Advertisement

Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials

  • Georg Fuchsbauer
  • Christian Hanser
  • Daniel Slamanig
Article
  • 90 Downloads

Abstract

Structure-preserving signatures (SPS) are a powerful building block for cryptographic protocols. We introduce SPS on equivalence classes (SPS-EQ), which allow joint randomization of messages and signatures. Messages are projective equivalence classes defined on group-element vectors, so multiplying a vector by a scalar yields a different representative of the same class. Our scheme lets one adapt a signature for one representative to a signature for another representative without knowledge of any secret. Moreover, given a signature, an adapted signature for a different representative is indistinguishable from a fresh signature on a random message. We propose a definitional framework for SPS-EQ and an efficient construction in Type-3 bilinear groups, which we prove secure against generic forgers. We also introduce set-commitment schemes that let one open subsets of the committed set. From this and SPS-EQ, we then build an efficient multi-show attribute-based anonymous credential system for an arbitrary number of attributes. Our ABC system avoids costly zero-knowledge proofs and only requires a short interactive proof to thwart replay attacks. It is the first credential system whose bandwidth required for credential showing is independent of the number of its attributes, i.e., constant-size. We propose strengthened game-based security definitions for ABC and prove our scheme anonymous against malicious organizations in the standard model; finally, we discuss a concurrently secure variant in the CRS model.

Keywords

Public-key cryptography Pairing-based cryptography Structure-preserving signatures Attribute-based anonymous credentials Set commitments 

Notes

Acknowledgements

Work started while the first author was at IST Austria and supported by the European Research Council, ERC Starting Grant (259668-PSPC); now supported by the French ANR EfTrEC project (ANR-16-CE39-0002). Work has been done while the second and third authors were at IAIK, Graz University of Technology. The second author has been supported by the European Commission through projects FP7-MATTHEW (GA No. 610436) and FP7-FutureID (GA No. 318424). The work of the last author has been supported by the European Commission through project FP7-FutureID (GA No. 318424) and by EU Horizon 2020 through project Prismacloud (GA No. 644962).

References

  1. 1.
    J.H. Ahn, D. Boneh, J. Camenisch, S. Hohenberger, A. Shelat, B. Waters, Computing on authenticated data, in Ronald Cramer, editor, TCC 2012, volume 7194 of LNCS. (Springer, Heidelberg, March 2012), pp. 1–20Google Scholar
  2. 2.
    M. Abe, M. Chase, B. David, M. K., R. Nishimaki, M. Ohkubo, Constant-size structure-preserving signatures: Generic constructions and simple assumptions, in Xiaoyun Wang and Kazue Sako, editors, ASIACRYPT 2012, volume 7658 of LNCS. (Springer, Heidelberg, 2012), pp. 4–24Google Scholar
  3. 3.
    M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, M. Ohkubo, Structure-preserving signatures and commitments to group elements, in Tal Rabin, editor, CRYPTO 2010, volume 6223 of LNCS. (Springer, Heidelberg, August 2010), pp. 209–236Google Scholar
  4. 4.
    M. Abe, J. Groth, K. Haralambiev, M. Ohkubo, Optimal structure-preserving signatures in asymmetric bilinear groups, in Phillip Rogaway, editor, CRYPTO 2011, volume 6841 of LNCS. (Springer, Heidelberg, August 2011), pp. 649–666Google Scholar
  5. 5.
    M. Abe, J. Groth, M. Ohkubo, M. Tibouchi, Structure-preserving signatures from type II pairings, in Juan A. Garay and Rosario Gennaro, editors, CRYPTO 2014, Part I, volume 8616 of LNCS. (Springer, Heidelberg, August 2014), pp. 390–407Google Scholar
  6. 6.
    M. Abe, J. Groth, M. Ohkubo, M. Tibouchi, Unified, minimal and selectively randomizable structure-preserving signatures, in Yehuda Lindell, editor, TCC 2014, volume 8349 of LNCS. (Springer, Heidelberg, February 2014), pp. 688–712Google Scholar
  7. 7.
