Proof-Carrying Proxy Certificates

  • Walid Bagga
  • Stefano Crosta
  • Refik Molva
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4116)


The term proxy certificate is used to describe a certificate that is issued by an end user for the purpose of delegating responsibility to another user so that the latter can perform certain actions on behalf of the former. Such certificates have been suggested for use in a number of applications, particularly in distributed computing environments where delegation of rights is common. In this paper, we present a new concept called proof-carrying proxy certificates. Our approach allows to combine the verification of the validity of the proxy certificate and the authorization decision making in an elegant way that enhances the privacy of the end user. In contrast with standard proxy certificates that are generated using standard (public-key) signature schemes, the proposed certificates are generated using a signature scheme for which the validity of a generated signature proves the compliance of the signer with a credential-based policy. We present a concrete realization of our approach using bilinear pairings over elliptic curves and we prove its security under adapted attack models.


Proxy Certificates Credentials Authorization Bilinear Pairings Data Minimization 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Appel, A., Felten, E.: Proof-carrying authentication. In: ACM Conference on Computer and Communications Security, pp. 52–62 (1999)Google Scholar
  2. 2.
    Backes, M., Camenisch, J., Sommer, D.: Anonymous yet accountable access control. In: WPES 2005: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pp. 40–46. ACM Press, New York (2005)CrossRefGoogle Scholar
  3. 3.
    Bagga, W., Crosta, S., Molva, R.: An application of policy-based signature: Proof-carrying proxy certificates. Institut Eurecom, Research Report RR-06-169 (April 2006)Google Scholar
  4. 4.
    Bagga, W., Molva, R.: Policy-based cryptography and applications. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 72–87. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Basney, J., Nejdl, W., Olmedilla, D., Welch, V., Winslett, M.: Negotiating trust on the grid. In: 2nd WWW Workshop on Semantics in P2P and Grid Computing, New York, USA (May 2004)Google Scholar
  7. 7.
    Choi, J., Sakurai, K., Park, J.: Proxy certificates-based digital fingerprinting scheme for mobile communication. In: IEEE 37th Annual 2003 International Carnahan Conference on Security, pp. 587–594. IEEE Computer Society Press, Los Alamitos (2003)CrossRefGoogle Scholar
  8. 8.
    Claessens, J., Preneel, B., Vandewalle, J.: (how) can mobile agents do secure electronic transactions on untrusted hosts? a survey of the security issues and the current solutions. ACM Trans. Inter. Tech. 3(1), 28–48 (2003)CrossRefGoogle Scholar
  9. 9.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  10. 10.
    Organization for Economic Cooperation and Development (OECD). Recommendation of the council concerning guidelines governing the protection of privacy and transborder flows of personal data (1980),
  11. 11.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Herranz, J.: A formal proof of security of Zhang and Kim’s ID-based ring signature scheme. In: WOSIS 2004, pp. 63–72. INSTICC Press (2004) ISBN 972-8865-07-4Google Scholar
  13. 13.
    Lee, B., Kim, K.: Self-certified signatures. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 199–214. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Lin, C., Wu, T.: An identity-based ring signature scheme from bilinear pairings. Cryptology ePrint Archive, Report 2003/117 (2003),
  15. 15.
    Necula, G.: Proof-carrying code. In: POPL 1997: Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 106–119. ACM Press, New York (1997)CrossRefGoogle Scholar
  16. 16.
    Clifford Neuman, B.: Proxy-based authorization and accounting for distributed systems. In: International Conference on Distributed Computing Systems, pp. 283–291 (1993)Google Scholar
  17. 17.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology: the journal of the International Association for Cryptologic Research 13(3), 361–396 (2000)zbMATHGoogle Scholar
  18. 18.
    Smart, N.P.: Access control using pairing based cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 111–121. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC 3820 (June 2004)Google Scholar
  20. 20.
    Zhang, F., Kim, K.: ID-based blind signature and ring signature from pairings. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 533–547. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Zhang, F., Safavi-Naini, R., Susilo, W.: An efficient signature scheme from bilinear pairings and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 277–290. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Walid Bagga
    • 1
  • Stefano Crosta
    • 1
  • Refik Molva
    • 1
  1. 1.Institut EurécomCorporate CommunicationsSophia AntipolisFrance

Personalised recommendations