Policy-Compliant Signatures

We introduce policy-compliant signatures (PCS). A PCS scheme can be used in a setting where a central authority determines a global policy and distributes public and secret keys associated with sets of attributes to the users in the system. If two users, Alice and Bob, have attribute sets that jointly satisfy the global policy, Alice can use her secret key and Bob’s public key to sign a message. Unforgeability ensures that a valid signature can only be produced if Alice’s secret key is known and if the policy is satisfied. Privacy guarantees that the public keys and produced signatures reveal nothing about the users’ attributes beyond whether they satisfy the policy or not. PCS extends the functionality provided by existing primitives such as attribute-based signatures and policy-based signatures, which do not consider a designated receiver and thus cannot include the receiver’s attributes in the policies. We describe practical applications of PCS which include controlling transactions in financial systems with strong privacy guarantees (avoiding additional trusted entities that check compliance), as well as being a tool for trust negotiations. We introduce an indistinguishability-based privacy notion for PCS and present a generic and modular scheme based on standard building blocks such as signatures, non-interactive zero-knowledge proofs, and a (predicateonly) predicate encryption scheme. We show that it can be instantiated to obtain an efficient scheme that is provably secure under standard pairing-assumptions for a wide range of policies. We further model PCS in UC by describing the goal of PCS as an enhanced ideal signature functionality which gives rise to a simulationbased privacy notion for PCS. We show that our generic scheme achieves this composable security notion under the additional assumption that the underlying predicate encryption scheme satisfies a stronger, fully adaptive, simulation-based attribute-hiding notion.

[1]  Hoeteck Wee,et al.  Attribute-Hiding Predicate Encryption in Bilinear Groups, Revisited , 2017, TCC.

[2]  Ivan Damgård,et al.  Access Control Encryption: Enforcing Information Flow with Cryptography , 2016, TCC.

[3]  Ran Canetti,et al.  Universally Composable Security , 2020, J. ACM.

[4]  Mikhail J. Atallah,et al.  Trust Negotiation with Hidden Credentials, Hidden Policies, and Policy Cycles , 2006, NDSS.

[5]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[6]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[7]  Michael Backes,et al.  How to Break and Repair a Universally Composable Signature Functionality , 2004, ISC.

[8]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[9]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[10]  Tatsuaki Okamoto,et al.  Fully Secure Unbounded Inner-Product and Attribute-Based Encryption , 2012, ASIACRYPT.

[11]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[12]  Markulf Kohlweiss,et al.  Malleable Proof Systems and Applications , 2012, EUROCRYPT.

[13]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[14]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[15]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[16]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[17]  Eike Kiltz,et al.  Structure-Preserving Signatures from Standard Assumptions, Revisited , 2015, CRYPTO.

[18]  Ninghui Li,et al.  Oblivious signature-based envelope , 2003, PODC.

[19]  Ueli Maurer,et al.  A Definitional Framework for Functional Encryption , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[20]  Jens Groth,et al.  Fine-Tuning Groth-Sahai Proofs , 2014, IACR Cryptol. ePrint Arch..

[21]  Giuseppe Ateniese,et al.  Match Me if You Can: Matchmaking Encryption and Its Applications , 2019, Journal of Cryptology.

[22]  I. Damgård,et al.  Balancing Privacy and Accountability in Blockchain Identity Management , 2021, CT-RSA.

[23]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[24]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[25]  Tatsuaki Okamoto,et al.  Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption , 2018, ASIACRYPT.

[26]  Ueli Maurer,et al.  Strengthening Access Control Encryption , 2017, ASIACRYPT.

[27]  Georg Fuchsbauer,et al.  Policy-Based Signatures , 2013, IACR Cryptol. ePrint Arch..

[28]  David J. Wu,et al.  Function-Hiding Inner Product Encryption is Practical , 2018, IACR Cryptol. ePrint Arch..