    M. Abe, D. Hofheinz, R. Nishimaki, M. Ohkubo, J. Pan, Compact structure-preserving signatures with almost tight security, in Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part II, volume 10402 of LNCS. (Springer, Heidelberg, August 2017), pp. 548–580Google Scholar
  8. 8.
    M. Abe, K. Haralambiev, M. Ohkubo, Signing on elements in bilinear groups for modular protocol design. Cryptology ePrint Archive, Report 2010/133, (2010). http://eprint.iacr.org/2010/133
  9. 9.
    M. Abe, M. Kohlweiss, M. Ohkubo, M. Tibouchi, Fully structure-preserving signatures and shrinking commitments, in Elisabeth Oswald and Marc Fischlin, editors, EUROCRYPT 2015, Part II, volume 9057 of LNCS. (Springer, Heidelberg, April 2015), pp. 35–65Google Scholar
  10. 10.
    N. Attrapadung, B. Libert, T. Peters, Computing on authenticated data: New privacy definitions and constructions, in Xiaoyun Wang and Kazue Sako, editors, ASIACRYPT 2012, volume 7658 of LNCS. (Springer, Heidelberg, December 2012), pp. 367–385Google Scholar
  11. 11.
    N. Attrapadung, B. Libert, T. Peters, Efficient completely context-hiding quotable and linearly homomorphic signatures, in K. Kurosawa and G. Hanaoka, editors, PKC 2013, volume 7778 of LNCS. (Springer, Heidelberg, February/March 2013), pp. 386–404Google Scholar
  12. 12.
    N. Akagi, Y. Manabe, T. Okamoto, An efficient anonymous credential system, in G. Tsudik, editor, FC 2008, volume 5143 of LNCS. (Springer, Heidelberg, January 2008), pp. 272–286Google Scholar
  13. 13.
    M.H. Au, W. Susilo, Y. Mu, Constant-size dynamic k-TAA, in R. De Prisco and M. Yung, editors, SCN 06, volume 4116 of LNCS. (Springer, Heidelberg, September 2006), pp. 111–125Google Scholar
  14. 14.
    D. Boneh, X. Boyen, Short signatures without random oracles, in C. Cachin and J. Camenisch, editors, EUROCRYPT 2004, volume 3027 of LNCS. (Springer, Heidelberg, May 2004), pp. 56–73Google Scholar
  15. 15.
    D. Boneh, X. Boyen, E.-J. Goh, Hierarchical identity based encryption with constant size ciphertext, in R. Cramer, editor, EUROCRYPT 2005, volume 3494 of LNCS. (Springer, Heidelberg, May 2005), pp. 440–456Google Scholar
  16. 16.
    D. Boneh, X. Boyen, H. Shacham, Short group signatures, in M. Franklin, editor, CRYPTO 2004, volume 3152 of LNCS. (Springer, Heidelberg, August 2004), pp. 41–55Google Scholar
  17. 17.
    D. Boneh, H. Corrigan-Gibbs, Bivariate polynomials modulo composites and their applications, in P. Sarkar and T. Iwata, editors, ASIACRYPT 2014, Part I, volume 8873 of LNCS. (Springer, Heidelberg, December 2014), pp. 42–62Google Scholar
  18. 18.
    M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A. Lysyanskaya, H. Shacham, Randomizable proofs and delegatable anonymous credentials, in S. Halevi, editor, CRYPTO 2009, volume 5677 of LNCS. (Springer, Heidelberg, August 2009), pp. 108–125Google Scholar
  19. 19.
    M. Belenkiy, M. Chase, M. Kohlweiss, A. Lysyanskaya, P-signatures and noninteractive anonymous credentials, in R. Canetti, editor, TCC 2008, volume 4948 of LNCS. (Springer, Heidelberg, March 2008), pp. 356–374Google Scholar
  20. 20.
