Cryptology ePrint Archive: Report 2020/1603
One-Time Delegation of Unlinkable Signing Rights and Its Application
Takashi Nishide
Abstract: Delegation of signing rights can be useful to promote effective resource sharing and smooth cooperation among participants
in distributed systems, and
in many situations, we often need restricted delegation
such as one-timeness and unlinkability rather than simple full delegation.
Particularly, one-timesness cannot be achieved just by deploying cryptographic measures,
and one needs to resort to some form of tamper-proofness
or the assistance from external cloud servers for ``key-disabling''.
In this work, we extend the latter such that a delegatee can sign a message
without the delegator's involvement with the assumption that there exists at least one
honest cloud server with secure erasure to achieve one-timeness.
In this setting, if the delegator just shares their signing key between
the delegatee and cloud servers, it may be problematic.
It is because in the worst case, the delegator cannot know whether or not
a signing key theft occurred because the signatures generated illegally are
indistinguishable from the ones generated legally.
To solve this, first we propose an efficient one-time delegation scheme of Okamoto-Schnorr signing.
Further we combine the basic delegation scheme with anonymous credentials
such that the delegator can detect the signing key theft even if one-time delegation is broken
while also achieving unlinkability for both the delegator and cloud servers.
Further we show its application to an e-cash scheme, which can prevent double-spending.
Category / Keywords: public-key cryptography / Signature, Delegation, Anonymous Credential, E-Cash
Original Publication (with major differences): ProvSec 2020
DOI: 10.1007/978-3-030-62576-4_6
Date: received 24 Dec 2020
Contact author: nishide at risk tsukuba ac jp
Available format(s): PDF | BibTeX Citation
Note: This is the full version of the paper which appears in ProvSec 2020, with additional appendices including security analysis.
Version: 20201227:131550 (All versions of this report)
Short URL: ia.cr/2020/1603
[ Cryptology ePrint archive ]