Policy-Based Signatures

We introduce policy-based signatures PBS, where a signer can only sign messages conforming to some authority-specified policy. The main requirements are unforgeability and privacy, the latter meaning that signatures not reveal the policy. PBS offers value along two fronts: 1i¾?On the practical side, they allow a corporation to control what messages its employees can sign under the corporate key. 2i¾?On the theoretical side, they unify existing work, capturing other forms of signatures as special cases or allowing them to be easily built. Our work focuses on definitions of PBS, proofs that this challenging primitive is realizable for arbitrary policies, efficient constructions for specific policies, and a few representative applications.

[1]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[2]  Eike Kiltz,et al.  Append-Only Signatures , 2005, ICALP.

[3]  Brent Waters,et al.  Constrained Pseudorandom Functions and Their Applications , 2013, ASIACRYPT.

[4]  Vinod Vaikuntanathan,et al.  Functional Encryption: New Perspectives and Lower Bounds , 2013, IACR Cryptol. ePrint Arch..

[5]  Adam O'Neill,et al.  Definitional Issues in Functional Encryption , 2010, IACR Cryptol. ePrint Arch..

[6]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[7]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[8]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[9]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[10]  Markulf Kohlweiss,et al.  P-signatures and Noninteractive Anonymous Credentials , 2008, TCC.

[11]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[12]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge Proof Systems , 1987, CRYPTO.

[13]  Refik Molva,et al.  Policy-Based Cryptography and Applications , 2005, Financial Cryptography.

[14]  Mihir Bellare,et al.  Semantically-Secure Functional Encryption: Possibility Results, Impossibility Results and the Quest for a General Definition , 2013, CANS.

[15]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[16]  Georg Fuchsbauer,et al.  Anonymous Proxy Signatures , 2008, SCN.

[17]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[18]  Xavier Boyen,et al.  Mesh Signatures , 2007, EUROCRYPT.

[19]  Markulf Kohlweiss,et al.  Malleable Signatures: New Definitions and Delegatable Anonymous Credentials , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[20]  Mihir Bellare,et al.  New Paradigms for Digital Signatures and Message Authentication Based on Non-Interative Zero Knowledge Proofs , 1989, CRYPTO.

[21]  Aggelos Kiayias,et al.  Delegatable pseudorandom functions and applications , 2013, IACR Cryptol. ePrint Arch..

[22]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[23]  Ueli Maurer,et al.  A Constructive Approach to Functional Encryption , 2013, IACR Cryptol. ePrint Arch..

[24]  Markulf Kohlweiss,et al.  Malleable Signatures: Complex Unary Transformations and Delegatable Anonymous Credentials , 2013, IACR Cryptol. ePrint Arch..

[25]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[26]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[27]  Manuel Barbosa,et al.  On the Semantic Security of Functional Encryption Schemes , 2013, Public Key Cryptography.

[28]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[29]  Yevgeniy Dodis,et al.  Efficient Public-Key Cryptography in the Presence of Key Leakage , 2010, ASIACRYPT.

[30]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[31]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[32]  Omer Paneth,et al.  On the Achievability of Simulation-Based Security for Functional Encryption , 2013, CRYPTO.

[33]  Mihir Bellare,et al.  Key-Versatile Signatures and Applications: RKA, KDM and Joint Enc/Sig , 2014, EUROCRYPT.

[34]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[35]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[36]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[37]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[38]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[39]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, CRYPTO.

[40]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[41]  Shafi Goldwasser,et al.  Functional Signatures and Pseudorandom Functions , 2014, Public Key Cryptography.

[42]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.