Skip to main content

Attribute-Based Two-Tier Signatures: Definition and Construction

  • Conference paper
  • First Online:
Information Security and Cryptology - ICISC 2015 (ICISC 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9558))

Included in the following conference series:

Abstract

Attribute-based signature scheme (ABS) is a functional variant of digital signature scheme proposed in 2008 by Maji et al. The two basic requirements of ABS (and a hard task to achieve) is collusion resistance and attribute privacy. In this paper, we employ the two-tier signature (TTS) technique to achieve the collusion resistance. Here TTS was proposed in 2007 by Bellare et al., where a signer receives two tier secret keys sequentially. The secondary secret key is served as a one-time key at the timing of signing. First, we propose a definition of an attribute-based two-tier signature scheme (ABTTS). Then we provide ABTTS concretely that enjoys existential unforgeability against chosen-message attacks, collusion resistance and attribute privacy, in the standard model. For the construction, enhancing the Camenisch-Lysyanskaya signature, we construct signature bundle schemes that are secure under the Strong RSA assumption and the Strong Diffie-Hellman assumption, respectively. These signature bundle schemes enable ABTTS to achieve attribute privacy. Then, using the signature bundle as a witness in the \(\varSigma \)-protocol of the boolean proof, we obtain attribute-based identification schemes (ABIDs). Finally, by applying the TTS technique to ABIDs, we achieve ABTTSs. A feature of our construction is that ABTTS in the RSA setting is pairing-free.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    This limitation can be removed by adding negation attributes to \(\mathcal {U}\) for each attribute in the original \(\mathcal {U}\) though the size of the attribute universe \(|\mathcal {U}|\) doubles.

References

  1. Anada, H., Arita, S., Handa, S., Iwabuchi, Y.: Attribute-based identification: definitions and efficient constructions. In: Boyd, C., Simpson, L. (eds.) ACISP. LNCS, vol. 7959, pp. 168–186. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  2. Anada, H., Arita, S., Sakurai, K.: Attribute-based signatures without pairings via the fiat-shamir paradigm. In: ASIAPKC2014. ACM-ASIAPKC, vol. 2, pp. 49–58. ACM (2014)

    Google Scholar 

  3. Bellare, M., Shoup, S.: Two-tier signatures, strongly unforgeable signatures, and fiat-shamir without random oracles. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 201–216. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  4. Boneh, D., Boyen, X.: Efficient selective-id secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Camenisch, J.L., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Cramer, R.: Modular designs of secure, yet practical cyptographic protocols. Ph.D thesis, University of Amsterdam, Amsterdam, The Netherlands (1996)

    Google Scholar 

  7. Damgård, I.: On \(\sigma \)-protocols. In: Course Notes (2011). https://services.brics.dk/java/courseadmin/CPT/documents

  8. El Kaafarani, A., Chen, L., Ghadafi, E., Davenport, J.: Attribute-based signatures with user-controlled linkability. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 256–269. Springer, Heidelberg (2014)

    Google Scholar 

  9. I. E. T. Force.: Request for comments: 6960. http://tools.ietf.org/html/rfc6960

  10. Goyal,V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM-CCS 2006, vol. 263, pp. 89–98. ACM (2006)

    Google Scholar 

  11. Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit secure’ supersingular binary curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 126–145. Springer, Heidelberg (2014)

    Google Scholar 

  12. Guo, S., Zeng, Y.: Attribute-based signature scheme. In: ISA 2008, pp. 509–511. IEEE (2008)

    Google Scholar 

  13. Herranz, J.: Attribute-based signatures from RSA. Theoret. Comput. Sci. 527, 73–82 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  14. Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 376–392. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  15. Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  16. Okamoto, T., Takashima, K.: Efficient attribute-based signatures for non-monotone predicates in the standard model. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 35–52. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  17. Yasuda, M., Shimoyama, T., Kogure, J., Izu, T.: On the strength comparison of the ECDLP and the IFP. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 302–325. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Acknowledgements

Concerning the first and the second authors, this work is partially supported by Grants-in-Aid for Scientific Research; Research Project Number:15K00029.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Hiroaki Anada .

