Cryptology ePrint Archive: Report 2014/944

Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials

Georg Fuchsbauer and Christian Hanser and Daniel Slamanig

Abstract: Structure-preserving signatures (SPS) are a powerful building block for cryptographic protocols. We introduce SPS on equivalence classes (SPS-EQ), which allow joint randomization of messages and signatures. Messages are projective equivalence classes defined on group element vectors, so multiplying a vector by a scalar yields a different representative of the same class. Our scheme lets one adapt a signature for one representative to a signature for another representative without knowledge of any secret. Moreover, given a signature, an adapted signature for a different representative is indistinguishable from a fresh signature on a random message. We propose a definitional framework for SPS-EQ and an efficient construction in Type-3 bilinear groups, which we prove secure against generic forgers.

We also introduce set-commitment schemes that let one open subsets of the committed set. From this and SPS-EQ we then build an efficient multi-show attribute-based anonymous credential system for an arbitrary number of attributes. Our ABC system avoids costly zero-knowledge proofs and only requires a short interactive proof to thwart replay attacks. It is the first credential system whose bandwidth required for credential showing is independent of the number of its attributes, i.e., constant-size. We propose strengthened game-based security definitions for ABC and prove our scheme anonymous against malicious organizations in the standard model; finally, we discuss a concurrently secure variant in the CRS model.

Category / Keywords: cryptographic protocols / Structure-preserving signatures, attribute-based anonymous credentials, set commitments

Original Publication (with minor differences): IACR-JOC-2019

Date: received 16 Nov 2014, last revised 21 Jan 2021

Contact author: fuchsbau at di ens fr, daniel slamanig@ait ac at

Available format(s): PDF | BibTeX Citation

Note: This paper corrects and extends eprint report 2014/705.

Version: 20210121:101436 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]