Anonymous Identification in Ad Hoc Groups

Dodis, Yevgeniy; Kiayias, Aggelos; Nicolosi, Antonio; Shoup, Victor

doi:10.1007/978-3-540-24676-3_36

Cited by 225 publications

(113 citation statements)

References 35 publications

Supporting

Mentioning

113

Contrasting

Order By: Relevance

“…Given a Pedersen commitment and a finite set of elements S, our commitment scheme leads to a simple zero-knowledge protocol for proving knowledge of an opening x of the commitment such that x ∈ S. The length of the proof is log |S|. This technique, which uses Merkle trees [29], has applications to anonymous authentication [20] and credential systems [27] and it has the potential to replace traditional RSA one-way accumulators, introduced by Benaloh and De Mare [8] and revisited by Barić and Pfitzmann [4]. Bilinear maps [34] and class groups [28] also give rise to accumulators, under different cryptographic assumptions.…”

Section: Related Workmentioning

confidence: 99%

Bivariate Polynomials Modulo Composites and Their Applications

Boneh

Corrigan-Gibbs

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We investigate the hardness of finding solutions to bivariate polynomial congruences modulo RSA composites. We establish necessary conditions for a bivariate polynomial to be one-way, second preimage resistant, and collision resistant based on arithmetic properties of the polynomial. From these conditions we deduce a new computational assumption that implies an efficient algebraic collision-resistant hash function. We explore the assumption and relate it to known computational problems. The assumption leads to (i) a new statistically hiding commitment scheme that composes well with Pedersen commitments, (ii) a conceptually simple cryptographic accumulator, and (iii) an efficient chameleon hash function.

show abstract

Section: Related Workmentioning

confidence: 99%

Bivariate Polynomials Modulo Composites and Their Applications

Boneh

Corrigan-Gibbs

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Another approach, which was adopted by e.g. [CL02,TX03,DKNS04,Ngu05], uses accumulators, i.e. functions that map a set of values into a fixed-length string and permit efficient proofs of membership.…”

Section: Introductionmentioning

confidence: 99%

Foundations of Fully Dynamic Group Signatures

Bootle

Cerulli

Chaidos

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

“…Most of the existing ring signature schemes are based on number theory assumptions: large integer factorization [10,21], discrete logarithm problem [1,12] and bilinear pairing problems [22,26,5].…”

Section: Introductionmentioning

confidence: 99%

Adapting Lyubashevsky’s Signature Schemes to the Ring Signature Setting

Melchor

Bettaieb

Boyen

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Basing signature schemes on strong lattice problems has been a long standing open issue. Today, two families of lattice-based signature schemes are known: the ones based on the hash-andsign construction of Gentry et al.; and Lyubashevsky's schemes, which are based on the Fiat-Shamir framework. In this paper we show for the first time how to adapt the schemes of Lyubashevsky to the ring signature setting. In particular we transform the scheme of ASIACRYPT 2009 into a ring signature scheme that provides strong properties of security under the random oracle model. Anonymity is ensured in the sense that signatures of different users are within negligible statistical distance even under full key exposure. In fact, the scheme satisfies a notion which is stronger than the classical full key exposure setting as even if the keypair of the signing user is adversarially chosen, the statistical distance between signatures of different users remains negligible. Considering unforgeability, the best lattice-based ring signature schemes provide either unforgeability against arbitrary chosen subring attacks or insider corruption in log-sized rings. In this paper we present two variants of our scheme. In the basic one, unforgeability is ensured in those two settings. Increasing signature and key sizes by a factor k (typically 80 − 100), we provide a variant in which unforgeability is ensured against insider corruption attacks for arbitrary rings. The technique used is pretty general and can be adapted to other existing schemes.

show abstract

Anonymous Identification in Ad Hoc Groups

Cited by 225 publications

References 35 publications

Bivariate Polynomials Modulo Composites and Their Applications

Bivariate Polynomials Modulo Composites and Their Applications

Foundations of Fully Dynamic Group Signatures

Adapting Lyubashevsky’s Signature Schemes to the Ring Signature Setting

Contact Info

Product

Resources

About