Firstly, we provide a new stronger security model which circumvents some shortcomings in existing models. Our model minimizes the trust placed in attribute authorities and hence provides, among other things, a stronger definition for non-frameability. In addition, unlike previous models, our model captures the notion of tracing soundness which is important for many applications of the primitive, and which ensures that even if all parties in the system are fully corrupt, no one but the actual signer can claim authorship of the signature.
Secondly, we provide a generic construction that is secure w.r.t.\ our strong security model and show two example instantiations in the standard model which are more efficient than existing constructions (secure under weaker security definitions).
Finally, unlike existing constructions, we dispense with the need for the expensive zero-knowledge proofs required for proving tracing correctness by the tracing authority. As a result, tracing a signature in our constructions is significantly more efficient than existing constructions, both in terms of the size of the tracing proof and the computational cost required to generate and verify it. For instance, verifying tracing correctness in our constructions requires only 4 pairings compared to 34 pairings in the most efficient existing construction.
Category / Keywords: Public-key cryptography/ Attribute-based signatures, security definitions, traceability, standard model Original Publication (with major differences): CT-RSA 2015 Date: received 22 Apr 2014, last revised 8 Apr 2015 Contact author: eg6947 at googlemail com Available format(s): PDF | BibTeX Citation Note: Tracing signatures is now more efficient than in the previous version. Also, added an acknowledgment. Version: 20150408:151136 (All versions of this report) Short URL: ia.cr/2014/278 Discussion forum: Show discussion | Start new discussion