## Cryptology ePrint Archive: Report 2020/1603

One-Time Delegation of Unlinkable Signing Rights and Its Application

Takashi Nishide

Abstract: Delegation of signing rights can be useful to promote effective resource sharing and smooth cooperation among participants in distributed systems, and in many situations, we often need restricted delegation such as one-timeness and unlinkability rather than simple full delegation. Particularly, one-timesness cannot be achieved just by deploying cryptographic measures, and one needs to resort to some form of tamper-proofness or the assistance from external cloud servers for key-disabling''. In this work, we extend the latter such that a delegatee can sign a message without the delegator's involvement with the assumption that there exists at least one honest cloud server with secure erasure to achieve one-timeness. In this setting, if the delegator just shares their signing key between the delegatee and cloud servers, it may be problematic. It is because in the worst case, the delegator cannot know whether or not a signing key theft occurred because the signatures generated illegally are indistinguishable from the ones generated legally. To solve this, first we propose an efficient one-time delegation scheme of Okamoto-Schnorr signing. Further we combine the basic delegation scheme with anonymous credentials such that the delegator can detect the signing key theft even if one-time delegation is broken while also achieving unlinkability for both the delegator and cloud servers. Further we show its application to an e-cash scheme, which can prevent double-spending.

Category / Keywords: public-key cryptography / Signature, Delegation, Anonymous Credential, E-Cash

Original Publication (with major differences): ProvSec 2020
DOI:
10.1007/978-3-030-62576-4_6

Contact author: nishide at risk tsukuba ac jp

Available format(s): PDF | BibTeX Citation

Note: This is the full version of the paper which appears in ProvSec 2020, with additional appendices including security analysis.

Short URL: ia.cr/2020/1603

[ Cryptology ePrint archive ]