Paper 2018/742

Witness-Indistinguishable Arguments with $\Sigma$-Protocols for Bundled Witness Spaces and its Application to Global Identities

Hiroaki Anada and Seiko Arita

Abstract

We propose a generic construction of a $\Sigma$-protocol of commit-and-prove type, which is an AND-composition of $\Sigma$-protocols on statements that include a common commitment. Our protocol enables a prover to convince a verifier that the prover knows a bundle of witnesses that have a common component which we call a base witness point. When the component $\Sigma$-protocols are of witness-indistinguishable argument systems, our $\Sigma$-protocol is also a witness-indistinguishable argument system as a whole. As an application, we propose a decentralized multi-authority anonymous authentication scheme. We first give a syntax and security definitions of the scheme. Then we give a generic construction of the scheme. There a witness is a bundle of witnesses each of which decomposes into a common global identity string and a digital signature on it. We mention an instantiation in the setting of bilinear groups.

Note: Major modification has been added in the definition of security against concurrent and collusion attacks; corrupted authorities are considered there. The proof for the security has been re-written. The appendices have been detailed. Some notations have been corrected.