Signature Schemes and Anonymous Credentials from Bilinear Maps

We propose a new and efficient signature scheme that is provably secure in the plain model. The security of our scheme is based on a discrete-logarithm-based assumption put forth by Lysyanskaya, Rivest, Sahai, and Wolf (LRSW) who also showed that it holds for generic groups and is independent of the decisional Diffie-Hellman assumption. We prove security of our scheme under the LRSW assumption for groups with bilinear maps. We then show how our scheme can be used to construct efficient anonymous credential systems as well as group signature and identity escrow schemes. To this end, we provide efficient protocols that allow one to prove in zero-knowledge the knowledge of a signature on a committed (or encrypted) message and to obtain a signature on a committed message.

[1]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[4]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[5]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[6]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[7]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[8]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[9]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[10]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[11]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[12]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[13]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[14]  Stefan Brands,et al.  Rapid Demonstration of Linear Relations Connected by Boolean Operators , 1997, EUROCRYPT.

[15]  Joe Kilian,et al.  Identity Escrow , 1998, CRYPTO.

[16]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[17]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[18]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[19]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[20]  G. Seroussi,et al.  Arithmetic on an Elliptic Curve , 1999 .

[21]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[22]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[23]  Eric R. Verheul,et al.  Self-Blindable Credential Certificates from the Weil Pairing , 2001, ASIACRYPT.

[24]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[25]  Johannes A. Buchmann,et al.  Introduction to Cryptography , 2001 .

[26]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[27]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[28]  Anna Lysyanskaya,et al.  Signature schemes and applications to cryptographic protocol design , 2002 .

[29]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[30]  Dan Boneh,et al.  Applications of Multilinear Forms to Cryptography , 2002, IACR Cryptol. ePrint Arch..

[31]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[32]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[33]  Giuseppe Ateniese,et al.  Efficient Group Signatures without Trapdoors , 2003, ASIACRYPT.

[34]  Marc Fischlin The Cramer-Shoup Strong-RSASignature Scheme Revisited , 2003, Public Key Cryptography.

[35]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[36]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[37]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[38]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[39]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[40]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[41]  M.I. Aziz,et al.  Introduction to Cryptography , 2002, 2005 International Conference on Microelectronics.

[42]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.