论文信息 - Constant-Size Dynamic k-TAA

Constant-Size Dynamic k-TAA

k-times anonymous authentication (k-TAA) schemes allow members of a group to be authenticated anonymously by application providers for a bounded number of times. Dynamic k-TAA allows application providers to independently grant or revoke users from their own access group so as to provide better control over their clients. In terms of time and space complexity, existing dynamic k-TAA schemes are of complexities O(k), where k is the allowed number of authentication. In this paper, we construct a dynamic k-TAA scheme with space and time complexities of O(log(k)). We also outline how to construct dynamic k-TAA scheme with a constant proving effort. Public key size of this variant, however, is O(k). We then construct an ordinary k-TAA scheme from the dynamic scheme. We also describe a trade-off between efficiency and setup freeness of AP, in which AP does not need to hold any secret while maintaining control over their clients. To build our system, we modify the short group signature scheme into a signature scheme and provide efficient protocols that allow one to prove in zero-knowledge the knowledge of a signature and to obtain a signature on a committed block of messages. We prove that the signature scheme is secure in the standard model under the q-SDH assumption. Finally, we show that our dynamic k-TAA scheme, constructed from bilinear pairing, is secure in the random oracle model.

[1] Jan Camenisch,et al. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[2] Jan Camenisch,et al. Compact E-Cash , 2005, EUROCRYPT.

[3] Jan Camenisch,et al. Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[4] Tatsuaki Okamoto,et al. Efficient Blind and Partially Blind Signatures Without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[5] Torben P. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[6] Reihaneh Safavi-Naini,et al. Dynamic k-Times Anonymous Authentication , 2005, ACNS.

[7] Jan Camenisch,et al. Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[8] Kazue Sako,et al. k-Times Anonymous Authentication (Extended Abstract) , 2004, ASIACRYPT.

[9] Hovav Shacham,et al. Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[10] Kazue Sako,et al. k-Times Anonymous Authentication with a Constant Proving Cost , 2006, Public Key Cryptography.

[11] Fabrice Boudot,et al. Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[12] Lan Nguyen,et al. Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[13] Jan Camenisch,et al. A Signature Scheme with Efficient Protocols , 2002, SCN.

[14] Brent Waters,et al. Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[15] Dan Boneh,et al. Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[16] Hovav Shacham,et al. Short Group Signatures , 2004, CRYPTO.

[17] Hideki Imai,et al. An Efficient Group Signature Scheme from Bilinear Maps , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[18] Yevgeniy Dodis,et al. A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[19] Silvio Micali,et al. Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).