Editor information

Editors and Affiliations

Appendix A Signature Bundle Scheme in Discrete Log

Appendix A Signature Bundle Scheme in Discrete Log

Our pairing-based signature bundle scheme, \(\texttt {SB}=(\mathbf{SB.KG}, \mathbf{SB.Sign}, \mathbf{SB.Vrfy})\), is described as follows.

\(\mathbf{SB.KG}(1^\uplambda ) \rightarrow (\text {PK}, \text {SK})\). Given \(1^\uplambda \), it executes a group generator \(\texttt {B}{} \texttt {l}{} \texttt {G}{} \texttt {r}{} \texttt {p}(1^\uplambda )\) to get \((p, \mathbb G_1, \mathbb G_2, \mathbb G_T, e(\cdot , \cdot ) )\). For \(i=1\) to n, it chooses \(g_{i,0}, g_{i,1}, g_{i,2} \mathop {\leftarrow }\limits ^{\$}\mathbb G_1, h_0 \mathop {\leftarrow }\limits ^{\$}\mathbb G_2, \alpha \mathop {\leftarrow }\limits ^{\$}\mathbb Z_p\) and it puts \(h_1:=h_0^{\alpha }\). It puts \(\text {PK}:=( (g_{i,0}, g_{i,1}, g_{i,2})_{i=1}^n, h_0, h_1)\) and \(\text {SK}:=\alpha \), and returns \((\text {PK}, \text {SK})\).

\(\mathbf{SB.Sign}(\text {PK}, \text {SK}, (m_i)_{i=1}^n ) \rightarrow (\tau , (\sigma _i)_{i=1}^n )\). Given \(\text {PK}, \text {SK}\) and messages \((m_i)_{i=1}^n\) each of which is of length \(l_\mathcal {M}\), it chooses \(e \mathop {\leftarrow }\limits ^{\$}\mathbb Z_p\). For \(i=1\) to n, it chooses \(s_i \mathop {\leftarrow }\limits ^{\$}\mathbb Z_p\), and it computes the value \(A_i\):

$$\begin{aligned} A_i :=(g_{i,0} g_{i,1}^{m_i} g_{i,2}^{s_i})^{\frac{1}{\alpha + e}}. \end{aligned}$$
(5)

It puts \(\tau =e\) and \(\sigma _i=(s_i, A_i)\) for each i and returns \((\tau , (\sigma _i)_{i=1}^n )\).

\(\mathbf{SB.Vrfy}(\text {PK}, (m_i)_{i=1}^n, (\tau , (\sigma _i)_{i=1}^n ) ) \rightarrow 1/0\). Given \(\text {PK}\), \((m_i)_{i=1}^n\) and \((\tau , (\sigma _i)_{i=1}^n)\), it verifies whether the following holds: \(e(A_i, h_0^e h_1) =e(g_{i,0} g_{i,1}^{m_i} g_{i,2}^{s_i}, h_0), i=1,\dots , n\).

Theorem 4

(EUF-CMA of Our \({\mathtt {SB}}\) in Discrete Log). Our signature bundle scheme \(\texttt {SB}\) is existentially unforgeable against chosen-message attack under the Strong Diffie-Hellman assumption.

Our \(\texttt {ABID}\) and \(\texttt {ABTTS}\) in the discrete logarithm setting will be given in the full version.

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Anada, H., Arita, S., Sakurai, K. (2016). Attribute-Based Two-Tier Signatures: Definition and Construction. In: Kwon, S., Yun, A. (eds) Information Security and Cryptology - ICISC 2015. ICISC 2015. Lecture Notes in Computer Science(), vol 9558. Springer, Cham. https://doi.org/10.1007/978-3-319-30840-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30840-1_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30839-5

  • Online ISBN: 978-3-319-30840-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics