From: Carl Ellison <cme@TIS.COM>
Date: Tue, 12 Dec 1995 05:59:37 +0800
To: froomkin@law.miami.edu
Subject: Re: NIST GAK export meeting, sv
In-Reply-To: <199512110001.QAA02413@comsec.com>
Message-ID: <9512111605.AA10870@tis.com>
MIME-Version: 1.0
Content-Type: text/plain



>CRYPTO: Does anyone recall the cite for a paper a few years that set out a
>way to have escrow agents who would be "oblivious" to the identity of the
>subject of the warrant?  And how would such an escrow agent be sure that
>they were not being duped by the feds? 

AFAIK, Clipper and most of the other systems had escrow agents oblivious to
the identity of the subject of the warrant.  I have seen *no* system which
allows an escrow agent to know it's not being duped by the feds and I
believe I know how to prove that that's not possible.

If you see any such system, please let me know.

BTW, there was Silvio Micali's design which allowed the escrow agents to
verify that they were given the right private key shares without anyone
learning the private key in the process.  That's the only oblivious
mechanism I recall in this business.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison      cme@tis.com    http://www.clark.net/pub/cme	   |
|Trusted Information Systems, Inc.   http://www.tis.com/                   |
|3060 Washington Road          PGP 2.6.2:  61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD  21738         Tel:(301)854-6889      FAX:(301)854-5363       |
+--------------------------------------------------------------------------+