Paper 2019/382

Hierarchical Attribute-based Signatures: Short Keys and Optimal Signature Length

Daniel Gardham and Mark Manulis


With Attribute-based Signatures (ABS) users can simultaneously sign messages and prove compliance of their attributes, issued by designated attribute authorities, with some verification policy. Neither signer's identity nor possessed attributes are leaked during the verification process, making ABS schemes a handy tool for applications requiring privacy-preserving authentication. Earlier ABS schemes lacked support for hierarchical delegation of attributes (across tiers of attribute authorities down to the signers), a distinct property that has made traditional PKIs more scalable and widely adoptable. This changed recently with the introduction of Hierarchical ABS (HABS) schemes, where support for attribute delegation was proposed in combination with stronger privacy guarantees for the delegation paths (path anonymity) and new accountability mechanisms allowing a dedicated tracing authority to identify these paths (path traceability) and the signer, along with delegated attributes, if needed. Yet, current HABS construction is generic with inefficient delegation process resulting in sub-optimal signature lengths of order $O(k^{2}|\Psi|)$ where $\Psi$ is the policy size and $k$ the height of the hierarchy. This paper proposes a direct HABS construction in bilinear groups that significantly improves on these bounds and satisfies the original security and privacy requirements. At the core of our HABS scheme is a new delegation process based on the length-reducing homomorphic trapdoor commitments to group elements for which we introduce a new delegation technique allowing step-wise commitments to additional elements without changing the length of the original commitment and its opening. While also being of independent interest, this technique results in shorter HABS keys and achieves the signature-length growth of $O(k|\Psi|)$ which is optimal due to the path-traceability requirement.

Note: This is the full version of a paper that appeared at ACNS 2019 under the same name. Updated Proofs & typos.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MAJOR revision.ACNS 2019
Attribute-based Signaturesdelegationhierarchypath anonymitypath traceabilitynon-frameabilityprivacy
Contact author(s)
d gardham @ surrey ac uk
2019-05-23: last of 2 revisions
2019-04-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel Gardham and Mark Manulis},
      title = {Hierarchical Attribute-based Signatures: Short Keys and Optimal Signature Length},
      howpublished = {Cryptology ePrint Archive, Paper 2019/382},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.