Secure key issuing cryptography

Secure key issuing is variant of ID-based cryptography that reduces the level of trust that needs to be placed in a trusted third party by spreading the trust across multiple third parties. In addition to the normally transmitted information the user supplies what is known as "blinding" information which can be used to blind (hide) data so that only the user can later retrieve it. The third party provides a "blinded" partial private key, which is then passed on to several other third party in order, each adding another part of the key before blinding it and passing it on. Once the user gets the key they (and only they) can unblind it and retrieve their full private key, after which point the system becomes the same as identity based cryptography.

If all of the third parties cooperate they can recover the private key, so key escrow problems arise only if all of the third parties are untrustworthy. In other areas of information security this is known as a cascade, if every member of the cascade is independent and the cascade is large then the system may be considered trustworthy in actual practice.

The paper below states that "Compared with certificate-based cryptography, ID-based cryptography is advantageous in key management, since key distribution and key revocation are not required." However this poses a problem in long-lived environments where an identity (such as an email address) may shift in ownership over time and old keys need to be revoked and new keys associated with that identity provided to a new party.