Paper 2023/320
Anonymous Counting Tokens
Abstract
We introduce a new primitive called anonymous counting tokens (ACTs) which allows clients to obtain blind signatures or MACs (aka tokens) on messages of their choice, while at the same time enabling issuers to enforce rate limits on the number of tokens that a client can obtain for each message. Our constructions enforce that each client will be able to obtain only one token per message and we show a generic transformation to support other rate limiting as well. We achieve this new property while maintaining the unforgeability and unlinkability properties required for anonymous tokens schemes. We present four ACT constructions with various trade-offs for their efficiency and underlying security assumptions. One construction uses factorization-based primitives and a cyclic group. It is secure in the random oracle model under the q-DDHI assumption (in a cyclic group) and the DCR assumption. Our three other constructions use bilinear maps: one is secure in the standard model under q-DDHI and SXDH, one is secure in the random oracle model under SXDH, and the most efficient of the three is secure in the random oracle model and generic bilinear group model.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- A minor revision of an IACR publication in ASIACRYPT 2023
- Contact author(s)
-
fbenhamo102 @ gmail com
marianar @ google com
karn @ google com - History
- 2023-10-30: revised
- 2023-03-03: received
- See all versions
- Short URL
- https://ia.cr/2023/320
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/320, author = {Fabrice Benhamouda and Mariana Raykova and Karn Seth}, title = {Anonymous Counting Tokens}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/320}, year = {2023}, url = {https://eprint.iacr.org/2023/320} }