In this paper, we firstly introduce a generic technique for non-interactive zero-knowledge plaintext equality and inequality proofs. In our setting, the prover is given two ciphertexts and some trapdoor information, but neither has access to the decryption key nor the randomness used to produce the respective ciphertexts. Thus, the prover performs these proofs on unknown plaintexts. Besides a generic technique, we also propose an efficient instantiation that adapts recent results from Blazy et al. (CT-RSA'15), and in particular a combination of Groth-Sahai (GS) proofs (or sigma proofs) and smooth projective hash functions (SPHFs).
While this result may be of independent interest, we use it to realize verifiable controllable linkability for group signatures. Here, the LA is required to non-interactively prove whether or not two signatures link (while it is not able to identify the signers). This significantly reduces the required trust in the linking authority. Moreover, we extend the model of group signatures to cover the feature of verifiable controllable linkability.Category / Keywords: public-key cryptography / group signatures, verifiable controllable linkability, non-interactive plaintext (in-)equality proofs, privacy, anonymity Original Publication (with major differences): CT-RSA 2016 Date: received 29 Jan 2016 Contact author: david derler at iaik tugraz at Available format(s): PDF | BibTeX Citation Version: 20160129:151346 (All versions of this report) Short URL: ia.cr/2016/082 Discussion forum: Show discussion | Start new discussion