Stronger Security Notions for Decentralized Traceable Attribute-Based Signatures and More Efficient Constructions

We revisit the notion of Decentralized Traceable Attribute-Based Signatures (DTABS) introduced by El Kaafarani et al. (CT-RSA 2014) and improve the state-of-the-art in three dimensions: Firstly, we provide a new stronger security model which circumvents some shortcomings in existing models. Our model minimizes the trust placed in attribute authorities and hence provides, among other things, a stronger definition for non-frameability. In addition, our model captures the notion of tracing soundness which is important for many applications of the primitive. Secondly, we provide a generic construction that is secure w.r.t. our strong security model and show two example instantiations in the standard model which are more efficient than existing constructions (secure under weaker security definitions). Finally, we dispense with the need for the expensive zero-knowledge proofs required for proving tracing correctness by the tracing authority. As a result, tracing a signature in our constructions is significantly more efficient than existing constructions, both in terms of the size of the tracing proof and the computational cost required to generate and verify it. For instance, verifying tracing correctness in our constructions requires only 4 pairings compared to 34 pairings in the most efficient existing construction.

[1]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[2]  Reihaneh Safavi-Naini,et al.  Short Pairing-Efficient Threshold-Attribute-Based Signature , 2012, Pairing.

[3]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[4]  Kazuo Ohta,et al.  On the Security of Dynamic Group Signatures: Preventing Signature Hijacking , 2012, Public Key Cryptography.

[5]  Bogdan Warinschi,et al.  Practical Zero-Knowledge Proofs for Circuit Evaluation , 2009, IMACC.

[6]  Jin Li,et al.  Attribute-Based Ring Signatures , 2008, IACR Cryptol. ePrint Arch..

[7]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[8]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[9]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[10]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[11]  Amit Sahai,et al.  Efficient Noninteractive Proof Systems for Bilinear Groups , 2008, SIAM J. Comput..

[12]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[13]  James H. Davenport,et al.  Certificate-Free Attribute Authentication , 2009, IMACC.

[14]  Tatsuaki Okamoto,et al.  Decentralized Attribute-Based Signatures , 2013, Public Key Cryptography.

[15]  Dongqing Xie,et al.  Attribute-based signature and its applications , 2010, ASIACCS '10.

[16]  Javier Herranz,et al.  Short Attribute-Based Signatures for Threshold Predicates , 2012, CT-RSA.

[17]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[18]  Tatsuaki Okamoto,et al.  Efficient Attribute-Based Signatures for Non-Monotone Predicates in the Standard Model , 2014, IEEE Transactions on Cloud Computing.

[19]  Essam Ghadafi Efficient Distributed Tag-Based Encryption and Its Application to Group Signatures with Efficient Distributed Traceability , 2014, LATINCRYPT.

[20]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[21]  S. Arita,et al.  Construction of Threshold Public-Key Encryptions through Tag-Based Encryptions , 2009, ACNS.

[22]  Dalia Khader,et al.  Attribute Based Group Signature with Revocation , 2007, IACR Cryptol. ePrint Arch..

[23]  Ryo Nishimaki,et al.  Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions , 2015, Journal of Cryptology.

[24]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[25]  Rakesh Bobba,et al.  Using Attribute-Based Access Control to Enable Attribute-Based Messaging , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[26]  Manoj Prabhakaran,et al.  Attribute-Based Signatures: Achieving Attribute-Privacy and Collusion-Resistance , 2008, IACR Cryptol. ePrint Arch..

[27]  Paz Morillo,et al.  Revocable Attribute-Based Signatures with Adaptive Security in the Standard Model , 2011, AFRICACRYPT.

[28]  Bogdan Warinschi,et al.  Groth-Sahai proofs revisited , 2010, IACR Cryptol. ePrint Arch..

[29]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[30]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[31]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[32]  Reihaneh Safavi-Naini,et al.  Threshold Attribute-Based Signatures and Their Application to Anonymous Credential Systems , 2009, AFRICACRYPT.

[33]  Ali El Kaafarani,et al.  Decentralized Traceable Attribute-Based Signatures , 2014, CT-RSA.

[34]  Mikhail J. Atallah,et al.  Trust Negotiation with Hidden Credentials, Hidden Policies, and Policy Cycles , 2006, NDSS.

[35]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[36]  Georg Fuchsbauer,et al.  Batch Groth-Sahai , 2010, ACNS.