Cryptology ePrint Archive: Report 2016/070
Domain-Specific Pseudonymous Signatures Revisited
Abstract: Domain-Specific Pseudonymous Signature schemes were recently proposed for privacy preserving authentication
of digital identity documents by the BSI, German Federal Office for Information
The crucial property of domain-specific pseudonymous signatures
is that a signer may derive unique pseudonyms within a so called domain.
Now, the signer's true identity is hidden behind his domain pseudonyms
and these pseudonyms are unlinkable, i.e. it is infeasible to
correlate two pseudonyms from distinct domains
with the identity of a single signer.
In this paper we take a critical look at
the security definitions and constructions of domain-specific pseudonymous signatures
proposed by far.
We review two articles which propose ``sound and clean''
security definitions and point out some issues
present in these models.
Some of the issues we present may have a strong practical
impact on constructions ``provably secure'' in this models.
Additionally, we point out some worrisome
facts about the proposed schemes and their security analysis.
Category / Keywords: public-key cryptography, eID Documents, Privacy, Domain Signatures, Pseudonymity, Security Definition, Provable Security
Date: received 25 Jan 2016, last revised 11 Feb 2016
Contact author: kamil kluczniak at pwr edu pl
Available format(s): PDF | BibTeX Citation
Note: This version fixes some editorial mistakes.
Version: 20160211:094612 (All versions of this report)
Short URL: ia.cr/2016/070
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]