Paper 2021/1581

Composable Notions for Anonymous and Authenticated Communication

Fabio Banfi and Ueli Maurer

Abstract

The task of providing authenticated communication while retaining anonymity requires to achieve two apparently conflicting goals: How can different senders authenticate their messages without revealing their identity? Despite the paradoxical nature of this problem, there exist many cryptographic schemes designed to achieve both goals simultaneously, but the security notions from the literature are mainly game-based. The goal of this paper is to provide new composable security notions for such (public-key) cryptosystems, and it can be interpreted as the dual of the work by Kohlweiss et al. (PETS 2013). We do so by defining possible ideal resources, for many senders and one receiver, which provide some trade-off between authenticity and anonymity (of the senders), and use them to define new composable security notions using the framework of constructive cryptography. Then we systematically review three different protocols and identify which of these notions each satisfies. We consider protocols based on (1) a new type of scheme which we call bilateral signatures (syntactically related to designated verifier signatures), (2) partial signatures (and the related anonymous signatures), and (3) ring signatures.