Cryptology ePrint Archive: Report 2012/356

Fully Anonymous Attribute Tokens from Lattices

Jan Camenisch and Gregory Neven and Markus Rückert

Abstract: Anonymous authentication schemes such as group signatures and anonymous credentials are important privacy-protecting tools in electronic communications. The only currently known scheme based on assumptions that resist quantum attacks is the group signature scheme by Gordon et al. (ASIACRYPT 2010). We present a generalization of group signatures called *anonymous attribute tokens* where users are issued attribute-containing credentials that they can use to anonymously sign messages and generate tokens revealing only a subset of their attributes. We present two lattice-based constructions of this new primitive, one with and one without opening capabilities for the group manager. The latter construction directly yields as a special case the first lattice-based group signature scheme offering full anonymity (in the random-oracle model), as opposed to the practically less relevant notion of chosen-plaintext anonymity offered by the scheme of Gordon et al. We also extend our scheme to protect users from framing attacks by the group manager, where the latter creates tokens or signatures in the name of honest users. Our constructions involve new lattice-based tools for aggregating signatures and verifiable CCA2-secure encryption.

Category / Keywords: cryptographic protocols / Anonymous attribute tokens, group signatures, lattices, post-quantum cryptography.

Publication Info: SCN 2012

Date: received 21 Jun 2012

Contact author: markus rueckert at cased de

Available format(s): PDF | BibTeX Citation

Version: 20120622:200454 (All versions of this report)

Short URL: ia.cr/2012/356

Discussion forum: Show discussion | Start new discussion