k-anonymous secret handshakes with reusable credentials

The problem of privacy-preserving authentication has been extensively investigated in a set of diverse system settings. However, a full-fledged such mechanism called secret handshake, whereby two users (e.g., CIA agents) authenticate each other in a way that no one reveals its own membership (or credential) unless the peer's legitimacy was already ensured of, remains to be elusive because simultaneity of authentication must be guaranteed even in the presence of an active adversary that may act as a handshake initiator or responder. The state-of-the-art secret handshake scheme is very efficient, but imposes on the users the following restriction: either they have to use one-time credentials, or they have to suffer from the privacy degradation that all the sessions involving a same user (or credential are trivially linkable. In this paper, we present the first secret handshake schemes that achieve unlinkability while allowing the users to reuse their credentials (i.e., unlinkability is not achieved by means of one-time credentials). Specifically, we introduce the concept of $k$-anonymous secret handshakes where $k$ is an adjustable parameter indicating the desired anonymity assurance. We present a detailed construction based on public key cryptosystems, and sketch another based on symmetric key cryptosystems. Both schemes are efficient, and can even be seamlessly integrated into a standard public key infrastructure (PKI). Moreover, and their security analysis does not resort to any random oracle.

[1]  Nicholas Hopper,et al.  k-anonymous message transmission , 2003, CCS '03.

[2]  Diana K. Smetters,et al.  Secret handshakes from pairing-based key agreements , 2003, 2003 Symposium on Security and Privacy, 2003..

[3]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[4]  Gene Tsudik,et al.  Secret Handshakes from CA-Oblivious Encryption , 2004, ASIACRYPT.

[5]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[6]  Kenneth G. Paterson,et al.  Deniable Authenticated Key Establishment for Internet Protocols , 2003, Security Protocols Workshop.

[7]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[8]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[9]  Moni Naor,et al.  Deniable Ring Authentication , 2002, CRYPTO.

[10]  Rolf Blom,et al.  An Optimal Class of Symmetric Key Generation Systems , 1985, EUROCRYPT.

[11]  Ninghui Li,et al.  Oblivious signature-based envelope , 2003, PODC '03.

[12]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[13]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[14]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[15]  Angelos D. Keromytis,et al.  Efficient, DoS-resistant, secure key exchange for internet protocols , 2001, CCS '02.

[16]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[17]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[18]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[19]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1992, Inf. Comput..

[20]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[21]  Ivan Visconti,et al.  User privacy issues regarding certificates and the TLS protocol: the design and implementation of the SPSL protocol , 2000, CCS.

[22]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[23]  Hilarie K. Orman,et al.  Hidden Credentials , 2003, WPES '03.

[24]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[25]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[26]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[27]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.