Warrant-Hiding Delegation-by-Certificate Proxy Signature Schemes
Proxy signatures allow an entity (the delegator) to delegate his signing capabilities to other entities (called proxies), who can then produce signatures on behalf of the delegator. Typically, a delegator may not want to give a proxy the power to sign any message on his behalf, but only messages from a well defined message space. Therefore, the so called delegation by warrant approach has been introduced. Here, a warrant is included into the delegator’s signature (the so called certificate) to describe the message space from which a proxy is allowed to choose messages to produce valid signatures for. Interestingly, in all previously known constructions of proxy signatures following this approach, the warrant is made explicit and, thus, is an input to the verification algorithm of a proxy signature. This means, that a verifier learns the entire message space for which the proxy has been given the signing power. However, it may be desirable to hide the remaining messages in the allowed message space from a verifier. This scenario has never been investigated in context of proxy signatures, but seems to be interesting for practical applications. In this paper, we resolve this issue by introducing so called warrant-hiding proxy signatures. We provide a formal security definition of such schemes by augmenting the well established security model for proxy signatures by Boldyreva et al. Furthermore, we discuss strategies how to realize this warrant-hiding property and we also provide two concrete instantiations of such a scheme. They enjoy different advantages, but are both entirely practical. Moreover, we prove them secure with respect to the augmented security model.
KeywordsSignature Scheme Proxy Signature Commitment Scheme Message Space Proxy Signature Scheme
Unable to display preview. Download preview PDF.
- 2.Awasthi, A.K., Lal, S.: ID-based Ring Signature and Proxy Ring Signature Schemes from Bilinear Pairings. I. J. Network Security 4(2), 187–192 (2007)Google Scholar
- 4.Boldyreva, A., Palacio, A., Warinschi, B.: Secure proxy signature schemes for delegation of signing rights. IACR Cryptology ePrint Archive 2003, 96 (2003)Google Scholar
- 11.Hanser, C., Slamanig, D.: Warrant-Hiding Delegation-by-Certificate Proxy Signature Schemes. Cryptology ePrint Archive, Report 2013/ (2013), http://eprint.iacr.org/2013/544
- 13.Mambo, M., Usuda, K., Okamoto, E.: Proxy Signatures for Delegating Signing Operation. In: ACM Conference on Computer and Communications Security (CCS 1996), pp. 48–57. ACM (1996)Google Scholar
- 14.Micali, S., Rabin, M.O., Kilian, J.: Zero-Knowledge Sets. In: Symposium on Foundations of Computer Science (FOCS), pp. 80–91. IEEE (2003)Google Scholar
- 15.Pedersen, T.P.: Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
- 18.Tan, Z., Liu, Z., Tang, C.: Digital Proxy Blind Signature Schemes Based on DLP and ECDLP. Tech. rep., MM Research Preprints, MMRC, AMSS, Academia, Sinica, Beijing (2002)Google Scholar
- 19.Wang, G.: Designated-verifier proxy signatures for e-commerce. In: IEEE International Conference on Multimedia and Expo, ICME 2004, pp. 1731–1734 (2004)Google Scholar