    G. Barthe, E. Fagerholm, D. Fiore, A. Scedrov, B. Schmidt, M. Tibouchi, Strongly-optimal structure preserving signatures from type II pairings: Synthesis and lower bounds, in J. Katz, editor, PKC 2015, volume 9020 of LNCS. (Springer, Heidelberg, March/April 2015), pp. 355–376Google Scholar
  21. 21.
    D. Boneh, D. Freeman, J. Katz, B. Waters, Signing a linear subspace: Signature schemes for network coding, in S. Jarecki and G. Tsudik, editors, PKC 2009, volume 5443 of LNCS. (Springer, Heidelberg, March 2009), pp. 68–87Google Scholar
  22. 22.
    O. Blazy, G. Fuchsbauer, D. Pointcheval, D. Vergnaud, Signatures on randomizable ciphertexts, in D. Catalano, N. Fazio, R. Gennaro, and A. Nicolosi, editors, PKC 2011, volume 6571 of LNCS. (Springer, Heidelberg, March 2011), pp. 403–422Google Scholar
  23. 23.
    M. Bellare, G. Fuchsbauer, A. Scafuro, NIZKs with an untrusted CRS: Security in the face of parameter subversion, in J. H. Cheon and T. Takagi, editors, ASIACRYPT 2016, Part II, volume 10032 of LNCS. (Springer, Heidelberg, December 2016), pp. 777–804Google Scholar
  24. 24.
    F. Baldimtsi, A. Lysyanskaya, Anonymous credentials light, in A.-R. Sadeghi, V.D. Gligor, and M. Yung, editors, ACM CCS 13. (ACM Press, November 2013), pp. 1087–1098Google Scholar
  25. 25.
    P.S.L.M. Barreto, M. Naehrig, Pairing-friendly elliptic curves of prime order, in B. Preneel and S. Tavares, editors, SAC 2005, volume 3897 of LNCS. (Springer, Heidelberg, August 2006), pp. 319–331Google Scholar
  26. 26.
    X. Boyen, The uber-assumption family (invited talk), in S.D. Galbraith and K.G. Paterson, editors, PAIRING 2008, volume 5209 of LNCS. (Springer, Heidelberg, 2008), pp. 39–56Google Scholar
  27. 27.
    N. Bari, B. Pfitzmann, Collision-free accumulators and fail-stop signature schemes without trees, in W. Fumy, editor, EUROCRYPT’97, volume 1233 of LNCS. (Springer, Heidelberg, May 1997), pp. 480–494Google Scholar
  28. 28.
    S. Brands, Rethinking public-key Infrastructures and Digital Certificates: Building in Privacy. (MIT Press, 2000)Google Scholar
  29. 29.
    M. Bellare, H. Shi, C. Zhang, Foundations of group signatures: The case of dynamic groups, in A. Menezes, editor, CT-RSA 2005, volume 3376 of LNCS. (Springer, Heidelberg, February 2005), pp. 136–153Google Scholar
  30. 30.
    R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, in 42nd FOCS. IEEE Computer Society Press, (October 2001), pp. 136–145Google Scholar
  31. 31.
    J. Camenisch, M. Dubovitskaya, K. Haralambiev, M. Kohlweiss, Composable and modular anonymous credentials: definitions and practical constructions, in T. Iwata and J.H. Cheon, editors, ASIACRYPT 2015, Part II, volume 9453 of LNCS. (Springer, Heidelberg, November/December 2015), pp. 262–288Google Scholar
  32. 32.
    R. Cramer, I. Damgård, P.D. MacKenzie, Efficient zero-knowledge proofs of knowledge without intractability assumptions, in H. Imai and Y. Zheng, editors, PKC 2000, volume 1751 of LNCS. (Springer, Heidelberg, January 2000), pp. 354–372Google Scholar
  33. 33.
