## Cryptology ePrint Archive: Report 2019/382

Hierarchical Attribute-based Signatures: Short Keys and Optimal Signature Length

Daniel Gardham and Mark Manulis

Abstract: With Attribute-based Signatures (ABS) users can simultaneously sign messages and prove compliance of their attributes, issued by designated attribute authorities, with some verification policy. Neither signer's identity nor possessed attributes are leaked during the verification process, making ABS schemes a handy tool for applications requiring privacy-preserving authentication. Earlier ABS schemes lacked support for hierarchical delegation of attributes (across tiers of attribute authorities down to the signers), a distinct property that has made traditional PKIs more scalable and widely adoptable.

This changed recently with the introduction of Hierarchical ABS (HABS) schemes, where support for attribute delegation was proposed in combination with stronger privacy guarantees for the delegation paths (path anonymity) and new accountability mechanisms allowing a dedicated tracing authority to identify these paths (path traceability) and the signer, along with delegated attributes, if needed. Yet, current HABS construction is generic with inefficient delegation process resulting in sub-optimal signature lengths of order $O(k^{2}|\Psi|)$ where $\Psi$ is the policy size and $k$ the height of the hierarchy.

This paper proposes a direct HABS construction in bilinear groups that significantly improves on these bounds and satisfies the original security and privacy requirements. At the core of our HABS scheme is a new delegation process based on the length-reducing homomorphic trapdoor commitments to group elements for which we introduce a new delegation technique allowing step-wise commitments to additional elements without changing the length of the original commitment and its opening. While also being of independent interest, this technique results in shorter HABS keys and achieves the signature-length growth of $O(k|\Psi|)$ which is optimal due to the path-traceability requirement.

Category / Keywords: public-key cryptography / Attribute-based Signatures, delegation, hierarchy, path anonymity, path traceability, non-frameability, privacy

Original Publication (with major differences): ACNS 2019

Date: received 10 Apr 2019, last revised 23 May 2019

Contact author: d gardham at surrey ac uk

Available format(s): PDF | BibTeX Citation

Note: This is the full version of a paper that appeared at ACNS 2019 under the same name. Updated Proofs & typos.

Short URL: ia.cr/2019/382

[ Cryptology ePrint archive ]