While standard signatures provide an efficient mechanism for information certification, the lack of privacy protecting measures makes them unsuitable if sensitive or confidential information is being certified. In this paper, we revisit nominative signatures, first introduced by Kim, Park and Won, which provides the functionality and security guarantees required to implement a certification system allowing the user (and not the authority) to control the verifiability of an obtained certificate. Unlike systems based on related primitives, the use of nominative signatures protects the user against authority information leaks and impersonation attacks based on these. We refine the security model of nominative signatures, and propose a new efficient scheme which is provably secure based on the computational Diffie-Hellman problem and the decisional linear problem. To the best of our knowledge, our scheme is the the only nominative signature scheme which is provably secure in the standard model based on standard assumptions. Furthermore, unlike most previous schemes, the proposed scheme provides signatures which hide both the signer and user identity. Hence, through our nominative signature scheme, we achieve an efficient non-transferable user certification scheme with strong security guarantees.
Goichiro HANAOKA
National Institute of Industrial Science and Technology (AIST)
Jacob SCHULDT
National Institute of Industrial Science and Technology (AIST)
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Goichiro HANAOKA, Jacob SCHULDT, "Convertible Nominative Signatures from Standard Assumptions without Random Oracles" in IEICE TRANSACTIONS on Fundamentals,
vol. E99-A, no. 6, pp. 1107-1121, June 2016, doi: 10.1587/transfun.E99.A.1107.
Abstract: While standard signatures provide an efficient mechanism for information certification, the lack of privacy protecting measures makes them unsuitable if sensitive or confidential information is being certified. In this paper, we revisit nominative signatures, first introduced by Kim, Park and Won, which provides the functionality and security guarantees required to implement a certification system allowing the user (and not the authority) to control the verifiability of an obtained certificate. Unlike systems based on related primitives, the use of nominative signatures protects the user against authority information leaks and impersonation attacks based on these. We refine the security model of nominative signatures, and propose a new efficient scheme which is provably secure based on the computational Diffie-Hellman problem and the decisional linear problem. To the best of our knowledge, our scheme is the the only nominative signature scheme which is provably secure in the standard model based on standard assumptions. Furthermore, unlike most previous schemes, the proposed scheme provides signatures which hide both the signer and user identity. Hence, through our nominative signature scheme, we achieve an efficient non-transferable user certification scheme with strong security guarantees.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E99.A.1107/_p
Copy
@ARTICLE{e99-a_6_1107,
author={Goichiro HANAOKA, Jacob SCHULDT, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Convertible Nominative Signatures from Standard Assumptions without Random Oracles},
year={2016},
volume={E99-A},
number={6},
pages={1107-1121},
abstract={While standard signatures provide an efficient mechanism for information certification, the lack of privacy protecting measures makes them unsuitable if sensitive or confidential information is being certified. In this paper, we revisit nominative signatures, first introduced by Kim, Park and Won, which provides the functionality and security guarantees required to implement a certification system allowing the user (and not the authority) to control the verifiability of an obtained certificate. Unlike systems based on related primitives, the use of nominative signatures protects the user against authority information leaks and impersonation attacks based on these. We refine the security model of nominative signatures, and propose a new efficient scheme which is provably secure based on the computational Diffie-Hellman problem and the decisional linear problem. To the best of our knowledge, our scheme is the the only nominative signature scheme which is provably secure in the standard model based on standard assumptions. Furthermore, unlike most previous schemes, the proposed scheme provides signatures which hide both the signer and user identity. Hence, through our nominative signature scheme, we achieve an efficient non-transferable user certification scheme with strong security guarantees.},
keywords={},
doi={10.1587/transfun.E99.A.1107},
ISSN={1745-1337},
month={June},}
Copy
TY - JOUR
TI - Convertible Nominative Signatures from Standard Assumptions without Random Oracles
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1107
EP - 1121
AU - Goichiro HANAOKA
AU - Jacob SCHULDT
PY - 2016
DO - 10.1587/transfun.E99.A.1107
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E99-A
IS - 6
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - June 2016
AB - While standard signatures provide an efficient mechanism for information certification, the lack of privacy protecting measures makes them unsuitable if sensitive or confidential information is being certified. In this paper, we revisit nominative signatures, first introduced by Kim, Park and Won, which provides the functionality and security guarantees required to implement a certification system allowing the user (and not the authority) to control the verifiability of an obtained certificate. Unlike systems based on related primitives, the use of nominative signatures protects the user against authority information leaks and impersonation attacks based on these. We refine the security model of nominative signatures, and propose a new efficient scheme which is provably secure based on the computational Diffie-Hellman problem and the decisional linear problem. To the best of our knowledge, our scheme is the the only nominative signature scheme which is provably secure in the standard model based on standard assumptions. Furthermore, unlike most previous schemes, the proposed scheme provides signatures which hide both the signer and user identity. Hence, through our nominative signature scheme, we achieve an efficient non-transferable user certification scheme with strong security guarantees.
ER -