    D. Catalano, D. Fiore, Vector commitments and their applications. In K. Kurosawa and G. Hanaoka, editors, PKC 2013, volume 7778 of LNCS. (Springer, Heidelberg, February / March 2013), pp. 55–72Google Scholar
  34. 34.
    D. Catalano, D. Fiore, B. Warinschi, Efficient network coding signatures in the standard model, in M. Fischlin, J. Buchmann, and M. Manulis, editors, PKC 2012, volume 7293 of LNCS. (Springer, Heidelberg, 2012), pp. 680–696Google Scholar
  35. 35.
    J. Camenisch, T. Groß, Efficient attributes for anonymous credentials. ACM Transactions on Information and System Security, 15(1), 4, (2012)Google Scholar
  36. 36.
    M. Chase, C. Ganesh, P. Mohassel, Efficient zero-knowledge proof of algebraic and non-algebraic statements with applications to privacy preserving credentials, in M. Robshaw and J. Katz, editors, CRYPTO 2016, Part III, volume 9816 of LNCS. (Springer, Heidelberg, 2016), pp. 499–530Google Scholar
  37. 37.
    J. Camenisch, S. Krenn, A. Lehmann, G.L. Mikkelsen, G. Neven, M.Ø. Pedersen, Formal treatment of privacy-enhancing credential systems, in O. Dunkelman and L. Keliher, editors, SAC 2015, volume 9566 of LNCS. (Springer, Heidelberg, August 2016), pp. 3–24Google Scholar
  38. 38.
    M. Chase, M. Kohlweiss, A. Lysyanskaya, S. Meiklejohn. Malleable proof systems and applications, in D. Pointcheval and T. Johansson, editors, EUROCRYPT 2012, volume 7237 of LNCS. (Springer, Heidelberg, April 2012), pp. 281–300Google Scholar
  39. 39.
    M. Chase, M. Kohlweiss, A. Lysyanskaya, S. Meiklejohn. Malleable signatures: New definitions and delegatable anonymous credentials, in IEEE 27th Computer Security Foundations Symposium, CSF 2014, (2014), pp. 199–213Google Scholar
  40. 40.
    J. Camenisch, A. Lysyanskaya, An efficient system for non-transferable anonymous credentials with optional anonymity revocation, in B. Pfitzmann, editor, EUROCRYPT 2001, volume 2045 of LNCS. (Springer, Heidelberg, May 2001), pp. 93–118Google Scholar
  41. 41.
    J. Camenisch, A. Lysyanskaya, A signature scheme with efficient protocols, in S. Cimato, C. Galdi, and G. Persiano, editors, SCN 02, volume 2576 of LNCS. (Springer, Heidelberg, September 2003), pp. 268–289Google Scholar
  42. 42.
    J. Camenisch, A. Lysyanskaya, Signature schemes and anonymous credentials from bilinear maps, in M. Franklin, editor, CRYPTO 2004, volume 3152 of LNCS. (Springer, Heidelberg, August 2004), pp. 56–72Google Scholar
  43. 43.
    S. Canard, R. Lescuyer, Anonymous credentials from (indexed) aggregate signatures, in DIM’11, Proceedings of the 2013 ACM Workshop on Digital Identity Management, Chicago, IL, USA - October 21, 2011, (2011), pp. 53–62Google Scholar
  44. 44.
    S. Canard, R. Lescuyer, Protecting privacy by sanitizing personal data: a new approach to anonymous credentials, in K. Chen, Q. Xie, W. Qiu, N. Li, and W.-G. Tzeng, editors, ASIACCS 13. (ACM Press, May 2013), pp. 381–392Google Scholar
  45. 45.
    S. Chatterjee, A. Menezes, On cryptographic protocols employing asymmetric pairings - the role of \(\varPsi \) revisited. Discrete Applied Mathematics 159(13), 1311–1322, (2011)Google Scholar
  46. 46.
