In this paper we give a repaired version, along with a highly detailed security proof.
A full paper will be made available shortly. However in the meantime we present this paper for the community to check and comment on.
Category / Keywords: cryptographic protocols / DAA, Pairings Date: received 7 May 2009, withdrawn 4 Dec 2011 Contact author: nigel at cs bris ac uk Available format(s): (-- withdrawn --) Note: The model in the paper contains a major flaw. Indeed no protocol can be proved secure in this model (for any protocol there is a trivial distinguisher between the real and ideal worlds).
The protocol we propose has issues related to linking, and the "ZK proof" in the Join protocol is the wrong way around. These latter two points can be fixed (which will be done in a soon to be posted paper to e-print)Version: 20111204:134054 (All versions of this report) Short URL: ia.cr/2009/198 Discussion forum: Show discussion | Start new discussion