Malleable Signatures: New Definitions and Delegatable Anonymous Credentials

A signature scheme is malleable if, on input a message and a signature, it is possible to efficiently compute a signature on a related message, for a transformation that is allowed with respect to this signature scheme. In this paper, we first provide new definitions for malleable signatures that allow us to capture a broader range of transformations than was previously possible. We then give a generic construction based on malleable zero-knowledge proofs that allows us to construct malleable signatures for a wide range of transformation classes, with security properties that are stronger than those that have been achieved previously. Finally, we construct delegatable anonymous credentials from signatures that are malleable with respect to an appropriate class of transformations (that we show our malleable signature supports). The resulting instantiation satisfies a stronger security notion than previous schemes while also scaling linearly with the number of delegations.

[1]  David Chaum,et al.  Transferred Cash Grows in Size , 1992, EUROCRYPT.

[2]  Markulf Kohlweiss,et al.  Malleable Signatures: Complex Unary Transformations and Delegatable Anonymous Credentials , 2013, IACR Cryptol. ePrint Arch..

[3]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[4]  Thomas Peters,et al.  Computing on Authenticated Data: New Privacy Definitions and Constructions , 2012, ASIACRYPT.

[5]  Georg Fuchsbauer Commuting Signatures and Verifiable Encryption and an Application to Non-Interactively Delegatable Credentials , 2010, IACR Cryptol. ePrint Arch..

[6]  Dan Boneh,et al.  Linearly Homomorphic Signatures over Binary Fields and New Tools for Lattice-Based Signatures , 2011, Public Key Cryptography.

[7]  Mihir Bellare,et al.  New Paradigms for Digital Signatures and Message Authentication Based on Non-Interative Zero Knowledge Proofs , 1989, CRYPTO.

[8]  Gene Tsudik,et al.  Sanitizable Signatures , 2005, ESORICS.

[9]  Abhi Shelat,et al.  Computing on Authenticated Data , 2012, Journal of Cryptology.

[10]  Hideki Imai,et al.  Digitally signed document sanitizing scheme based on bilinear maps , 2006, ASIACCS '06.

[11]  Mihir Bellare,et al.  Transitive signatures: new schemes and proofs , 2005, IEEE Transactions on Information Theory.

[12]  Yasuo Hatano,et al.  Efficient signature schemes supporting redaction, pseudonymization, and data deidentification , 2008, ASIACCS '08.

[13]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[14]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[15]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[16]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[17]  Masayuki Abe,et al.  A Framework for Universally Composable Non-committing Blind Signatures , 2009, ASIACRYPT.

[18]  David Mandell Freeman,et al.  Improved Security for Linearly Homomorphic Signatures: A Generic Framework , 2012, Public Key Cryptography.

[19]  Stefan Katzenbeisser,et al.  Redactable Signatures for Tree-Structured Data: Definitions and Constructions , 2010, ACNS.

[20]  Florian Volk,et al.  Security of Sanitizable Signatures Revisited , 2009, Public Key Cryptography.

[21]  Jia Xu,et al.  Short Redactable Signatures Using Random Trees , 2009, CT-RSA.

[22]  Kamal Jain,et al.  Signatures for Network Coding , 2006 .

[23]  Nuttapong Attrapadung,et al.  Homomorphic Network Coding Signatures in the Standard Model , 2011, Public Key Cryptography.

[24]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, CRYPTO.

[25]  Silvio Micali,et al.  Transitive Signature Schemes , 2002, CT-RSA.

[26]  Tatsuaki Okamoto,et al.  Homomorphic Signatures for Polynomial Functions with Shorter Signatures , 2013 .

[27]  Shafi Goldwasser,et al.  Functional Signatures and Pseudorandom Functions , 2014, Public Key Cryptography.

[28]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[29]  Thomas Peters,et al.  Efficient Completely Context-Hiding Quotable and Linearly Homomorphic Signatures , 2013, Public Key Cryptography.

[30]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[31]  Masayuki Abe,et al.  Signing on Elements in Bilinear Groups for Modular Protocol Design , 2010, IACR Cryptol. ePrint Arch..

[32]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[33]  Markulf Kohlweiss,et al.  Malleable Proof Systems and Applications , 2012, EUROCRYPT.

[34]  Marc Fischlin,et al.  Unlinkability of Sanitizable Signatures , 2010, Public Key Cryptography.

[35]  Hovav Shacham,et al.  Delegatable Anonymous Credentials , 2008, IACR Cryptology ePrint Archive.

[36]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[37]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[38]  Georg Fuchsbauer,et al.  Policy-Based Signatures , 2013, IACR Cryptol. ePrint Arch..

[39]  Dawn Xiaodong Song,et al.  Homomorphic Signature Schemes , 2002, CT-RSA.

[40]  Jonathan Katz,et al.  Secure Network Coding Over the Integers , 2010, IACR Cryptol. ePrint Arch..

[41]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[42]  Michael Backes,et al.  Delegatable Functional Signatures , 2016, Public Key Cryptography.

[43]  Mihir Bellare,et al.  Incremental Cryptography: The Case of Hashing and Signing , 1994, CRYPTO.

[44]  S. Micali,et al.  Non-Interactive Zero Knowledge , 1990 .

[45]  Ron Steinfeld,et al.  Content Extraction Signatures , 2001, ICISC.

[46]  Markulf Kohlweiss,et al.  Succinct Malleable NIZKs and an Application to Compact Shuffles , 2013, TCC.

[47]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[48]  Jonathan Katz,et al.  Signing a Linear Subspace: Signature Schemes for Network Coding , 2009, IACR Cryptol. ePrint Arch..

[49]  Philippe Golle,et al.  Revisiting the uniqueness of simple demographics in the US population , 2006, WPES '06.

[50]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.