Non-Interactive Anonymous Credentials
نویسندگان
چکیده
In this paper, we introduce P-signatures. A P-signature scheme consists of a signature scheme, a commitment scheme, and (1) an interactive protocol for obtaining a signature on a committed value; (2) a non-interactive proof system for proving that the contents of a commitment has been signed; (3) a non-interactive proof system for proving that a pair of commitments are commitments to the same value. We give a definition of security for P-signatures and show how they can be realized under appropriate assumptions about groups with bilinear map. Namely, we make extensive use of the powerful suite of non-interactive proof techniques due to Groth and Sahai. Our P-signatures enable, for the first time, the design of a practical non-interactive anonymous credential system whose security does not rely on the random oracle model. In addition, they may serve as a useful building block for other privacy-preserving authentication mechanisms.
منابع مشابه
Privacy-Enhancing Proxy Signatures from Non-interactive Anonymous Credentials
Proxy signatures enable an originator to delegate the signing rights for a restricted set of messages to a proxy. The proxy is then able to produce valid signatures only for messages from this delegated set on behalf of the originator. Recently, two variants of privacy-enhancing proxy signatures, namely blank signatures [27] and warrant-hiding proxy signatures [28], have been introduced. In thi...
متن کاملRandomizable Proofs and Delegatable Anonymous Credentials
We construct an efficient delegatable anonymous credentials system. Users can anonymously and unlinkably obtain credentials from any authority, delegate their credentials to other users, and prove possession of a credential L levels away from a given authority. The size of the proof (and time to compute it) is O(Lk), where k is the security parameter. The only other construction of delegatable ...
متن کاملBlock-wise P-Signatures and Non-Interactive Anonymous Credentials with Efficient Attributes
Anonymous credentials are protocols in which users obtain certificates from organizations and subsequently demonstrate their possession in such a way that transactions carried out by the same user cannot be linked. We present an anonymous credential scheme with non-interactive proofs of credential possession where credentials are associated with a number of attributes. Following recent results ...
متن کاملAn Extension of the Groth-Sahai Proof System
Non-interactive zero-knowledge proofs, particularly those constructed on top of bilinear groups, have been significantly studied in cryptography and used in a wide variety of applications in recent years. One very powerful suite of techniques for proofs over bilinear groups is the Groth-Sahai proof system, which provides efficient non-interactive witnessindistinguishable and zero-knowledge proo...
متن کاملSolving Revocation with Efficient Update of Anonymous Credentials
Anonymous credential system promise efficient, ubiquitous access to digital services while preserving user privacy. However, their diffusion is impaired by the lack of efficient revocation techniques. Traditional credential revocation measures based on certificate revocation lists or online certification authorities do not provide privacy and can not be used in privacy-sensitive contexts. Revoc...
متن کاملBlock-Wise P-Signatures and Non-interactive Anonymous Credentials with Efficient Attributes
Anonymous credentials are protocols in which users obtain certificates from organizations and subsequently demonstrate their possession in such a way that transactions carried out by the same user cannot be linked. We present an anonymous credential scheme with noninteractive proofs of credential possession where credentials are associated with a number of attributes. Following recent results o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2007 شماره
صفحات -
تاریخ انتشار 2007