TY - CHAP
T1 - Anonymous identification in ad hoc groups
AU - Dodis, Yevgeniy
AU - Kiayias, Aggelos
AU - Nicolosi, Antonio
AU - Shoup, Victor
PY - 2004
Y1 - 2004
N2 - We introduce Ad hoc Anonymous Identification schemes, a new multi-user cryptographic primitive that allows participants from a user population to form ad-hoc groups, and then prove membership anonymously in such groups. Our schemes are based on the notion of accumulator with one-way domain, a natural extension of cryptographic accumulators we introduce in this work. We provide a formal model for Ad hoc Anonymous Identification schemes and design secure such schemes both generically (based on any accumulator with one-way domain) and for a specific efficient implementation of such an accumulator based on the Strong RSA Assumption. A salient feature of our approach is that all the identification protocols take time independent of the size of the ad-hoc group. All our schemes and notions can be generally and efficiently amended so that they allow the recovery of the signer's identity by an authority, if the latter is desired. Using the Fiat-Shamir transform, we also obtain constant-size, signerambiguous group and ring signatures (provably secure in the Random Oracle Model). For ring signatures, this is the first such constant-size scheme, as all the previous proposals had signature size proportional to the size of the ring. For group signatures, we obtain schemes comparable in performance with state-of-the-art schemes, with the additional feature that the role of the group manager during key registration is extremely simple and essentially passive: all it does is accept the public key of the new member (and update the constant-size public key of the group).
AB - We introduce Ad hoc Anonymous Identification schemes, a new multi-user cryptographic primitive that allows participants from a user population to form ad-hoc groups, and then prove membership anonymously in such groups. Our schemes are based on the notion of accumulator with one-way domain, a natural extension of cryptographic accumulators we introduce in this work. We provide a formal model for Ad hoc Anonymous Identification schemes and design secure such schemes both generically (based on any accumulator with one-way domain) and for a specific efficient implementation of such an accumulator based on the Strong RSA Assumption. A salient feature of our approach is that all the identification protocols take time independent of the size of the ad-hoc group. All our schemes and notions can be generally and efficiently amended so that they allow the recovery of the signer's identity by an authority, if the latter is desired. Using the Fiat-Shamir transform, we also obtain constant-size, signerambiguous group and ring signatures (provably secure in the Random Oracle Model). For ring signatures, this is the first such constant-size scheme, as all the previous proposals had signature size proportional to the size of the ring. For group signatures, we obtain schemes comparable in performance with state-of-the-art schemes, with the additional feature that the role of the group manager during key registration is extremely simple and essentially passive: all it does is accept the public key of the new member (and update the constant-size public key of the group).
UR - http://www.scopus.com/inward/record.url?scp=35048854233&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=35048854233&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-24676-3_36
DO - 10.1007/978-3-540-24676-3_36
M3 - Chapter
AN - SCOPUS:35048854233
SN - 3540219358
SN - 9783540219354
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 609
EP - 626
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
A2 - Cachin, Christian
A2 - Camenisch, Jan
ER -