Cryptology ePrint Archive: Report 2005/123
Accumulators from Bilinear Pairings and Applications to ID-based Ring Signatures and Group Membership Revocation
Abstract: We propose a dynamic accumulator scheme from bilinear
pairings, whose security is based on the Strong Diffie-Hellman
assumption. We show applications of this accumulator in
constructing an identity-based (ID-based) ring signature scheme
with constant-size signatures and its interactive counterpart, and
providing membership revocation to group signature, traceable
signature and identity escrow schemes and anonymous credential
systems. The ID-based ring signature scheme and the group
signature scheme have extremely short signature sizes. The size of
our group signatures with membership revocation is only half the
size of the well-known ACJT00 scheme, which does not provide
membership revocation. The schemes do not require trapdoor, so
system parameters can be shared by multiple groups belonging to
different organizations. All schemes proposed are provably secure
in formal models. We generalize the definition of accumulators to
model a wider range of practical accumulators. We provide formal
models for ID-based ad-hoc anonymous identification schemes and
identity escrow schemes with membership revocation, based on existing ones.
Category / Keywords: public-key cryptography / Dynamic accumulators, ID-based, ring signatures, ad-hoc anonymous identification, group signatures, identity escrow, membership revocation, privacy and anonymity.
Publication Info: An extended abstract appears in CT-RSA 2005.
Date: received 27 Apr 2005, last revised 7 Nov 2006
Contact author: ldn01 at uow edu au
Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Note: - A(f, g, u) is replaced by A(g.f, U_f, U_g, u) in Definition 2 and Theorem 1. Thanks go to Christophe Tartary for informing this problem.
- This full version provides new algorithms that are secure against the attack in Eprint 2005/103 "Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05". The new algorithms are more efficient than the improvement proposed in Eprint 2005/103.
Version: 20061108:033453 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]