Key Escrow Protocol Based on a Tripartite Authenticated Key Agreement and Threshold Cryptography

While instant messaging systems bring convenience to people's lives and work, they also make it easier for malicious users to discuss and plot illegal activities. Therefore, determining how to balance the privacy protection requirements of user communication in the network with the authorized monitoring requirements of law enforcement agencies (LEAs) is a meaningful task. To solve this problem, a new tripartite authenticated key agreement (Tri-AKA) protocol and a session key escrow scheme based on threshold cryptography and the new Tri-AKA protocol were proposed. In the proposed scheme, the LEA participates as a normal user in the key agreement process of two users and uses (t, n) threshold cryptography to share its ephemeral private key with n key escrow agents (KEAs). When necessary, the LEA can combine t KEAs to recover the specified session key and decrypt the communications, thereby preventing malicious administrators in the LEA from arbitrarily monitoring user communications. Finally, we proved the security of the proposed Tri-AKA protocol under the Computational Diffie-Hellman (CDH) assumption with the Random Oracle Model and the security of the proposed key escrow scheme under the Elliptic Curve Discrete Logarithm (ECDL) assumption. Analysis of our session key escrow scheme and comparison with other schemes show that our scheme can avoid the "once monitor, monitor forever'' scenario and achieve fine-grained control in each session. Moreover, our scheme has low storage overhead for each KEA.