Paper 2023/1785

There Is Always a Way Out! Destruction-Resistant Key Management: Formal Definition and Practical Instantiation

Abstract

A central advantage of deploying cryptosystems is that the security of large high-sensitive data sets can be reduced to the security of a very small key, i.e., a master key. The most popular way to manage the master key is to use $(t,n)-$threshold secret sharing schemes: a user splits and distributes her/his key among $n$ key servers, and can recover the key with the aid of any $t$ of them. However, it is vulnerable to device destruction: if all key servers and users' devices break down, the key will be permanently lost. We propose a Destruction-Resistant Key Management scheme, dubbed DRKM, which ensures the key availability even if destruction occurs. In DRKM, a user utilizes her/his $n^{*}$ personal identification factors (PIFs) to derive a cryptographic key but can retrieve the key using any $t^{*}$ of the $n^{*}$ PIFs. As most PIFs can be retrieved by the user per se without requiring stateful devices, destruction resistance is achieved. With the integration of a $(t,n)-$threshold secret sharing scheme, DRKM achieves portable key access by invoking any $t$ key servers before destruction occurs. We prove the DRKM's security, implement its prototype, and conduct a comprehensive performance evaluation to demonstrate its high efficiency.