Cryptology ePrint Archive: Report 2005/123

Accumulators from Bilinear Pairings and Applications to ID-based Ring Signatures and Group Membership Revocation

Lan Nguyen

Abstract: We propose a dynamic accumulator scheme from bilinear pairings, whose security is based on the Strong Diffie-Hellman assumption. We show applications of this accumulator in constructing an identity-based (ID-based) ring signature scheme with constant-size signatures and its interactive counterpart, and providing membership revocation to group signature, traceable signature and identity escrow schemes and anonymous credential systems. The ID-based ring signature scheme and the group signature scheme have extremely short signature sizes. The size of our group signatures with membership revocation is only half the size of the well-known ACJT00 scheme, which does not provide membership revocation. The schemes do not require trapdoor, so system parameters can be shared by multiple groups belonging to different organizations. All schemes proposed are provably secure in formal models. We generalize the definition of accumulators to model a wider range of practical accumulators. We provide formal models for ID-based ad-hoc anonymous identification schemes and identity escrow schemes with membership revocation, based on existing ones.

Category / Keywords: public-key cryptography / Dynamic accumulators, ID-based, ring signatures, ad-hoc anonymous identification, group signatures, identity escrow, membership revocation, privacy and anonymity.

Publication Info: An extended abstract appears in CT-RSA 2005.

Date: received 27 Apr 2005, last revised 7 Nov 2006

Contact author: ldn01 at uow edu au

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: - A(f, g, u) is replaced by A(g.f, U_f, U_g, u) in Definition 2 and Theorem 1. Thanks go to Christophe Tartary for informing this problem.

- This full version provides new algorithms that are secure against the attack in Eprint 2005/103 "Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05". The new algorithms are more efficient than the improvement proposed in Eprint 2005/103.

Version: 20061108:033453 (All versions of this report)

Discussion forum: Show discussion | Start new discussion