IACR News item: 09 September 2014
Christian Hanser, Daniel Slamanig
ePrint ReportMore precisely, we consider messages to be (representatives of) equivalence classes on vectors of group elements (coming from a single prime order group), which are determined by the mutual ratios of the discrete logarithms of the representative\'s vector components. By multiplying each component with the same scalar, a different representative of the same equivalence class is obtained.
We propose a definition of such a signature scheme, a security model and give an efficient construction, which we prove secure in the SXDH setting, where EUF-CMA security is proven against generic forgers in the generic group model and the so called class hiding property is proven under the DDH assumption.
As a second contribution, we use the proposed signature scheme to build an efficient multi-show attribute-based anonymous credential system (ABC) that allows to encode an arbitrary number of attributes. This is -- to the best of our knowledge -- the first ABC system that provides constant-size credentials and constant-size showings. To allow an efficient construction in combination with the proposed signature scheme, we also introduce a new, efficient, randomizable polynomial commitment scheme. Aside from these two building blocks, the credential system requires a very short and constant-size proof of knowledge to provide freshness in the showing protocol. We present our ABC system along with a suitable security model and rigorously prove its security.
Additional news items may be found on the IACR news page.