[en] Complex cryptographic protocols are often designed from simple cryptographic primitives, such as signature schemes, encryption schemes, verifiable random functions, and zero-knowledge proofs, by bridging between them with commitments to some of their inputs and outputs. Unfortunately, the known universally composable (UC) functionalities for commitments and the cryptographic primitives mentioned above do not allow such constructions of higher-level protocols as hybrid protocols. Therefore, protocol designers typically resort to primitives with property-based definitions, often resulting in complex monolithic security proofs that are prone to mistakes and hard to verify.
We address this gap by presenting a UC functionality for non-interactive commitments that enables modular constructions of complex protocols within the UC framework. We also show how the new functionality can be used to construct hybrid protocols that combine different UC functionalities and use commitments to ensure that the same inputs are provided to different functionalities. We further provide UC functionalities for attribute tokens and revocation that can be used as building blocks together with our UC commitments. As an example of building a complex system from these new UC building blocks, we provide a construction (a hybrid protocol) of anonymous attribute tokens with revocation. Unlike existing accumulator-based schemes, our scheme allows one to accumulate several revocation lists into a single commitment value and to hide the revocation status of a user from other users and verifiers.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
Camenisch, Jan; IBM Research Zurich
Dubovitskaya, Maria; IBM Research Zurich
RIAL, Alfredo ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
UC Commitments for Modular Protocol Design and Applications to Revocation and Attribute Tokens
Camenisch, J., Kohlweiss, M., Soriente, C.: An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In: PKC, pp. 481-500 (2009)
Camenisch, J., Kohlweiss, M., Soriente, C.: Solving revocation with efficient update of anonymous credentials. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 454-471. Springer, Heidelberg (2010)
Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G.L., Neven, G., Pedersen, M.Ø.: Formal treatment of privacy-enhancing credential systems. In: Dunkelman, O., et al. (eds.) SAC 2015. LNCS, vol. 9566, pp. 3-24. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31301-61
Camenisch, J., Lehmann, A., Neven, G., Rial, A.: Privacy-preserving auditing for attribute-based credentials. In: ESORICS, pp. 109-127 (2014)
Camenisch, J.L., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 61. Springer, Heidelberg (2002)
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS, pp. 136-145 (2001)
Canetti, R.: Universally composable signature, certification, and authentication. In: CSFW, p. 219 (2004)
Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 19. Springer, Heidelberg (2001)
Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable twoparty and multi-party secure computation. In: STOC, pp. 494-503 (2002)
Catalano, D., Fiore, D.: Vector commitments and their applications. In: PKC, pp. 55-72 (2013)
Damgård, I.B., Nielsen, J.B.: Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 581. Springer, Heidelberg (2002)
Frederiksen, T.K., Jakobsen, T.P., Nielsen, J.B., Trifiletti, R.: On the complexity of additively homomorphic UC commitments. ePrint, Report 2015/694
Groth, J.: Homomorphic trapdoor commitments to group elements. ePrint, 2009/007
Hofheinz, D., Backes, M.: How to break and repair a universally composable signature functionality. In: ICS, pp. 61-72 (2004)
Hofheinz, D., Müller-Quade, J.: Universally composable commitments using random oracles. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 58-76. Springer, Heidelberg (2004)
Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: EUROCRYPT, pp. 115-128 (2007)
Lindell, Y.: Highly-efficient universally-composable commitments based on the DDH assumption. In: EUROCRYPT, pp. 446-466 (2011)
MacKenzie, P., Yang, K.: On simulation-sound trapdoor commitments. In: EUROCRYPT, pp. 382-400 (2004)
Moran, T., Segev, G.: David, goliath commitments: UC computation for asymmetric parties using tamper-proof hardware. In: EUROCRYPT, pp. 527-544 (2008)
Nakanishi, T., Fujii, H., Yuta, H., Funabiki, N.: Revocable group signature schemes with constant costs for signing and verifying. In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, pp. 50-62 (2010)
Nguyen, L.: Accumulators from bilinear pairings and applications. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 275-292. Springer, Heidelberg (2005)
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: CRYPTO, pp. 129-140 (1992)
