Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability

Olivier Blazy; David Derler; Daniel Slamanig; Raphael Spreitzer

doi:10.1007/978-3-319-29485-8_8

Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability

Olivier Blazy, David Derler, Daniel Slamanig, Raphael Spreitzer

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Group signatures are an important privacy-enhancing tool that allow to anonymously sign messages on behalf of a group. A recent feature for group signatures is controllable linkability, where a dedicated linking authority (LA) can determine whether two given signatures stem from the same signer without being able to identify the signer(s). Currently the linking authority is fully trusted, which is often not desirable.

In this paper, we firstly introduce a generic technique for non-interactive zero-knowledge plaintext equality and inequality proofs. In our setting, the prover is given two ciphertexts and some trapdoor information, but neither has access to the decryption key nor the randomness used to produce the respective ciphertexts. Thus, the prover performs these proofs on unknown plaintexts. Besides a generic technique, we also propose an efficient instantiation that adapts recent results from Blazy et al. (CT-RSA'15), and in particular a combination of Groth-Sahai (GS) proofs (or sigma proofs) and smooth projective hash functions (SPHFs).

While this result may be of independent interest, we use it to realize verifiable controllable linkability for group signatures. Here, the LA is required to non-interactively prove whether or not two signatures link (while it is not able to identify the signers). This significantly reduces the required trust in the linking authority. Moreover, we extend the model of group signatures to cover the feature of verifiable controllable linkability.

Originalsprache	englisch
Titel	Topics in Cryptology - CT-RSA 2016 - The Cryptographer's Track at the RSA Conference 2016, San Francisco, CA, USA, 2016. Proceedings.
Herausgeber (Verlag)	Springer Verlag
Seiten	127-143
Band	9610
Auflage	LNCS
DOIs	https://doi.org/10.1007/978-3-319-29485-8_8
Publikationsstatus	Veröffentlicht - 2016
Veranstaltung	Topics in Cryptology – The Cryptographer's Track at the RSA Conference 2016: CT-RSA 2016 - San Francisco, USA / Vereinigte Staaten Dauer: 29 Feb. 2016 → 4 März 2016

Konferenz

Konferenz	Topics in Cryptology – The Cryptographer's Track at the RSA Conference 2016
Land/Gebiet	USA / Vereinigte Staaten
Ort	San Francisco
Zeitraum	29/02/16 → 4/03/16

Fields of Expertise

Information, Communication & Computing

Treatment code (Nähere Zuordnung)

Theoretical

Zugriff auf Dokument

10.1007/978-3-319-29485-8_8

082.pdfEndgültige, publizierte Fassung, 534 KB

EU - PrismaCloud - Datenschutz und Sicherheits-Services in der Cloud [Original in Englisch: PRIvacy and Security MAintaining services in the CLOUD]
Derler, D., Hanser, C., Lipp, P., Slamanig, D. & Rechberger, C.
1/01/15 → 30/06/18
Projekt: Forschungsprojekt
SeCoS - Verbundene Welt [Original in Englisch: Secure Contactless Sphere Smart RFID-Technologies for a Connected World]
Bösch, W., Wenger, E., Khan, H. N., Schmidt, J., Gadringer, M. E., Spreitzer, R. C., Mendel, F., Gruss, D., Hutter, M., Freidl, P. F., Görtschacher, L. J., Mangard, S. & Grosinger, J.
1/01/13 → 31/12/15
Projekt: Forschungsprojekt

Dieses zitieren

Blazy, O., Derler, D., Slamanig, D., & Spreitzer, R. (2016). Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability. in Topics in Cryptology - CT-RSA 2016 - The Cryptographer's Track at the RSA Conference 2016, San Francisco, CA, USA, 2016. Proceedings. (LNCS Aufl., Band 9610, S. 127-143). Springer Verlag. https://doi.org/10.1007/978-3-319-29485-8_8

Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability. / Blazy, Olivier; Derler, David; Slamanig, Daniel et al.
Topics in Cryptology - CT-RSA 2016 - The Cryptographer's Track at the RSA Conference 2016, San Francisco, CA, USA, 2016. Proceedings.. Band 9610 LNCS. Aufl. Springer Verlag, 2016. S. 127-143.

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Blazy, O, Derler, D, Slamanig, D & Spreitzer, R 2016, Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability. in Topics in Cryptology - CT-RSA 2016 - The Cryptographer's Track at the RSA Conference 2016, San Francisco, CA, USA, 2016. Proceedings.. LNCS Aufl., Bd. 9610, Springer Verlag, S. 127-143, Topics in Cryptology – The Cryptographer's Track at the RSA Conference 2016, San Francisco, California, USA / Vereinigte Staaten, 29/02/16. https://doi.org/10.1007/978-3-319-29485-8_8

Blazy O, Derler D, Slamanig D, Spreitzer R. Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability. in Topics in Cryptology - CT-RSA 2016 - The Cryptographer's Track at the RSA Conference 2016, San Francisco, CA, USA, 2016. Proceedings.. LNCS Aufl. Band 9610. Springer Verlag. 2016. S. 127-143 doi: 10.1007/978-3-319-29485-8_8