    D. Chaum, T.P. Pedersen, Wallet databases with observers, in E.F. Brickell, editor, CRYPTO’92, volume 740 of LNCS. (Springer, Heidelberg, 1993), pp. 89–105Google Scholar
  47. 47.
    I. Damgård, Efficient concurrent zero-knowledge in the auxiliary string model, in B. Preneel, editor, EUROCRYPT 2000, volume 1807 of LNCS. (Springer, Heidelberg, May 2000), pp. 418–430Google Scholar
  48. 48.
    I. Damgård, H. Haagh, C. Orlandi, Access control encryption: Enforcing information flow with cryptography, in M. Hirt and A.D. Smith, editors, TCC 2016-B, Part II, volume 9986 of LNCS. (Springer, Heidelberg, October/November 2016), pp. 547–576Google Scholar
  49. 49.
    D. Derler, C. Hanser, D. Slamanig, A new approach to efficient revocable attribute-based anonymous credentials, in J. Groth, editor, 15th IMA International Conference on Cryptography and Coding, volume 9496 of LNCS. (Springer, Heidelberg, 2015), pp. 57–74Google Scholar
  50. 50.
    D. Derler, C. Hanser, D. Slamanig, Revisiting cryptographic accumulators, additional properties and relations to other primitives, in K. Nyberg, editor, CT-RSA 2015, volume 9048 of LNCS. (Springer, Heidelberg, April 2015), pp. 127–144Google Scholar
  51. 51.
    D. Derler, D. Slamanig, Fully-anonymous short dynamic group signatures without encryption. IACR Cryptology ePrint Archive, 2016:154, (2016)Google Scholar
  52. 52.
    G. Fuchsbauer, R. Gay, Weakly secure equivalence-class signatures from standard assumptions, in M. Abdalla, editor, PKC 2018, LNCS. (Springer, 2018)Google Scholar
  53. 53.
    G. Fuchsbauer, R. Gay, L. Kowalczyk, C. Orlandi, Access control encryption for equality, comparison, and more, in S. Fehr, editor, PKC 2017, Part II, volume 10175 of LNCS. (Springer, Heidelberg, 2017), pp. 88–118Google Scholar
  54. 54.
    G. Fuchsbauer, C. Hanser, C. Kamath, D. Slamanig, Practical round-optimal blind signatures in the standard model from weaker assumptions, in V. Zikas and R. De Prisco, editors, SCN 16, volume 9841 of LNCS. (Springer, Heidelberg, August/September 2016), pp. 391–408Google Scholar
  55. 55.
    G. Fuchsbauer, C. Hanser, D. Slamanig, Practical round-optimal blind signatures in the standard model, in R. Gennaro and M.J.B. Robshaw, editors, CRYPTO 2015, Part II, volume 9216 of LNCS, pp. 233–253. (Springer, Heidelberg, August 2015)Google Scholar
  56. 56.
    E. Fujisaki, T. Okamoto, A practical and provably secure scheme for publicly verifiable secret sharing and its applications. In K. Nyberg, editor, EUROCRYPT’98, volume 1403 of LNCS. (Springer, Heidelberg, May/June 1998), pp. 32–46Google Scholar
  57. 57.
    D.M. Freeman, Improved security for linearly homomorphic signatures: A generic framework, in M. Fischlin, J. Buchmann, and M. Manulis, editors, PKC 2012, volume 7293 of LNCS. (Springer, Heidelberg, May 2012), pp. 697–714Google Scholar
  58. 58.
    G. Fuchsbauer, Automorphic signatures in bilinear groups and an application to round-optimal blind signatures. Cryptology ePrint Archive, Report 2009/320 (2009). http://eprint.iacr.org/2009/320.
  59. 59.
    G. Fuchsbauer, Commuting signatures and verifiable encryption, in K.G. Paterson, editor, EUROCRYPT 2011, volume 6632 of LNCS. (Springer, Heidelberg, May 2011), pp. 224–245Google Scholar
  60. 60.
