Mediated attribute based signature scheme supporting key revocation

Attribute-based signature (ABS) schemes rise as the attribute-based systems prevail, in which a user's capability depends on the attributes he has obtained from one or more authorities. A signature generated by ABS only proves whether the signer owns attributes satisfying the verifier's policy, without leaking any more information about the signer. It is flexible in anonymous authentication and attribute-based access control systems, as the signer can choose any subset of his attributes satisfying the policy to generate a valid signature. As a user's secret key is associated with his attributes, and represents his right in the system, the key revocation associated with attributes' revocation is a pivotal secure problem in ABS systems. However, it becomes more challenging since the verifier does not obtain the signer's certificate on-line and cannot check if the signer is revoked. Even worse, there may be several different users matching a verification policy, which puts forward new challenge. In this paper, we propose the mABS, a mediated attribute-based signature scheme, focusing on solutions for the key revocation problem. In mABS, there is a mediator responsible for the key revocation for the attribute authority. A user's secret key generated by the attribute authority is divided into two shares, one for the mediator, and the other for the user. When a user wants to generate a signature, he has to ask the mediator to generate some signature components with his secret key share. Before answering the user, the mediator performs a revocation check for the user's identifier and claimed attributes. If and only if the signer owns unrevoked attributes satisfying the policy, he can generate a valid signature. The mediator patakes the workload of the authority, and realizes instantaneous key revocation through revocation check during signing a message. Moreover, our mABS can support monotone policies in the form of attribute trees under the computational Diffie-Hellman assumption.

[1]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[2]  Jin Li,et al.  Hidden attribute-based signatures without anonymity revocation , 2010, Inf. Sci..

[3]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[4]  Chun-I Fan,et al.  Attribute-based strong designated-verifier signature scheme , 2012, J. Syst. Softw..

[5]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[6]  Guo Shaniqng,et al.  Attribute-based Signature Scheme , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[7]  A. Shamm Identity-based cryptosystems and signature schemes , 1985 .

[8]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[9]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[10]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[11]  Reihaneh Safavi-Naini,et al.  Threshold Attribute-Based Signatures and Their Application to Anonymous Credential Systems , 2009, AFRICACRYPT.

[12]  Paz Morillo,et al.  Revocable Attribute-Based Signatures with Adaptive Security in the Standard Model , 2011, AFRICACRYPT.

[13]  Pieter H. Hartel,et al.  Mediated Ciphertext-Policy Attribute-Based Encryption and Its Application , 2009, WISA.

[14]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[15]  Dongqing Xie,et al.  Attribute-based signature and its applications , 2010, ASIACCS '10.

[16]  Tatsuaki Okamoto,et al.  Efficient Attribute-Based Signatures for Non-Monotone Predicates in the Standard Model , 2014, IEEE Transactions on Cloud Computing.

[17]  Manoj Prabhakaran,et al.  Attribute-Based Signatures: Achieving Attribute-Privacy and Collusion-Resistance , 2008, IACR Cryptol. ePrint Arch..

[18]  Stephen S. Yau,et al.  Attribute-Based Signature with Policy-and-Endorsement Mechanism , 2010, Journal of Computer Science and Technology.

[19]  C. Pandu Rangan,et al.  Attribute Based Signatures for Bounded Multi-level Threshold Circuits , 2010, EuroPKI.