RSA-Based Secret Handshakes

Abstract: Abstract. A secret handshake mechanism allows two entities, members of a same group, to authenticate each other secretly. This primitive was introduced recently by Balfanz, Durfee, Shankar, Smetters, Staddon and Wong and, so far, all the schemes proposed are based on discrete log systems. This paper proposes three new secret handshake protocols secure against active impersonator and detector adversaries. Inspired by two RSA-based key agreement protocols introduced by Okamoto and Tanaka in 1989 and Girault in 1… Show more

“…Xu and Yung's scheme is the first one to support reusable Credentials. This is achieved at the expense of full Anonymity, since a user is only effectively anonymous within a population of k < |U| In [19], Vergnaud presents three Secret Handshake protocols whose security is based on the RSA assumption. The scheme is similar to Balfanz et al's, and in particular also does not ensure Unlinkability of users with reusable Credentials.…”

“…Therefore the certification authority retains the control over who can prove what and who can verify which Credentials. However verification is dynamic, in that it is not restricted to a single, common property, as opposed to the approaches suggested in [4,19,16,13,21].…”

“…This allows to selectively revoke the power to prove. The same approach is followed by [11,10,19,21,16].…”

Federated Secret Handshakes with Support for Revocation

“…Xu and Yung's scheme is the first one to support reusable Credentials. This is achieved at the expense of full Anonymity, since a user is only effectively anonymous within a population of k < |U| In [19], Vergnaud presents three Secret Handshake protocols whose security is based on the RSA assumption. The scheme is similar to Balfanz et al's, and in particular also does not ensure Unlinkability of users with reusable Credentials.…”

“…Therefore the certification authority retains the control over who can prove what and who can verify which Credentials. However verification is dynamic, in that it is not restricted to a single, common property, as opposed to the approaches suggested in [4,19,16,13,21].…”

“…This allows to selectively revoke the power to prove. The same approach is followed by [11,10,19,21,16].…”

Federated Secret Handshakes with Support for Revocation

“…In [10], Hoepman presents a protocol, based on a modified DiffieHellman key exchange, to test for shared group membership, allowing users to be a member of multiple groups. In [16], Vergnaud presents a secret handshake scheme based on RSA. In [17], Xu and Yung present the first secret handshake scheme that achieves unlinkability with reusable credentials: previous schemes had to rely upon multiple one-time credentials being issued by the certification authority.…”

“…Therefore the certification authority retains the control over who can prove what and who can disclose which credentials. However verification is dynamic, in that it is not restricted to own property, as opposed to [3,7,13,16,17].…”

A provably secure secret handshake with dynamic controlled matching

Three-Round Secret Handshakes Based on ElGamal and DSA