Cryptology ePrint Archive: Report 2009/148

Secret Handshake: Strong Anonymity Definition and Construction

Yutaka Kawai and Kazuki Yoneyama and Kazuo Ohta

Abstract: Secret handshake allows two members in the same group to authenticate each other secretly. In previous works of secret handshake schemes, two types of anonymities against the group authority (GA) of a group G are discussed: 1)Even GA cannot identify members, namely nobody can identify them (No-Traceability), 2)Only GA can identify members (Traceability). In this paper, first the necessity of tracing of the identification is shown. Second, we classify abilities of GA into the ability of identifying players and that of issuing the certificate to members. We introduce two anonymities Co-Traceability and Strong Detector Resistance. When a more strict anonymity is required ever for GA, the case 2) is unfavorable for members. Then, we introduce Co-Traceability where even if A has GAs ability of identifying members or issuing the certificate, A cannot trace members identification. However, if a scheme satisfies Co-Traceability, GA may be able to judge whether handshake players belong to the own group. Then, we introduce Strong Detector Resistance where even if an adversary A has GAs ability of identifying members, A cannot make judgments whether a handshaking player belongs to G. Additionally, we propose a secret handshake scheme which satisfies previous security requirements and our proposed anonymity requirements by using group signature scheme with message recovery.

Category / Keywords: cryptographic protocols / secret handshake, anonymity, traceability, privacy

Publication Info: The short version of this paper was accepted to ISPEC 2009.

Date: received 31 Mar 2009, last revised 31 Mar 2009

Contact author: kawai at ice uec ac jp

Available format(s): PDF | BibTeX Citation

Version: 20090331:184505 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]