@inproceedings{fe352d0dd89342e7a4ad76c41c7bd3b5,

title = "Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability",

abstract = "Group signatures are an important privacy-enhancing tool that allow to anonymously sign messages on behalf of a group. A recent feature for group signatures is controllable linkability, where a dedicated linking authority (LA) can determine whether two given signatures stem from the same signer without being able to identify the signer(s). Currently the linking authority is fully trusted, which is often not desirable. In this paper, we firstly introduce a generic technique for non-interactive zero-knowledge plaintext equality and inequality proofs. In our setting, the prover is given two ciphertexts and some trapdoor information, but neither has access to the decryption key nor the randomness used to produce the respective ciphertexts. Thus, the prover performs these proofs on unknown plaintexts. Besides a generic technique, we also propose an efficient instantiation that adapts recent results from Blazy et al. (CT-RSA'15), and in particular a combination of Groth-Sahai (GS) proofs (or sigma proofs) and smooth projective hash functions (SPHFs). While this result may be of independent interest, we use it to realize verifiable controllable linkability for group signatures. Here, the LA is required to non-interactively prove whether or not two signatures link (while it is not able to identify the signers). This significantly reduces the required trust in the linking authority. Moreover, we extend the model of group signatures to cover the feature of verifiable controllable linkability.",

author = "Olivier Blazy and David Derler and Daniel Slamanig and Raphael Spreitzer",

year = "2016",

doi = "10.1007/978-3-319-29485-8_8",

language = "English",

volume = "9610",

pages = "127--143",

booktitle = "Topics in Cryptology - CT-RSA 2016 - The Cryptographer's Track at the RSA Conference 2016, San Francisco, CA, USA, 2016. Proceedings.",

publisher = "Springer Verlag",

address = "Germany",

edition = "LNCS",

note = "Topics in Cryptology – The Cryptographer's Track at the RSA Conference 2016 : CT-RSA 2016 ; Conference date: 29-02-2016 Through 04-03-2016",

}

TY - GEN

T1 - Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability

AU - Blazy, Olivier

AU - Derler, David

AU - Slamanig, Daniel

AU - Spreitzer, Raphael

PY - 2016

Y1 - 2016

N2 - Group signatures are an important privacy-enhancing tool that allow to anonymously sign messages on behalf of a group. A recent feature for group signatures is controllable linkability, where a dedicated linking authority (LA) can determine whether two given signatures stem from the same signer without being able to identify the signer(s). Currently the linking authority is fully trusted, which is often not desirable. In this paper, we firstly introduce a generic technique for non-interactive zero-knowledge plaintext equality and inequality proofs. In our setting, the prover is given two ciphertexts and some trapdoor information, but neither has access to the decryption key nor the randomness used to produce the respective ciphertexts. Thus, the prover performs these proofs on unknown plaintexts. Besides a generic technique, we also propose an efficient instantiation that adapts recent results from Blazy et al. (CT-RSA'15), and in particular a combination of Groth-Sahai (GS) proofs (or sigma proofs) and smooth projective hash functions (SPHFs). While this result may be of independent interest, we use it to realize verifiable controllable linkability for group signatures. Here, the LA is required to non-interactively prove whether or not two signatures link (while it is not able to identify the signers). This significantly reduces the required trust in the linking authority. Moreover, we extend the model of group signatures to cover the feature of verifiable controllable linkability.

AB - Group signatures are an important privacy-enhancing tool that allow to anonymously sign messages on behalf of a group. A recent feature for group signatures is controllable linkability, where a dedicated linking authority (LA) can determine whether two given signatures stem from the same signer without being able to identify the signer(s). Currently the linking authority is fully trusted, which is often not desirable. In this paper, we firstly introduce a generic technique for non-interactive zero-knowledge plaintext equality and inequality proofs. In our setting, the prover is given two ciphertexts and some trapdoor information, but neither has access to the decryption key nor the randomness used to produce the respective ciphertexts. Thus, the prover performs these proofs on unknown plaintexts. Besides a generic technique, we also propose an efficient instantiation that adapts recent results from Blazy et al. (CT-RSA'15), and in particular a combination of Groth-Sahai (GS) proofs (or sigma proofs) and smooth projective hash functions (SPHFs). While this result may be of independent interest, we use it to realize verifiable controllable linkability for group signatures. Here, the LA is required to non-interactively prove whether or not two signatures link (while it is not able to identify the signers). This significantly reduces the required trust in the linking authority. Moreover, we extend the model of group signatures to cover the feature of verifiable controllable linkability.

U2 - 10.1007/978-3-319-29485-8_8

DO - 10.1007/978-3-319-29485-8_8

M3 - Conference paper

VL - 9610

SP - 127

EP - 143

BT - Topics in Cryptology - CT-RSA 2016 - The Cryptographer's Track at the RSA Conference 2016, San Francisco, CA, USA, 2016. Proceedings.

PB - Springer Verlag

T2 - Topics in Cryptology – The Cryptographer's Track at the RSA Conference 2016

Y2 - 29 February 2016 through 4 March 2016

ER -

Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability

Abstract

Konferenz

Fields of Expertise

Treatment code (Nähere Zuordnung)

Zugriff auf Dokument

Fingerprint

Projekte

EU - PrismaCloud - Datenschutz und Sicherheits-Services in der Cloud [Original in Englisch: PRIvacy and Security MAintaining services in the CLOUD]

SeCoS - Verbundene Welt [Original in Englisch: Secure Contactless Sphere Smart RFID-Technologies for a Connected World]

Dieses zitieren