Paper 2010/595

Attribute-Based Signatures

Hemanta K. Maji, Manoj Prabhakaran, and Mike Rosulek


We introduce {\em Attribute-Based Signatures (ABS)}, a versatile primitive that allows a party to sign a message with fine-grained control over identifying information. In ABS, a signer, who possesses a set of attributes from the authority, can sign a message with a predicate that is satisfied by his attributes. The signature reveals no more than the fact that a single user with some set of attributes satisfying the predicate has attested to the message. In particular, the signature hides the attributes used to satisfy the predicate and any identifying information about the signer (that could link multiple signatures as being from the same signer). Furthermore, users cannot collude to pool their attributes together. We give a general framework for constructing ABS schemes, and then show several practical instantiations based on groups with bilinear pairing operations, under standard assumptions. Further, we give a construction which is secure even against a malicious attribute authority, but the security for this scheme is proven in the generic group model. We describe several practical problems that motivated this work, and how ABS can be used to solve them. Also, we show how our techniques allow us to extend Groth-Sahai NIZK proofs to be simulation-extractable and identity-based with low overhead.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Full version of an extended abstract in CT-RSA 2011
signaturesattribute-based signatures
Contact author(s)
mikero @ cs umt edu
2010-11-24: received
Short URL
Creative Commons Attribution


      author = {Hemanta K.  Maji and Manoj Prabhakaran and Mike Rosulek},
      title = {Attribute-Based Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2010/595},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.