Cryptology ePrint Archive: Report 2014/944

Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials

Georg Fuchsbauer and Christian Hanser and Daniel Slamanig

Abstract: Structure-preserving signatures (SPS) are a powerful building block for cryptographic protocols. We introduce SPS on equivalence classes (SPS-EQ), which allow joint randomization of messages and signatures. Messages are projective equivalence classes defined on group element vectors, so multiplying a vector by a scalar yields a different representative of the same class. Our scheme lets one adapt a signature for one representative to a signature for another representative without knowledge of any secret; and given a signature, an adapted signature for a different representative is indistinguishable from a fresh signature on a random message. We propose a definitional framework for SPS-EQ and an efficient construction in Type-3 bilinear groups, which we prove secure against generic forgers.

We also introduce a set-commitment scheme that lets one open subsets of the committed set. From this and SPS-EQ we then build an efficient multi-show attribute-based anonymous credential system for an arbitrary number of attributes. Our ABC system avoids costly zero-knowledge proofs and only requires a short interactive proof to thwart replay attacks. It is the first credential system whose bandwidth required for credential showing is independent of the number of its attributes, i.e., constant-size. We propose strengthened game-based security definitions for ABC and prove our scheme anonymous against malicious organizations in the standard model; finally, we give a concurrently secure variant in the CRS model.

Category / Keywords: Public-key cryptography / Structure-preserving signatures, attribute-based anonymous credentials, set commitments

Date: received 16 Nov 2014, last revised 20 Mar 2016

Contact author: fuchsbau at di ens fr

Available format(s): PDF | BibTeX Citation

Note: This paper corrects and extends eprint report 2014/705.

Version: 20160320:172820 (All versions of this report)

Short URL: ia.cr/2014/944

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]