## Cryptology ePrint Archive: Report 2018/742

Witness-Indistinguishable Arguments with $\Sigma$-Protocols for Bundled Witness Spaces and its Application to Global Identities

Abstract: We propose a generic construction of a $\Sigma$-protocol of commit-and-prove type, which is an \textsc{and}-composition of $\Sigma$-protocols on the statements that include a common commitment. Our protocol enables a prover to convince a verifier that the prover knows a bundle of witnesses that have a common component which we call a base witness point. When the component $\Sigma$-protocols are of witness-indistinguishable argument systems, our $\Sigma$-protocol is also a witness-indistinguishable argument system as a whole. As an application, we propose a decentralized multi-authority anonymous authentication scheme. We first define a syntax and security notions of the scheme. Then we give a generic construction of a decentralized multi-authority anonymous authentication scheme. There a witness is a bundle of witnesses each of which decomposes into a common global identity string and a digital signature on it. We mention an instantiation of the generic scheme in the setting of bilinear groups.

Category / Keywords: public-key cryptography / interactive proof, sigma protocol, witness indistinguishability, decentralized, collusion resistance

Original Publication (with minor differences): The 2018 International Conference on Information and Communications Security (ICICS2018)