P-signatures and Noninteractive Anonymous Credentials

  • Mira Belenkiy
  • Melissa Chase
  • Markulf Kohlweiss
  • Anna Lysyanskaya
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4948)

Abstract

In this paper, we introduce P-signatures. A P-signature scheme consists of a signature scheme, a commitment scheme, and (1) an interactive protocol for obtaining a signature on a committed value; (2) a non − interactive proof system for proving that the contents of a commitment has been signed; (3) a noninteractive proof system for proving that a pair of commitments are commitments to the same value. We give a definition of security for P-signatures and show how they can be realized under appropriate assumptions about groups with a bilinear map. We make extensive use of the powerful suite of non-interactive proof techniques due to Groth and Sahai. Our P-signatures enable, for the first time, the design of a practical non-interactive anonymous credential system whose security does not rely on the random oracle model. In addition, they may serve as a useful building block for other privacy-preserving authentication mechanisms.

Keywords

Signature Scheme Proof System Random Oracle Commitment Scheme Direct Anonymous Attestation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [ACJT00]
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. [BB04]
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 54–73. Springer, Heidelberg (2004)Google Scholar
  3. [BBS04]
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures using strong Diffie-Hellman. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
  4. [BCC04]
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. Technical Report Research Report RZ 3450, IBM Research Division (March 2004)Google Scholar
  5. [BCL04]
    Bangerter, E., Camenisch, J., Lysyanskaya, A.: A cryptographic framework for the controlled release of certified data. In: Cambridge Security Protocols Workshop (2004)Google Scholar
  6. [BDMP91]
    Blum, M., De Santis, A., Micali, S., Persiano, G.: Non-interactive zero-knowledge. SIAM J. of Computing 20(6), 1084–1118 (1991)MATHCrossRefMathSciNetGoogle Scholar
  7. [BFM88]
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: STOC 1988, pp. 103–112 (1988)Google Scholar
  8. [Bra93]
    Brands, S.: An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI (April 1993)Google Scholar
  9. [Bra99]
    Brands, S.: Rethinking Public Key Infrastructure and Digital Certificates— Building in Privacy. PhD thesis, Eindhoven Inst. of Tech. The Netherlands (1999)Google Scholar
  10. [BW06]
    Boyen, X., Waters, B.: Compact group signatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 427–444. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. [BW07]
    Boyen, X., Waters, B.: Full-domain subgroup hiding and constant-size group signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 1–15. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. [CFN90]
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 319–327. Springer, Heidelberg (1991)Google Scholar
  13. [CGH04]
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)CrossRefMathSciNetGoogle Scholar
  14. [Cha85]
    Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  15. [CHK+06]
    Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic n-times anonymous authentication. In: CCS 2006, pp. 201–210 (2006)Google Scholar
  16. [CHL05]
    Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-Cash. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)Google Scholar
  17. [CL01]
    Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. [CL02]
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. [CL04]
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)Google Scholar
  20. [CLM07]
    Camenisch, J., Lysyanskaya, A., Meyerovich, M.: Endorsed e-cash. In: IEEE Symposium on Security and Privacy 2007, pp. 101–115 (2007)Google Scholar
  21. [CP93]
    Chaum, D., Pedersen, T.: Transferred cash grows in size. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 390–407. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  22. [CS97]
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)Google Scholar
  23. [CvH91]
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  24. [CVH02]
    Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proc. 9th ACM CCS 2002, pp. 21–30 (2002)Google Scholar
  25. [Dam90]
    Damgård, I.: Payment systems and credential mechanism with provable security against abuse by individuals. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 328–335. Springer, Heidelberg (1990)Google Scholar
  26. [DDP00]
    De Santis, A., Di Crescenzo, G., Persiano, G.: Necessary and sufficient assumptions for non-interactive zero-knowledge proofs of knowledge for all NP relations. In: ICALP 2000, pp. 451–462 (2000)Google Scholar
  27. [DDP06]
    Damgård, I., Dupont, K., Pedersen, M.: Unclonable group identification. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 555–572. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  28. [DNRS03]
    Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.J.: Magic functions. J. ACM 50(6), 852–921 (2003)CrossRefMathSciNetGoogle Scholar
  29. [DSMP88]
    De Santis, A., Micali, S., Persiano, G.: Non-interactive zero-knowledge proof systems. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 52–72. Springer, Heidelberg (1988)Google Scholar
  30. [FO98]
    Fujisaki, E., Okamoto, T.: A practical and provably secure scheme for publicly verifiable secret sharing and its applications. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 32–46. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  31. [FS87]
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  32. [GK03]
    Goldwasser, S., Kalai, Y.: On the (in)security of the Fiat-Shamir paradigm. In: FOCS 2003, pp. 102–115 (2003)Google Scholar
  33. [GMR88]
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. on Computing 17(2), 281–308 (1988)MATHCrossRefMathSciNetGoogle Scholar
  34. [GMW86]
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a method of cryptographic protocol design. In: FOCS 1986, pp. 174–187 (1986)Google Scholar
  35. [GS07]
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups, http://eprint.iacr.org/2007/155
  36. [JS04]
    Jarecki, S., Shmatikov, V.: Handcuffing big brother: an abuse-resilient transaction escrow scheme. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 590–608. Springer, Heidelberg (2004)Google Scholar
  37. [LRSW99]
    Lysyanskaya, A., Rivest, R., Sahai, A., Wolf, S.: Pseudonym systems. In: Emmerich, W., Tai, S. (eds.) EDO 2000. LNCS, vol. 1999, Springer, Heidelberg (2001)Google Scholar
  38. [Lys02]
    Lysyanskaya, A.: Signature Schemes and Applications to Cryptographic Protocol Design. PhD thesis, MIT, Cambridge, Massachusetts (September 2002)Google Scholar
  39. [Nao03]
    Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003)Google Scholar
  40. [Ped92]
    Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 129–140. Springer, Heidelberg (1993)Google Scholar
  41. [Sco02]
    Scott, M.: Authenticated id-based key exchange and remote log-in with insecure token and pin number, http://eprint.iacr.org/2002/164
  42. [TFS04]
    Teranishi, I., Furukawa, J., Sako, K.: k-times anonymous authentication (extended abstract). In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 308–322. Springer, Heidelberg (2004)Google Scholar
  43. [TS06]
    Teranishi, I., Sako, K.: k-times anonymous authentication with a constant proving cost. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 525–542. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  44. [Yao86]
    Yao, A.: How to generate and exchange secrets. In: FOCS 1986, pp. 162–167 (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Mira Belenkiy
    • 1
  • Melissa Chase
    • 1
  • Markulf Kohlweiss
    • 2
  • Anna Lysyanskaya
    • 1
  1. 1.Brown University 
  2. 2.KU Leuven 

Personalised recommendations