Reference : UC Commitments for Modular Protocol Design and Applications to Revocation and Attribu...
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
UC Commitments for Modular Protocol Design and Applications to Revocation and Attribute Tokens
Camenisch, Jan [IBM Research Zurich]
Dubovitskaya, Maria [IBM Research Zurich]
Rial, Alfredo mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Advances in Cryptology – CRYPTO 2016
Springer Berlin Heidelberg
from 14-08-2016 to 18-08-2016
Santa Barbara
[en] Universal composability ; Commitments ; Revocation
[en] Complex cryptographic protocols are often designed from simple cryptographic primitives, such as signature schemes, encryption schemes, verifiable random functions, and zero-knowledge proofs, by bridging between them with commitments to some of their inputs and outputs. Unfortunately, the known universally composable (UC) functionalities for commitments and the cryptographic primitives mentioned above do not allow such constructions of higher-level protocols as hybrid protocols. Therefore, protocol designers typically resort to primitives with property-based definitions, often resulting in complex monolithic security proofs that are prone to mistakes and hard to verify.

We address this gap by presenting a UC functionality for non-interactive commitments that enables modular constructions of complex protocols within the UC framework. We also show how the new functionality can be used to construct hybrid protocols that combine different UC functionalities and use commitments to ensure that the same inputs are provided to different functionalities. We further provide UC functionalities for attribute tokens and revocation that can be used as building blocks together with our UC commitments. As an example of building a complex system from these new UC building blocks, we provide a construction (a hybrid protocol) of anonymous attribute tokens with revocation. Unlike existing accumulator-based schemes, our scheme allows one to accumulate several revocation lists into a single commitment value and to hide the revocation status of a user from other users and verifiers.

File(s) associated to this reference

Fulltext file(s):

Open access
main-cameraready.pdfPublisher postprint458.02 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.