Paper 2013/544

Warrant-Hiding Delegation-by-Certificate Proxy Signature Schemes

Christian Hanser and Daniel Slamanig

Abstract

Proxy signatures allow an entity (the delegator) to delegate his signing capabilities to other entities (called proxies), who can then produce signatures on behalf of the delegator. Typically, a delegator may not want to give a proxy the power to sign any message on his behalf, but only messages from a well defined message space. Therefore, the so called delegation by warrant approach has been introduced. Here, a warrant is included into the delegator's signature (the so called certificate) to describe the message space from which a proxy is allowed to choose messages to produce valid signatures for. Interestingly, in all previously known constructions of proxy signatures following this approach, the warrant is made explicit and, thus, is an input to the verification algorithm of a proxy signature. This means, that a verifier learns the entire message space for which the proxy has been given the signing power. However, it may be desirable to hide the remaining messages in the allowed message space from a verifier. This scenario has never been investigated in context of proxy signatures, but seems to be interesting for practical applications. In this paper, we resolve this issue by introducing so called warrant-hiding proxy signatures. We provide a formal security definition of such schemes by augmenting the well established security model for proxy signatures by Boldyreva et al. Furthermore, we discuss strategies how to realize this warrant-hiding property and we also provide two concrete instantiations of such a scheme. They enjoy different advantages, but are both entirely practical. Moreover, we prove them secure with respect to the augmented security model.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. INDOCRYPT'13
Keywords
Proxy signaturesdigital signatureswarrant-hidingzero-knowledge setsvector commitmentsrandomized Merkle treespolynomial commitments
Contact author(s)
chanser @ iaik tugraz at
History
2013-08-30: received
Short URL
https://ia.cr/2013/544
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/544,
      author = {Christian Hanser and Daniel Slamanig},
      title = {Warrant-Hiding Delegation-by-Certificate Proxy Signature Schemes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/544},
      year = {2013},
      url = {https://eprint.iacr.org/2013/544}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.