Paper 2021/1234

Policy-Compliant Signatures

Christian Badertscher, Christian Matt, and Hendrik Waldner


We introduce policy-compliant signatures (PCS). A PCS scheme can be used in a setting where a central authority determines a global policy and distributes public and secret keys associated with sets of attributes to the users in the system. If two users, Alice and Bob, have attribute sets that jointly satisfy the global policy, Alice can use her secret key and Bob's public key to sign a message. Unforgeability ensures that a valid signature can only be produced if Alice's secret key is known and if the policy is satisfied. Privacy guarantees that the public keys and produced signatures reveal nothing about the users' attributes beyond whether they satisfy the policy or not. PCS extend the functionality provided by existing primitives such as attribute-based signatures and policy-based signatures, which do not consider a designated receiver and thus cannot include the receiver's attributes in the policies. We describe practical applications of PCS which include controlling transactions in financial systems with strong privacy guarantees (avoiding additional trusted entities that check compliance), as well as being a tool for trust negotiations. We introduce an indistinguishability-based privacy notion for PCS and present a generic and modular scheme based on standard building blocks such as signatures, non-interactive zero-knowledge proofs, and a (predicate-only) predicate encryption scheme. We show that it can be instantiated to obtain an efficient scheme that is provably secure under standard pairing-assumptions for a wide range of policies. We further model PCS in UC by describing the goal of PCS as an enhanced ideal signature functionality which gives rise to a simulation-based privacy notion for PCS. We show that our generic scheme achieves this composable security notion under the additional assumption that the underlying predicate encryption scheme satisfies a stronger, fully adaptive, simulation-based attribute-hiding notion.

Available format(s)
Publication info
A major revision of an IACR publication in TCC 2021
enhanced signaturesprivacypolicy-dependence
Contact author(s)
christian badertscher @ iohk io
cm @ concordium com
hendrik waldner @ ed ac uk
2022-03-04: revised
2021-09-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Christian Badertscher and Christian Matt and Hendrik Waldner},
      title = {Policy-Compliant Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1234},
      year = {2021},
      doi = {10.1007/978-3-030-90456-2_12},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.