Traceable attribute-based signatures add anonymity revocation mechanisms to attribute-based signatures whereby a special tracing authority equipped with a secret key is capable of revealing the identity of the signer. Such a feature is important in settings where accountability and abuse prevention are required.
In this work, we first provide a formal security model for traceable attribute-based signatures. Our focus is on the more practical case where attribute management is distributed among different authorities rather than relying on a single central authority. By specializing our model to the single attribute authority setting, we overcome some of the shortcomings of the existing model for the same setting.
Our second contribution is a generic construction for the primitive which achieves a strong notion of security. Namely, it achieves CCA anonymity and its security is w.r.t.\ adaptive adversaries. Moreover, our framework permits expressive signing polices. Finally, we provide some instantiations of the primitive whose security reduces to falsifiable intractability assumptions and without relying on idealized assumptions.
Category / Keywords: public-key cryptography / Attribute-based signatures, security definitions, standard model. Original Publication (with major differences): CT-RSA 2014 Date: received 6 Dec 2013, last revised 8 Dec 2013 Contact author: eg6947 at googlemail com Available format(s): PDF | BibTeX Citation Version: 20131211:125522 (All versions of this report) Short URL: ia.cr/2013/828 Discussion forum: Show discussion | Start new discussion