Double issuer-hiding attribute-based credentials from tag-based aggregatable mercurial signatures

Double issuer-hiding attribute-based credentials from tag-based aggregatable mercurial signatures

Attribute-based anonymous credentials offer users fine-grained access control in a privacy-preserving manner. However, in such schemes obtaining a user's credentials requires knowledge of the issuer's public key, which obviously reveals the issuer's identity that must be hidden from u...

Full description

Saved in:
Bibliographic Details
Main Authors: SHI, Rui, YANG, Yang, LI, Yingjiu, FENG, Huamin, SHI, Guozhen, PANG, Hwee Hwa, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2024
Subjects:
Anonymous credentials
mercurial signatures
privacy preserving
issuer hiding
Information Security
Theory and Algorithms
Online Access:https://ink.library.smu.edu.sg/sis_research/9532
https://ink.library.smu.edu.sg/context/sis_research/article/10532/viewcontent/Double_Issuer_Hiding_2024_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Attribute-based anonymous credentials offer users fine-grained access control in a privacy-preserving manner. However, in such schemes obtaining a user's credentials requires knowledge of the issuer's public key, which obviously reveals the issuer's identity that must be hidden from users in certain scenarios. Moreover, verifying a user's credentials also requires the knowledge of issuer's public key, which may infer the user's private information from their choice of issuer. In this article, we introduce the notion of double issuer-hiding attribute-based credentials ( DIHAC ) to tackle these two problems. In our model, a central authority can issue public-key credentials for a group of issuers, and users can obtain attribute-based credentials from one of the issuers without knowing which one it is. Then, a user can prove that their credential was issued by one of the authenticated issuers without revealing which one to a verifier. We provide a generic construction, as well as a concrete instantiation for DIHAC based on structure-preserving signatures on equivalence classes (JOC's 19) and a novel primitive which we call tag-based aggregatable mercurial signatures. Our construction is efficient without relying on zero-knowledge proofs. We provide rigorous evaluations on personal laptop and smartphone platforms, respectively, to demonstrate its practicability.

Similar Items