We present the first practical unlinkable secret handshake scheme. An unlinkable secret handshake is a two-way authentication protocol in a PKI setting which protects privacy and anonymity of all information about the participants to everyone except of their intended authentication partners. Namely, if entity A certified by organization CA A wants to authenticate itself only to other entities certified by CA A , and, symmetrically, entity B certified by CA B wants to authenticate itself only to entities also certified by CA B , then a secret handshake protocol authenticates these parties and establishes a fresh shared key between them if and only if CA A = CA B and the two parties entered valid certificates for this CA into the protocol. If, however CA A = CA B , or CA A = CA B but either A or B is not certified by this CA, the secret handshake protocol reveals no information to the participants except of the bare fact that their inputs do not match. In other words, an Unlinkable Secret Handshake scheme is a perfectly private authentication method in the PKI setting: One can establish authenticated communication with parties that possess the credentials required by one's policy, and at the same time one's affiliation and identity remain perfectly secret to everyone except of the parties to whom one wants to authenticate. Efficient secret handshake schemes, i.e. authentication protocols which protect the privacy of participants' affiliations, were proposed before, but participants in these schemes remained linkable. Namely, an attacker could recognize all the instances of the protocol executed by the same entity. Secondly, the previous schemes surrendered user's privacy if the certificates of this user were revoked, and our scheme alleviates this problem as well. Unlinkable schemes were proposed as well, but they either relied on single-use certificates, or did not support revocation, or required instantaneous propagation of revocation information. Crucial ingredients in our construction of unlinkable secret handshakes are chosen-ciphertext secure key-private encryption and multi-encryption schemes, and the first efficient construction of a key-private group key management scheme, which is a stateful analogue of (key-private) public key broadcast encryption.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.