Public key encryption systems are used to send and receive encrypted messages. Public key encryption systems are those in which a message is encrypted by performing a mathematical algorithm using a publicly available value, called the public key. Then, the recipient decrypts the message by performing an algorithm using a private value, called the private key. Public key encryption depends on choosing an encryption algorithm, E, and a decryption algorithm, D, such that deriving D, even given a complete description of E, would be effectively impossible. The three requirements of public key encryption are:
1. D(E(P))=P, wherein P is the message; PA1 2. It is exceedingly difficult to deduce D from E; and PA1 3. E cannot be broken by attacking P. PA1 (1) a dealing phase, when a dealer who knows the secret creates its shares and distributes them among the share holders; PA1 (2) a storage phase, when the shares are maintained by the share holders; and PA1 (3) a reconstruction phase, when the share holders reconstruct the secret from their shares. PA1 A server is compromised to the adversary if she breaks into it and learns all the secret information stored at this server: its secret share and keys used for communication. PA1 The adversary freezes a server if she causes it to stop working. It is assumed, however, that as soon as the adversary is purged, the server can return to performing the correct protocol (i.e., no data is lost). Cutting the server's access to the network is an example of freezing a server. Shutting off the power or killing all the processes on the server also constitute freezing, if all the necessary data (variables and the algorithm code) is not erased or modified. A frozen server does not send or receive any messages; it is idle until human intervention brings it up again. PA1 The adversary controls a server if she can change the protocol it performs and cause it to send messages that are incorrect with respect to the original protocol. From the other server's point of view, such a server is cheating or dishonest. Freezing is a trivial case of controlling. PA1 The adversary disables a server when she manages to erase or modify the secret data that the server stores. Erasing the protocol code or erasing public keys of other servers makes it harder for the system management to bring this server back to life, but since this information is public, it can be reinstalled into the server without exposing any secret information to the system operators. It is the destruction of server's secret share that makes a qualitative difference between freezing and disabling. PA1 During the reconstruction phase freeze or disable up to N-(k+1) out of n servers. During the storage phase, the adversary can freeze more servers, and the threshold scheme will still be secure, provided that these servers are brought up before the reconstruction phase starts. PA1 During the lifetime of the algorithm compromise k out of n servers. Compromising (k+1) out of n servers allows the adversary to reconstruct the secret by herself. PA1 1. No group of k or fewer servers participating in the update protocol can learn anything about the new shares of other servers. PA1 2. Knowing k out of n previous shares and k out of n new shares does not reveal any information about the secret share.
Thus, the public key can be distributed freely. The private key, however, must be kept private by the entity that uses it. If an intruder accesses the memory content of the entity, the system security is broken. This holds true for all the original public key patents. In Key escrow systems and Micali's fair cryptosystems, the private key is split into many portions and each portion is held by a different entity. However, if with passing time an intruder is able to read each entity's memory, system security is broken.