mRSA & SEM

Mediated RSA (mRSA) is an RSA scheme that enables easy key revocation. Suppose Bob has sent an encrypted email containing business secrets to Alice. Before Alice opens his inbox, she was fired by her boss. Although Alice now has no rights to read that email anymore, she is still able to decrypt Bob's message because Alice still knows the private key. A similar scenario also happens in digital signature. The current solutions to the key (or certificate) revocation problem includes CRL (Certifcate Revocation List), CRT (Certificate Revocation Tree), OCSP (Online Certificate Status Protocol). But mRSA provides a more elegant solution using the SEM architecture.

 

Under the SEM (SEcurity Mediator) architecture, the client does not know the full private key.
Let the full private key be d. We have d = du + dsem  (mod phi(N))
The user knows du, and also obtains an encrypted dsem. dsem is the SEM's key share, encrypted by the SEM's private key.

 

Below is an illustration of the generation of a signature using mRSA:
 

To revoke Alice's private key, all we have to do is to instruct the SEM to ignore requests from Alice.
 

SemMail

Links

[ps][pdf] Instantaneous Revocation of Security Capabilities by D. Boneh, X. Ding and G. Tsudik Project SUCSES

Project Staff

Dan Boneh Xuhua Ding Gene Tsudik Chi Ming Wong (a.k.a. bc)

Last updated: