{"id":1894,"date":"2017-05-02T10:14:03","date_gmt":"2017-05-02T10:14:03","guid":{"rendered":"https:\/\/prismacloud.eu\/?p=1894"},"modified":"2018-04-03T12:34:38","modified_gmt":"2018-04-03T12:34:38","slug":"structure-preserving-signatures-on-equivalence-classes-and-constant-size-anonymous-credentials","status":"publish","type":"post","link":"https:\/\/prismacloud.eu\/structure-preserving-signatures-on-equivalence-classes-and-constant-size-anonymous-credentials\/","title":{"rendered":"Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials"},"content":{"rendered":"<p style=\"text-align: justify;\"><strong>Title<\/strong><\/p>\n<p style=\"text-align: justify;\">Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials<\/p>\n<p><strong>Authors<\/strong><\/p>\n<p>Georg Fuchsbauer, Christian Hanser, Daniel Slamanig<\/p>\n<p style=\"text-align: justify;\"><strong>Abstract<\/strong><\/p>\n<p style=\"text-align: justify;\">Structure-preserving signatures (SPS) are a powerful building block for cryptographic protocols. We introduce SPS on equivalence classes (SPS-EQ), which allow joint randomization of messages and signatures. Messages are projective equivalence classes defined on group element vectors, so multiplying a vector by a scalar yields a different representative of the same class. Our scheme lets one adapt a signature for one representative to a signature for another representative without knowledge of any secret; and given a signature, an adapted signature for a different representative is indistinguishable from a fresh signature on a random message. We propose a definitional framework for SPS-EQ and an efficient construction in Type-3 bilinear groups, which we prove secure against generic forgers.<\/p>\n<p style=\"text-align: justify;\">We also introduce a set-commitment scheme that lets one open subsets of the committed set. From this and SPS-EQ we then build an efficient multi-show attribute-based anonymous credential system for an arbitrary number of attributes. Our ABC system avoids costly zero-knowledge proofs and only requires a short interactive proof to thwart replay attacks. It is the first credential system whose bandwidth required for credential showing is independent of the number of its attributes, i.e., constant-size. We propose strengthened game-based security definitions for ABC and prove our scheme anonymous against malicious organizations in the standard model; finally, we give a concurrently secure variant in the CRS model.<\/p>\n<p style=\"text-align: justify;\"><strong>Venue<\/strong><\/p>\n<p style=\"text-align: justify;\">Journal of Cryptology<\/p>\n<p>[<a href=\"https:\/\/eprint.iacr.org\/2014\/944\">Download<\/a>]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Structure-preserving signatures (SPS) are a powerful building block for cryptographic protocols. We introduce SPS on equivalence classes (SPS-EQ), which allow joint randomization of messages and signatures. Messages are projective equivalence classes defined on group element vectors, so multiplying a vector by a scalar yields a different representative of the same class. Our scheme lets one adapt a signature for one representative to a signature for another representative without knowledge of any secret; and given a signature, an adapted signature for a different representative is indistinguishable from a fresh signature on a random message. We propose a definitional framework for SPS-EQ and an efficient construction in Type-3 bilinear groups, which we prove secure against generic forgers.<\/p>\n<p>We also introduce a set-commitment scheme that lets one open subsets of the committed set. From this and SPS-EQ we then build an efficient multi-show attribute-based anonymous credential system for an arbitrary number of attributes. Our ABC system avoids costly zero-knowledge proofs and only requires a short interactive proof to thwart replay attacks. It is the first credential system whose bandwidth required for credential showing is independent of the number of its attributes, i.e., constant-size. We propose strengthened game-based security definitions for ABC and prove our scheme anonymous against malicious organizations in the standard model; finally, we give a concurrently secure variant in the CRS model.<\/p>\n","protected":false},"author":2,"featured_media":1898,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,8],"tags":[],"_links":{"self":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1894"}],"collection":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/comments?post=1894"}],"version-history":[{"count":3,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1894\/revisions"}],"predecessor-version":[{"id":2614,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1894\/revisions\/2614"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media\/1898"}],"wp:attachment":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media?parent=1894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/categories?post=1894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/tags?post=1894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}