Cryptology ePrint Archive: Report 2009/148
Secret Handshake: Strong Anonymity Definition and Construction
Yutaka Kawai and Kazuki Yoneyama and Kazuo Ohta
Abstract: Secret handshake allows two members in the same group to authenticate each other secretly. In previous works of secret handshake schemes, two types of anonymities against the group authority (GA) of a group G are discussed: 1)Even GA cannot identify members, namely nobody can identify them (No-Traceability), 2)Only GA can identify members (Traceability). In this paper, first the necessity of tracing of the identification is shown. Second, we classify abilities of GA into the ability of identifying players and that of issuing the certificate to members. We introduce two anonymities Co-Traceability and Strong Detector Resistance. When a more strict anonymity is required ever for GA, the case 2) is unfavorable for members. Then, we introduce Co-Traceability where even if A has GA’s ability of identifying members or issuing the certificate, A cannot trace members identification. However, if a scheme satisfies Co-Traceability, GA may be able to judge whether handshake players belong to the own group. Then, we introduce Strong Detector Resistance where even if an adversary A has GA’s ability of identifying members, A cannot make judgments whether a handshaking player belongs to G. Additionally, we propose a secret handshake scheme which satisfies previous security requirements and our proposed anonymity requirements by using group signature scheme with message recovery.
Category / Keywords: cryptographic protocols / secret handshake, anonymity, traceability, privacy
Publication Info: The short version of this paper was accepted to ISPEC 2009.
Date: received 31 Mar 2009, last revised 31 Mar 2009
Contact author: kawai at ice uec ac jp
Available format(s): PDF | BibTeX Citation
Version: 20090331:184505 (All versions of this report)
Short URL: ia.cr/2009/148
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]