Cryptology ePrint Archive: Report 2013/828

Decentralized Traceable Attribute-Based Signatures

Ali El Kaafarani and Essam Ghadafi and Dalia Khader

Abstract: Attribute-based signatures allow a signer owning a set of attributes to anonymously sign a message w.r.t.\ some signing policy. A recipient of the signature is convinced that a signer with a set of attributes satisfying the signing policy has indeed produced the signature without learning the identity of the signer or which set of attributes was used in the signing.

Traceable attribute-based signatures add anonymity revocation mechanisms to attribute-based signatures whereby a special tracing authority equipped with a secret key is capable of revealing the identity of the signer. Such a feature is important in settings where accountability and abuse prevention are required.

In this work, we first provide a formal security model for traceable attribute-based signatures. Our focus is on the more practical case where attribute management is distributed among different authorities rather than relying on a single central authority. By specializing our model to the single attribute authority setting, we overcome some of the shortcomings of the existing model for the same setting.

Our second contribution is a generic construction for the primitive which achieves a strong notion of security. Namely, it achieves CCA anonymity and its security is w.r.t.\ adaptive adversaries. Moreover, our framework permits expressive signing polices. Finally, we provide some instantiations of the primitive whose security reduces to falsifiable intractability assumptions and without relying on idealized assumptions.

Category / Keywords: public-key cryptography / Attribute-based signatures, security definitions, standard model.

Original Publication (with major differences): CT-RSA 2014

Date: received 6 Dec 2013, last revised 8 Dec 2013

Contact author: eg6947 at googlemail com

Available format(s): PDF | BibTeX Citation

Version: 20131211:125522 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]