Monotone Signatures
نویسندگان
چکیده
In many real-life situations, massive quantities of signatures have to be issued on cheap passive supports (e.g. paper-based) such as bank-notes, badges, ID cards, driving licenses or passports (hereafter IDs); while large-scale ID replacements are costly and prohibitive, one may reasonably assume that the updating of verification equipment (e.g. off-line border checkpoints or mobile patrol units) is exceptionally acceptable. In such a context, an attacker using coercive means (e.g. kidnapping) can force the system authorities to reveal the infrastructure’s secret signature keys and start issuing signatures that are indistinguishable from those issued by the authority. The solution presented in this paper withstands such attacks up to a certain point: after the theft, the authority restricts the verification criteria (by an exceptional verification equipment update) in such a way that the genuine signatures issued before the attack become easily distinguishable from the fresher signatures issued by the attacker. Needless to say, we assume that at any point in time the verification algorithm is entirely known to the attacker.
منابع مشابه
Colimits of order-sorted specifications
We prove cocompleteness of the category of CASL signatures , of monotone signatures, of strongly regular signatures and of strongly locally ltered signatures. This shows that using these signature categories is compatible with a pushout or colimit based module system.
متن کاملProofs of Knowledge for Non-Monotone Discrete-Log Formulae(Extended abstract)
This paper addresses the problem of defining and providing proofs of knowledge for a general class of exponentiation-based formulae. We consider general predicates built from modular exponentiations of secret values, combined by products and connected with the logical operators “AND”, “OR”, “NOT”. We first show how to deal with non-linear combination of secret exponents. Next,we extend the work...
متن کاملEfficient Accountable Multisignatures
It is well-known that n-of-n Schnorr multisignatures can be produced in one round of communication by adding ordinary Schnorr signatures. As observed by Boneh, this can be extended from n-of-n to arbitrary monotone functions of the signers by use of a linear secret sharing scheme. However, such signatures have the property that they are signer indistinguishable; that is, any signer set which is...
متن کاملProof of Knowledge on Monotone Predicates and its Application to Attribute-Based Identifications and Signatures
We propose a concrete procedure of a Σ-protocol proving knowledge that a set of witnesses satisfies a monotone predicate in witness-indistinguishable manner. Inspired by the high-level proposal by Cramer, Damg̊ard and Schoenmakers at CRYPTO ’94, we construct the concrete procedure by extending the so-called OR-proof. Next, using as a witness a signature-bundle of the Fiat-Shamir signatures, we p...
متن کاملShort Attribute-Based Signatures for Threshold Predicates
Attribute-based cryptography is a natural solution for fine-grained access control with respect to security policies. In the case of attribute-based signatures (ABS), users obtain from an authority their secret keys as a function of the attributes they hold, with which they can later sign messages for any predicate satisfied by their attributes. A verifier will be convinced of the fact that the...
متن کامل