Traceability, linkability and policy hiding in attribute-based signature schemes

Often we are less concerned with who signed something than with what attributes (director of this company etc.) they have. We propose three Attribute Based Signature schemes, namely, Decentralised Traceable Attribute Based Signatures DTABS, Attribute Based Signatures with UserControlled Linkability ABS-UCL, and Attribute Based Signatures with Hidden Expressive Policy ABS-HEP. The Traceability assures that signatures in dispute, caused by any misuse/abuse cases, can be traced back to their signers. The judge of public opinion guarantees that no misattribution (framing) can take place. Additionally, User-Controlled Linkability gives a lightweight solution to session–style ABS; signers can choose to link some of their signatures that are directed to the same verifier, and the verifier will be convinced that those signatures are signed by the same anonymous person. Hidden expressive policy gives the organizations the flexibility to change their signing policies without notifying the outside. All the three schemes are given and proven generically in a modular way. Instantiations for the first two schemes are also given to show both feasibility and practicality of the proposed schemes. The first two schemes substantially improve the state-of-the-art of Attribute Based Signatures that use Bilinear maps as a building block and shape it into a practical form, offering a decentralised version of ABS where multiple authorities are involved and yet no reliance on a central authority is needed. In the third scheme, we move ABS into a new stage, where we increase the level of expressiveness of the signing policies to use general circuits, and at the same time, we give the signer the ability to fully hide his signing policy. This scheme makes use of hardness assumptions on the newly realised cryptographic building block, i.e. Multilinear maps.