    G. Fuchsbauer, Breaking existential unforgeability of a signature scheme from asiacrypt 2014. Cryptology ePrint Archive, Report 2014/892, (2014). http://eprint.iacr.org/2014/892
  61. 61.
    E. Ghadafi, Short structure-preserving signatures, in K. Sako, editor, CT-RSA 2016, volume 9610 of LNCS. (Springer, Heidelberg, February / March 2016), pp. 305–321Google Scholar
  62. 62.
    S. Goldwasser, S. Micali, R.L. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308, (1988)Google Scholar
  63. 63.
    O. Goldreich, The Foundations of Cryptography - Volume 1, Basic Techniques. (Cambridge University Press, 2001)Google Scholar
  64. 64.
    V. Goyal, Reducing trust in the PKG in identity based cryptosystems, in A. Menezes, editor, CRYPTO 2007, volume 4622 of LNCS. (Springer, Heidelberg, August 2007), pp. 430–447Google Scholar
  65. 65.
    J. Groth, Short pairing-based non-interactive zero-knowledge arguments, in M. Abe, editor, ASIACRYPT 2010, volume 6477 of LNCS. (Springer, Heidelberg, December 2010), pp. 321–340Google Scholar
  66. 66.
    J. Groth, Efficient fully structure-preserving signatures for large messages, in T. Iwata and J.H. Cheon, editors, ASIACRYPT 2015, Part I, volume 9452 of LNCS. (Springer, Heidelberg, November / December 2015), pp. 239–259Google Scholar
  67. 67.
    J. Groth, A. Sahai, Efficient non-interactive proof systems for bilinear groups, in N.P. Smart, editor, EUROCRYPT 2008, volume 4965 of LNCS. (Springer, Heidelberg, 2008), pp. 415–432Google Scholar
  68. 68.
    C. Hanser, M. Rabkin, D. Schröder, Verifiably encrypted signatures: Security revisited and a new construction, in G. Pernul, P.Y.A. Ryan, and E.R. Weippl, editors, ESORICS 2015, Part I, volume 9326 of LNCS. (Springer, Heidelberg, September 2015), pp. 146–164Google Scholar
  69. 69.
    C. Hanser, D. Slamanig, Structure-preserving signatures on equivalence classes and their application to anonymous credentials, in P. Sarkar and T. Iwata, editors, ASIACRYPT 2014, Part I, volume 8873 of LNCS. (Springer, Heidelberg, December 2014), pp. 491–511Google Scholar
  70. 70.
    M. Izabachène, B. Libert, D. Vergnaud, Block-wise P-signatures and non-interactive anonymous credentials with efficient attributes, in L. Chen, editor, 13th IMA International Conference on Cryptography and Coding, volume 7089 of LNCS. (Springer, Heidelberg, December 2011), pp. 431–450Google Scholar
  71. 71.
    R. Johnson, D. Molnar, D.X. Song, D. Wagner, Homomorphic signature schemes, in B. Preneel, editor, CT-RSA 2002, volume 2271 of LNCS. (Springer, Heidelberg, February 2002), pp. 244–262Google Scholar
  72. 72.
    C.S. Jutla, A. Roy, Improved structure preserving signatures under standard bilinear assumptions, in S. Fehr, editor, PKC 2017, Part II, volume 10175 of LNCS. (Springer, Heidelberg, March 2017), pp. 183–209Google Scholar
  73. 73.
    E. Kiltz, J. Pan, H. Wee, Structure-preserving signatures from standard assumptions, revisited, in R. Gennaro and M.J.B. Robshaw, editors, CRYPTO 2015, Part II, volume 9216 of LNCS. (Springer, Heidelberg, August 2015), pp. 275–295Google Scholar
  74. 74.
