@InProceedings{GPR98, author = { Oded Goldreich and Birgit Pfitzmann and Ronald L. Rivest }, title = { Self-Delegation with Controlled Propagation ---or--- What if you lose your laptop }, pages = { 153--168 }, doi = { 10.1007/BFb0055726 }, booktitle = { Advances in Cryptology -- Proceedings 18th Annual Cryptology Conference }, date = { 1998-08 }, publisher = { Springer }, editor = { Hugo Krawczyk }, OPTyear = { 1998 }, OPTmonth = { August 23--27 }, series = { Lecture Notes in Computer Science }, volume = { 1462 }, eventtitle = { CRYPTO'98 }, eventdate = { 1998-08-23/1998-08-27 }, venue = { Santa Barbara, California }, note = { This paper also appears as IACR Cryptology ePrint Archive Report 1997/012. }, urla = { ePrint-1997/012 }, keywords = { delegation, subkeys, key hierarchy, zero-knowledge proofs, knowledge complexity, threshold schemes, gradual release of secrets, signature schemes, non-interactive zero-knowledge, commitment schemes }, abstract = { We introduce delegation schemes wherein a user may delegate certain rights to himself, but may not safely delegate these rights to others. In our motivating application, a user has a primary (long-term) key that receives some personalized access rights, yet the user may reasonably wish to delegate these rights to new secondary (short-term) keys he creates to use on his laptop when traveling, to avoid having to store his primary secret key on the vulnerable laptop. We propose several cryptographic schemes, both generic ones under general assumptions and more specific practical ones, that fulfill these somewhat conflicting requirements, without relying on special-purpose (e.g., tamper-proof) hardware. This is an extended abstract of our work [Cryptology ePrint Archive Report 1997/012]. }, }