulge private keys ahead of time.

There is, however, a clever method published in 2006 by Michael Rabin and Christopher Thorpe (and mentioned in this answer to crypto.SE by one of the authors) that at least partially addresses the issue. The trick is to distribute key generation to a network of several more or less reliable third parties in such a way that even if a limited number of parties are dishonest or compromised, none of them can learn secret keys until a sufficient majority of parties agree that it is really time set them free.

The Rabin and Thorpe protocol also protects against many other possible attacks by compromised parties, such as attempts to prevent the secret keys from being revealed at the appointed time or to cause the generated private or public keys to not match. I do not claim to fully understand their protocol, but, given that it is based on a combination of existing cryptographic methods of existing and well-studied studies, I see no reason why it should not comply with the declared security specifications.

Of course, the main difficulty here is that in order for these security specifications to actually be anything useful, you need a distributed network of key generators large enough so that no attacker can plausibly compromise a sufficient majority of them. Creating and maintaining such a network is not a trivial exercise.

Daniel S. · Answer 2 · 2013-08-22T14:52:04+0000

Yes, the view you are looking for exists. It is called time encrypted or abbreviated as TRE . Here is an article about it: http://cs.brown.edu/~foteini/papers/MathTRE.pdf

The following is an excerpt from a paragraph of the above document:

Currently, various e-business applications exist, such as print auctions and electronic voting, which require decryption of encrypted data with a time delay. There are at least three main categories of protocols in the literature that provide such temporary release encryption (TRE). They rely either on getting the message recipient to solve some laborious, non-parallelizable problem before they can decrypt or use the trusted object responsible for providing some of the information needed for decryption.

I personally like another name, which is "time capsule cryptography", probably coined at crypto.stackoverflow.com: Time Capsule cryptography? .

Icopo · Answer 3 · 2013-08-22T10:42:15+0000

The quick answer is no: the key used to decrypt the data cannot change over time unless you periodically decrypt and re-encrypt the entire database (I believe this is impossible).

The solution proposed by @Ilmari Karonen is the only possible one, but it needs a trusted third party, in addition, after receiving the AES master key, it can be reused in the future: you cannot use “disposable gaskets” with this solution.

Husain basrawala · Answer 4 · 2013-08-22T06:18:52+0000

If you want your token to be time based, you can use the TOTP algorithm

TOTP can help you generate the value of the variable N (token) at a given time M. Thus, the service requesting access to your database will attach the token that was generated using TOTP. When checking the token on the access provider side, you will check if the token matches the correct value depending on the current time. To create the same TOTP, you need to have a shared key at both ends.

The advantage of TOTP is that the value changes over time and one token cannot be reused.

I applied a similar thing to two-factor authentication.

"One-time password" may be your google word.

Aelphaeis · Answer 5 · 2013-08-22T12:39:47+0000

I believe that what you are looking for is called Public Key Cryptography or Public Key Encryption. Another good word for google is “asymmetric key encryption scheme”.

Google, and I'm sure you will find what you are looking for. For more information , Wikipedia article

An example of this is: Diffie-Hellman Key Exchange

Change (insert things into perspective) The second key can be determined by an algorithm that uses a certain time (for example, when inserting data) to generate a second key, which can be stored elsewhere.

jyz · Answer 6 · 2013-08-22T12:53:38+0000

As other guys noted, One Time Password might be a good solution for your scenario.

There is OTP implemented in C # , which you can see https://code.google.com/p/otpnet/ .

Time Encryption Algorithm?

More articles: