Separability and Efficiency for Generic Group Signature Schemes

Camenisch, Jan; Michels, Markus

doi:10.1007/3-540-48405-1_27

Cited by 129 publications

(96 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such kind of proofs are intensively used in several schemes: electronic cash systems [7], group signatures [11], publicly verifiable secret sharing schemes [17,4], and other zero-knowledge protocols (e.g. [13,10]).…”

Section: Introductionmentioning

confidence: 99%

Efficient Proofs that a Committed Number Lies in an Interval

Boudot

2000

Lecture Notes in Computer Science

351

337

View full text Add to dashboard Cite

Abstract. Alice wants to prove that she is young enough to borrow money from her bank, without revealing her age. She therefore needs a tool for proving that a committed number lies in a specific interval. Up to now, such tools were either inefficient (too many bits to compute and to transmit) or inexact (i.e. proved membership to a much larger interval). This paper presents a new proof, which is both efficient and exact. Here, "efficient" means that there are less than 20 exponentiations to perform and less than 2 Kbytes to transmit. The potential areas of application of this proof are numerous (electronic cash, group signatures, publicly verifiable secret encryption, etc . . . ).

show abstract

Section: Introductionmentioning

confidence: 99%

Efficient Proofs that a Committed Number Lies in an Interval

Boudot

2000

Lecture Notes in Computer Science

351

337

View full text Add to dashboard Cite

show abstract

“…We use several standard results for proving statements about discrete logarithms, such as (1) a proof of knowledge of a discrete logarithm modulo a prime [33] or a composite [26,24], (2) a proof of knowledge of equality of representation modulo two (possibly different) prime [19] or composite [14] moduli, (3) a proof that a commitment opens to the product of two other committed values [13,16,6], and (4) a proof of the disjunction or conjunction of any two of the previous [22]. These composite-based protocols are secure under Strong RSA and the prime-based ones under the discrete logarithm assumption.…”

Section: Pedersen and Fujisaki-okamoto Commitmentsmentioning

confidence: 99%

Controlling Access to an Oblivious Database Using Stateful Anonymous Credentials

Coull

Green

Hohenberger

2009

Public Key Cryptography – PKC 2009

View full text Add to dashboard Cite

Abstract. In this work, we consider the task of allowing a content provider to enforce complex access control policies on oblivious protocols conducted with anonymous users. As our primary application, we show how to construct privacy-preserving databases by combining oblivious transfer with an augmented anonymous credential system. This permits a database operator to restrict which items each user may access, without learning anything about users' identities or item choices. This strong privacy guarantee holds even when users are assigned different access control policies and are allowed to adaptively make many queries. To do so, we show how to augment existing anonymous credential systems so that, in addition to certifying a user's attributes, they also store state about the user's database access history. Our construction supports a wide range of access control policies, including efficient and private realizations of the Brewer-Nash (Chinese Wall) and Bell-LaPadula (Multilevel Security) policies, which are used for financial and defense applications. In addition, our system is based on standard assumptions in the standard model and, after an initial setup phase, each transaction requires only constant time.

show abstract

“…Subsequently it has been studied extensively and used in a variety of cryptographic applications (for e.g. [17,12,8,2,7,3,28]). The second assumption we make is a Knowledge-of-Exponent Assumption (KEA).…”

Section: Related Workmentioning

confidence: 99%

“…Consider the following mapping: first map the given binary string unambiguously to a sufficiently large integer t (but not larger than 2 poly(k) ). 8 Then map it to the smallest prime number greater than t 2 .…”

Section: B Mapping Strings To Primesmentioning

confidence: 99%

Statistically Hiding Sets

Prabhakaran

Xue

2009

Topics in Cryptology – CT-RSA 2009

View full text Add to dashboard Cite

Zero-knowledge set is a primitive introduced by Micali, Rabin, and Kilian (FOCS 2003) which enables a prover to commit a set to a verifier, without revealing even the size of the set. Later the prover can give zero-knowledge proofs to convince the verifier of membership/nonmembership of elements in/not in the committed set.We present a new primitive called Statistically Hiding Sets (SHS), similar to zero-knowledge sets, but providing an information theoretic hiding guarantee, rather than one based on efficient simulation. This is comparable to relaxing zero-knowledge proofs to witness independent proofs. More precisely, we continue to use the simulation paradigm for our definition, but do not require the simulator (nor the distinguisher) to be efficient.We present a new scheme for statistically hiding sets, which does not fit into the "Merkletree/mercurial-commitment" paradigm that has been used for all zero-knowledge set constructions so far. This not only provides efficiency gains compared to the best schemes in that paradigm, but also lets us provide statistical hiding; previous approaches required the prover to maintain growing amounts of state with each new proof for this.Our construction is based on an algebraic tool called trapdoor DDH groups (TDG), introduced recently by Dent and Galbraith (ANTS 2006). Ours is perhaps the first non-trivial application of this tool. However the specific hardness assumptions we associate with TDG are different, and of a strong nature -strong RSA and a knowledge-of-exponent assumption. Our new knowledge-of-exponent assumption may be of independent interest. We prove this assumption in the generic group model.

show abstract

Separability and Efficiency for Generic Group Signature Schemes

Cited by 129 publications

References 45 publications

Efficient Proofs that a Committed Number Lies in an Interval

Efficient Proofs that a Committed Number Lies in an Interval

Controlling Access to an Oblivious Database Using Stateful Anonymous Credentials

Statistically Hiding Sets

Contact Info

Product

Resources

About