摘要 |
A fair escrow cryptosystem protocol is described which enables a user's private key to be divided into shares which are held by respective escrow agents such that the correctness of the shares can be ascertained without requiring the escrow agents to be on-line. The protocol is advantageously applied to the RSA cryptosystem wherein the user generates a public/private key pair and transmits a respective share of the private key to each of a plurality of escrow agents, each share being encrypted using the public key of the respective escrow agent. The protocol enables anyone to verify the correctness of the shares from the knowledge of the user's and the escrow agents' public keys. |