Affiliation-Hiding Authentication with Minimal Bandwidth Consumption

  • Mark Manulis
  • Bertram Poettering
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6633)


Affiliation-Hiding Authentication (AHA) protocols have the seemingly contradictory property of enabling users to authenticate each other as members of certain groups, without revealing their affiliation to group outsiders. Of particular interest in practice is the group-discovering variant, which handles multiple group memberships per user. Corresponding solutions were only recently introduced, and have two major drawbacks: high bandwidth consumption (typically several kilobits per user and affiliation), and only moderate performance in scenarios of practical application.

While prior protocols have O(n 2) time complexity, where n denotes the number of affiliations per user, we introduce a new AHA protocol running in O(nlogn) time. In addition, the bandwidth consumed is considerably reduced. We consider these advances a major step towards deployment of privacy-preserving methods in constraint devices, like mobile phones, to which the economization of these resources is priceless.


Bandwidth Consumption Random Oracle Model Handshake Protocol Group Authority Revocation List 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ateniese, G., Kirsch, J., Blanton, M.: Secret Handshakes with Dynamic and Fuzzy Matching. In: Network and Distributed System Security Symposium (NDSS 2007). The Internet Society, San Diego (2007)Google Scholar
  2. 2.
    Balfanz, D., Durfee, G., Shankar, N., Smetters, D.K., Staddon, J., Wong, H.-C.: Secret Handshakes from Pairing-Based Key Agreements. In: IEEE Symposium on Security and Privacy 2003, pp. 180–196. IEEE CS, Los Alamitos (2003)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: 1st ACM Conference on Computer and Communications Security (CCS 1993), pp. 62–73. ACM, New York (1993)CrossRefGoogle Scholar
  5. 5.
    Blake, I., Seroussi, G., Smart, N., Cassels, J.W.S.: Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Note Series. Cambridge University Press, New York (2005)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Franklin, M.K.: Identity-Based Encryption from the Weil Pairing. SIAM J. Comput. 32(3), 586–615 (2003)MathSciNetzbMATHCrossRefGoogle Scholar
  7. 7.
    Burmester, M., Desmedt, Y.G.: A Secure and Efficient Conference Key Distribution System. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  8. 8.
    Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and their use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Castelluccia, C., Jarecki, S., Tsudik, G.: Secret Handshakes from CA-Oblivious Encryption. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 293–307. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Costello, C., Stebila, D.: Fixed Argument Pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 92–108. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Dupont, R., Enge, A.: Provably Secure Non-interactive Key Distribution Based on Pairings. Discrete Applied Mathematics 154(2), 270–276 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Jarecki, S., Kim, J.H., Tsudik, G.: Authentication for Paranoids: Multi-party Secret Handshakes. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 325–339. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Jarecki, S., Kim, J.H., Tsudik, G.: Group Secret Handshakes or Affiliation-Hiding Authenticated Group Key Agreement. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 287–308. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Jarecki, S., Kim, J.H., Tsudik, G.: Beyond Secret Handshakes: Affiliation-Hiding Authenticated Key Exchange. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 352–369. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Jarecki, S., Liu, X.: Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 270–287. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Jarecki, S., Liu, X.: Affiliation-Hiding Envelope and Authentication Schemes with Efficient Support for Multiple Credentials. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 715–726. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Jarecki, S., Liu, X.: Private Mutual Authentication and Conditional Oblivious Transfer. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 90–107. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Kawai, Y., Yoneyama, K., Ohta, K.: Secret Handshake: Strong Anonymity Definition and Construction. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 219–229. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Manulis, M., Pinkas, B., Poettering, B.: Privacy-Preserving Group Discovery with Linear Complexity. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 420–437. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Manulis, M., Poettering, B.: Practical Affiliation-Hiding Authentication from Improved Polynomial Interpolation. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011). ACM, New York (2011)Google Scholar
  21. 21.
    Manulis, M., Poettering, B., Tsudik, G.: Affiliation-Hiding Key Exchange with Untrusted Group Authorities. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 402–419. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Manulis, M., Poettering, B., Tsudik, G.: Taming Big Brother Ambitions: More Privacy for Secret Handshakes. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 149–165. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems Based on Pairings. In: Symposium on Cryptography and Information Security, SCIS (2000)Google Scholar
  24. 24.
    Scott, M.: Computing the Tate Pairing. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 293–304. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  26. 26.
    Shigeo, M.: A Fast Implementation of ηT Pairing in Characteristic Three on Intel Core 2 Duo Processor. Cryptology ePrint Archive, Report 2009/032 (2009)Google Scholar
  27. 27.
    Takahashi, G., Hoshino, F., Kobayashi, T.: Efficient GF(3m) Multiplication Algorithm for ηT Pairing. Cryptology ePrint Archive, Report 2007/463 (2007)Google Scholar
  28. 28.
  29. 29.
    Tsudik, G., Xu, S.: A Flexible Framework for Secret Handshakes. In: Danezis, G., Golle, P. (eds.) PETS 2006. LNCS, vol. 4258, pp. 295–315. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  30. 30.
    Vergnaud, D.: RSA-Based Secret Handshakes. In: Ytrehus, Ø. (ed.) WCC 2005. LNCS, vol. 3969, pp. 252–274. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  31. 31.
    Xu, S., Yung, M.: k-Anonymous Secret Handshakes with Reusable Credentials. In: 11th ACM Conference on Computer and Communications Security (CCS 2004), pp. 158–167. ACM, New York (2004)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Mark Manulis
    • 1
  • Bertram Poettering
    • 1
  1. 1.Cryptographic Protocols GroupTU Darmstadt & CASEDGermany

Personalised recommendations