Composable and Modular Anonymous Credentials: Definitions and Practical Constructions

Camenisch, Jan; Dubovitskaya, Maria; Haralambiev, Kristiyan; Kohlweiss, Markulf

doi:10.1007/978-3-662-48800-3_11

Cited by 74 publications

(53 citation statements)

References 58 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, Chaidos et al use GS proofs along with QANIZK proofs, which cost significantly less group operations. 15 Therefore, Table 4 contains the minimum execution time on our platform and an estimation for a more realistic execution time. The minimum execution time is computed by multiplying the plain amount of pairings with the average execution time of a pairing.…”

Section: Belenios Receipt Free Voting Schemementioning

confidence: 99%

“…In particular, we will use or make mention of the following examples: , where a i , a i j ← Z p . The L k -MDDH Assumption is the k-Lin family assumptions which we introduced for k = 1, 2, the second one 15 is the U k -MDDH or Uniform Assumption, and the last one is the Symmetric Cascade Assumption introduced in [25]. Matrix Diffie-Hellman Assumptions are a practical framework for designing protocols, but for practical choices one usually chooses in asymmetric groups the SXDH Assumption (which is the assumption that the DDH Assumption holds in the groups G 1 and G 2 for a bilinear group) and in symmetric bilinear groups one usually chooses the 2-Lin-Assumption.…”

Section: Appendix a Computational Assumptionsmentioning

confidence: 99%

“…These proofs are a very common tool in cryptographic protocols to enforce that participating parties behave honestly. In pairing-based crypto the 1 most famous instance of such a proof system which is employed in numerous schemes and protocols, e.g., [5,7,9,15,19,21,22,30,37] to cite only a few, is due to Groth and Sahai [35]. Groth-Sahai (GS) proofs are non-interactive witness-indistinguishable (NIWI) and zero-knowledge (NIZK) proofs of satisfiability of quadratic equations in bilinear groups.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs

Herold

Hoffmann

Klooß

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Bilinear groups form the algebraic setting for a multitude of important cryptographic protocols including anonymous credentials, e-cash, e-voting, e-coupon, and loyalty systems. It is typical of such crypto protocols that participating parties need to repeatedly verify that certain equations over bilinear groups are satisfied, e.g., to check that computed signatures are valid, commitments can be opened, or non-interactive zero-knowledge proofs verify correctly. Depending on the form and number of equations this part can quickly become a performance bottleneck due to the costly evaluation of the bilinear map.To ease this burden on the verifier, batch verification techniques have been proposed that allow to combine and check multiple equations probabilistically using less operations than checking each equation individually. In this work, we revisit the batch verification problem and existing standard techniques. We introduce a new technique which, in contrast to previous work, enables us to fully exploit the structure of certain systems of equations. Equations of the appropriate form naturally appear in many protocols, e.g., due to the use of Groth-Sahai proofs.The beauty of our technique is that the underlying idea is pretty simple: we observe that many systems of equations can alternatively be viewed as a single equation of products of polynomials for which probabilistic polynomial identity testing following Schwartz-Zippel can be applied. Comparisons show that our approach can lead to significant improvements in terms of the number of pairing evaluations. Indeed, for the BeleniosRF voting system presented at CCS 2016, we can reduce the number of pairings (required for ballot verification) from 4k + 140, as originally reported by Chaidos et al. [19], to k + 7. As our implementation and benchmarks demonstrate, this may reduce the verification runtime to only 5% to 13% of the original runtime. CCS CONCEPTS• Security and privacy → Mathematical foundations of cryptography; Public key (asymmetric) techniques; • Theory of computation → Cryptographic protocols; KEYWORDS Batch verification; bilinear maps; Groth-Sahai proofs; structurepreserving cryptography; Belenios; P-signatures. = [t 1 ] T e ([x 1 ] 1 , [y 2 ] 2 ) ? = [t 2 ] T e ([x 2 ] 1 , [y 1 ] 2 ) ? = [t 3 ] T e ([x 2 ] 1 , [y 2 ] 2 ) ? = [t 4 ] T1 This is inspired by (but even simpler than) the polynomial framework of [36].2

show abstract

Section: Belenios Receipt Free Voting Schemementioning

confidence: 99%

Section: Appendix a Computational Assumptionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs

Herold

Hoffmann

Klooß

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Firstly, [45] introduced the notion of accountability, which requires that signers and redactors can be held accountable for their signatures/redactions. Secondly, [45] and [14] independently introduced unlinkability for RSS as an even stronger privacy notion. Unlinkability essentially requires multiple redactions of the same document to be unlinkable.…”

Section: Instantiationsmentioning

confidence: 99%

Towards Authenticity and Privacy Preserving Accountable Workflows

Derler

Hanser

Pöhls

et al. 2016

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

show abstract

“…Structure-preserving cryptography is a paradigm where handled objects all live in discrete-log-hard abelian groups over which a bilinear map is efficiently computable. The structure-preserving property allows for a smooth interaction of the considered primitives with Groth-Sahai (GS) proof systems [36], making them very powerful tools for the modular design of privacy-preserving cryptographic protocols [3,8,16,17,19,27,32,37,44,51].…”

Section: Introductionmentioning

confidence: 99%

Structure-Preserving Chosen-Ciphertext Security with Shorter Verifiable Ciphertexts

Libert

Peters

Qian

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Structure-preserving cryptography is a world where messages, signatures, ciphertexts and public keys are entirely made of elements of a group over which a bilinear map is efficiently computable. While structure-preserving signatures have received much attention the last 6 years, structure-preserving encryption schemes have undergone slower development. In particular, the best known structure-preserving cryptosystems with chosen-ciphertext (IND-CCA2) security either rely on symmetric pairings or require long ciphertexts comprised of hundreds of group elements or do not provide publicly verifiable ciphertexts. We provide a publicly verifiable construction based on the SXDH assumption in asymmetric bilinear groups e : G ×Ĝ → GT , which features relatively short ciphertexts. For typical parameters, our ciphertext size amounts to less than 40 elements of G. As a second contribution, we provide a structure-preserving encryption scheme with perfectly randomizable ciphertexts and replayable chosen-ciphertext security. Our new RCCAsecure system significantly improves upon the best known system featuring similar properties in terms of ciphertext size.

show abstract

Composable and Modular Anonymous Credentials: Definitions and Practical Constructions

Cited by 74 publications

References 58 publications

New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs

New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs

Towards Authenticity and Privacy Preserving Accountable Workflows

Structure-Preserving Chosen-Ciphertext Security with Shorter Verifiable Ciphertexts

Contact Info

Product

Resources

About