Signature Schemes and Anonymous Credentials from Bilinear Maps

Camenisch, Jan; Lysyanskaya, Anna

doi:10.1007/978-3-540-28628-8_4

Cited by 652 publications

(550 citation statements)

References 38 publications

Supporting

Mentioning

532

Contrasting

Unclassified

Order By: Relevance

“…The TPM 2.0 specification [2] supports two di↵erent DAA protocols which are based on pairings over elliptic curves. The first [17] is based on CamenischLysyanskana (CL) credentials [14] and the second one [11] is based on sDH credentials [9]. The paper from Chen and Li [16] shows how both DAA protocols can be used with a TPM 2.0 chip.…”

Section: Direct Anonymous Attestation (Daa)mentioning

confidence: 99%

Algorithm Agility – Discussion on TPM 2.0 ECC Functionalities

Chen

Urian

2016

Security Standardisation Research

View full text Add to dashboard Cite

Abstract. The TPM 2.0 specification has been designed to support a number of Elliptic Curve Cryptographic (ECC) primitives, such as key exchange, digital signatures and Direct Anonymous Attestation (DAA). In order to meet the requirement that di↵erent TPM users may favor di↵erent cryptographic algorithms, each primitive can be implemented from multiple algorithms. This feature is called Algorithm Agility. For the purpose of performance e ciency, multiple algorithms share a small set of TPM commands. In this paper, we review all the TPM 2.0 ECC functionalities, and discuss on whether the existing TPM commands can be used to implement new cryptographic algorithms which have not yet been addressed in the specification. We demonstrate that four asymmetric encryption schemes specified in ISO/IEC 18033-2 can be implemented using a TPM 2.0 chip, and we also show on some ECDSA variants that the coverage of algorithm agility from TPM 2.0 is limited. Security analysis of algorithm agility is a challenge, which is not responded in this paper. However, we believe that this paper will help future researchers analyze TPM 2.0 in more comprehensive methods than it has been done so far.

show abstract

Section: Direct Anonymous Attestation (Daa)mentioning

confidence: 99%

Algorithm Agility – Discussion on TPM 2.0 ECC Functionalities

Chen

Urian

2016

Security Standardisation Research

View full text Add to dashboard Cite

show abstract

“…Here, differently, a credential has a mathematical structure based on the group signature scheme of Camenisch and Lysyanskaya [5].…”

Section: The Credentialsmentioning

confidence: 99%

“…The security of our credentials relies heavily on the LRSW (see [5] for details) and on the DDH assumptions. The former assumption ensures that even if an adversary has many genuine credentials (r i , a i , b i , c i ), it is hard for him to forge a new and valid credential (r, a, b, c), with r = r i for all i.…”

Section: The Credentialsmentioning

confidence: 99%

A Practical and Secure Coercion-Resistant Scheme for Internet Voting

Araújo

Foulle

Traoré

2010

Towards Trustworthy Elections

View full text Add to dashboard Cite

Abstract. Juels, Catalano, and Jakobsson (JCJ) proposed at WPES 2005 the first voting scheme that considers real-world threats and that is more realistic for Internet elections. Their scheme, though, has a quadratic work factor and thereby is not efficient for large scale elections. Based on the work of JCJ, Smith proposed an efficient scheme that has a linear work factor. In this paper we first show that Smith's scheme is insecure. Then we present a new coercion-resistant election scheme with a linear work factor that overcomes the flaw of Smith's proposal. Our solution is based on the group signature scheme of Camenisch and Lysyanskaya (Crypto 2004).

show abstract

“…Boneh, Boyen, and Shacham [BBS04] showed how to construct "short" group signatures using bilinear maps under an assumption they introduced called the Strong Diffie-Hellman assumption. Concurrently, Camenish and Lysyanskaya [CL04] gave another group signature scheme that used bilinear maps. Their scheme was proven secure under the interactive LRSW [LRSW99] assumption.…”

Section: Related Workmentioning

confidence: 99%

“…Additionally, efficient constructions are based on strong assumptions ranging from the Strong Diffie-Hellman [BBS04,BS04] and Strong RSA [ACJT00, AST02,CL02] assumptions to the LRSW [CL04,LRSW99] assumption, which itself has the challenger act as an oracle. The first construction proved secure in the standard model is due to Bellare et.…”

Section: Introductionmentioning

confidence: 99%

Compact Group Signatures Without Random Oracles

Boyen¹,

Waters

2006

Advances in Cryptology - EUROCRYPT 2006

184

145

View full text Add to dashboard Cite

Abstract. We present the first efficient group signature scheme that is provably secure without random oracles. We achieve this result by combining provably secure hierarchical signatures in bilinear groups with a novel adaptation of the recent Non-Interactive Zero Knowledge proofs of Groth, Ostrovsky, and Sahai. The size of signatures in our scheme is logarithmic in the number of signers; we prove it secure under the Computational Diffie-Hellman and the Subgroup Decision assumptions in the model of Bellare, Micciancio, and Warinshi, as relaxed by Boneh, Boyen, and Shacham.

show abstract

Signature Schemes and Anonymous Credentials from Bilinear Maps

Cited by 652 publications

References 38 publications

Algorithm Agility – Discussion on TPM 2.0 ECC Functionalities

Algorithm Agility – Discussion on TPM 2.0 ECC Functionalities

A Practical and Secure Coercion-Resistant Scheme for Internet Voting

Compact Group Signatures Without Random Oracles

Contact Info

Product

Resources

About