    A. Kate, G.M. Zaverucha, I. Goldberg, Constant-size commitments to polynomials and their applications, in M. Abe, editor, ASIACRYPT 2010, volume 6477 of LNCS. (Springer, Heidelberg, December 2010), pp. 177–194Google Scholar
  75. 75.
    H. Lipmaa, Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments, in R. Cramer, editor, TCC 2012, volume 7194 of LNCS. (Springer, Heidelberg, March 2012), pp. 169–189Google Scholar
  76. 76.
    B. Libert, T. Peters, M. Joye, M. Yung, Linearly homomorphic structure-preserving signatures and their applications, in R. Canetti and J.A. Garay, editors, CRYPTO 2013, Part II, volume 8043 of LNCS. (Springer, Heidelberg, August 2013), pp. 289–307Google Scholar
  77. 77.
    A. Lysyanskaya, R.L. Rivest, A. Sahai, S. Wolf, Pseudonym systems, in H.M. Heys and C.M. Adams, editors, SAC 1999, volume 1758 of LNCS. (Springer, Heidelberg, August 1999), pp. 184–199Google Scholar
  78. 78.
    R.C. Merkle, A digital signature based on a conventional encryption function, in C. Pomerance, editor, CRYPTO’87, volume 293 of LNCS. (Springer, Heidelberg, August 1988), pp. 369–378Google Scholar
  79. 79.
    S. Micali, M.O. Rabin, J. Kilian, Zero-knowledge sets. In 44th FOCS. (IEEE Computer Society Press, October 2003), pp. 80–91Google Scholar
  80. 80.
    T.P. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing, in J. Feigenbaum, editor, CRYPTO’91, volume 576 of LNCS. (Springer, Heidelberg, 1992), pp. 129–140Google Scholar
  81. 81.
    D. Pointcheval, O. Sanders, Short randomizable signatures, in K. Sako, editor, CT-RSA 2016, volume 9610 of LNCS. (Springer, Heidelberg, February / March 2016), pp. 111–126Google Scholar
  82. 82.
    S. Ringers, E.R. Verheul, J.-H. Hoepman, An efficient self-blindable attribute-based credential scheme. IACR Cryptology ePrint Archive, 2017, 115, (2017). (to appear at Financial Crypto 2017)Google Scholar
  83. 83.
    R. Steinfeld, L. Bull, Y. Zheng, Content extraction signatures, in K. Kim, editor, ICISC 01, volume 2288 of LNCS. (Springer, Heidelberg, December 2002), pp. 285–304Google Scholar
  84. 84.
    V. Shoup, Lower bounds for discrete logarithms and related problems, in W. Fumy, editor, EUROCRYPT’97, volume 1233 of LNCS. (Springer, Heidelberg, May 1997), pp. 256–266Google Scholar
  85. 85.
    A. Sudarsono, T. Nakanishi, N. Funabiki, Efficient proofs of attributes in pairing-based anonymous credential system, in Privacy Enhancing Technologies - 11th International Symposium, PETS 2011, Waterloo, ON, Canada, July 27-29, 2011. Proceedings, pp. 246–263 (2011)Google Scholar
  86. 86.
    E.R. Verheul, Self-blindable credential certificates from the Weil pairing, in C. Boyd, editor, ASIACRYPT 2001, volume 2248 of LNCS. (Springer, Heidelberg, December 2001), pp. 533–551Google Scholar
  87. 87.
    B.R. Waters, Efficient identity-based encryption without random oracles, in R. Cramer, editor, EUROCRYPT 2005, volume 3494 of LNCS. (Springer, Heidelberg, May 2005), pp. 114–127Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Georg Fuchsbauer
    • 1
    • 2
  • Christian Hanser
    • 3
  • Daniel Slamanig
    • 4
  1. 1.InriaParisFrance
  2. 2.École Normale Supérieure, CNRS, PSL Research UniversityParisFrance
  3. 3.Infineon Technologies Austria AGGrazAustria
  4. 4.AIT Austrian Institute of TechnologyViennaAustria

Personalised recommendations