Escrow free attribute-based signature with self-revealability
A major limitation of attribute-based cryptographic primitives is that a curious attribute authority (AA) can simply generate a user's private key to sign or decrypt messages on behalf of this user. With this in mind, different from existing techniques for mitigating the key escrow problem by adopting multiple AAs to generate the attribute-based private key in the attribute-based setting, we make use of a key extraction protocol to replace the key generation algorithm in attributed-based signature (ABS), from which the key generation center (KGC) cannot forge a signature on behalf of a legal user with attributes satisfying the corresponding predicate, despite the the participation in generating the signing key. In addition, considering that the signer anonymous property of ABS makes it difficult for a signer (when necessary) to present evidence to the verifier that a signature is created under his/her signing key, especially in the circumstance where the user uniquely knows his/her private key, we append a signer revelation protocol to our ABS system to enable a user to confirm or deny his/her identity of producing an attribute-based signature. Given these concerns, we define a formal model to capture such a system architecture of ABS called escrow free ABS with self-revealability, and provide a concrete construction.
ABS, Key extraction protocol, Revealability
CUI, Hui; WANG, Guilin; DENG, Robert H.; and QIN, Baodong.
Escrow free attribute-based signature with self-revealability. (2016). Information Sciences. 367, 660-672. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/3274