TY - GEN
T1 - Constant-size dynamic k-TAA
AU - Au, Man Ho Allen
AU - Susilo, Willy
AU - Mu, Yi
PY - 2006/1/1
Y1 - 2006/1/1
N2 - k-times anonymous authentication (k-TAA) schemes allow members of a group to be authenticated anonymously by application providers for a bounded number of times. Dynamic k-TAA allows application providers to independently grant or revoke users from their own access group so as to provide better control over their clients. In terms of time and space complexity, existing dynamic k-TAA schemes are of complexities O(k), where k is the allowed number of authentication. In this paper, we construct a dynamic k-TAA scheme with space and time complexities of O(log(k)). We also outline how to construct dynamic k-TAA scheme with a constant proving effort. Public key size of this variant, however, is O(k). We then construct an ordinary k-TAA scheme from the dynamic scheme. We also describe a trade-off between efficiency and setup freeness of AP, in which AP does not need to hold any secret while maintaining control over their clients. To build our system, we modify the short group signature scheme into a signature scheme and provide efficient protocols that allow one to prove in zero-knowledge the knowledge of a signature and to obtain a signature on a committed block of messages. We prove that the signature scheme is secure in the standard model under the q-SDH assumption. Finally, we show that our dynamic k-TAA scheme, constructed from bilinear pairing, is secure in the random oracle model.
AB - k-times anonymous authentication (k-TAA) schemes allow members of a group to be authenticated anonymously by application providers for a bounded number of times. Dynamic k-TAA allows application providers to independently grant or revoke users from their own access group so as to provide better control over their clients. In terms of time and space complexity, existing dynamic k-TAA schemes are of complexities O(k), where k is the allowed number of authentication. In this paper, we construct a dynamic k-TAA scheme with space and time complexities of O(log(k)). We also outline how to construct dynamic k-TAA scheme with a constant proving effort. Public key size of this variant, however, is O(k). We then construct an ordinary k-TAA scheme from the dynamic scheme. We also describe a trade-off between efficiency and setup freeness of AP, in which AP does not need to hold any secret while maintaining control over their clients. To build our system, we modify the short group signature scheme into a signature scheme and provide efficient protocols that allow one to prove in zero-knowledge the knowledge of a signature and to obtain a signature on a committed block of messages. We prove that the signature scheme is secure in the standard model under the q-SDH assumption. Finally, we show that our dynamic k-TAA scheme, constructed from bilinear pairing, is secure in the random oracle model.
KW - Dynamic k-TAA
KW - K-TAA
UR - http://www.scopus.com/inward/record.url?scp=33749993205&partnerID=8YFLogxK
M3 - Conference article published in proceeding or book
SN - 3540380809
SN - 9783540380801
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 111
EP - 125
BT - Security and Cryptography for Networks - 5th International Conference, SCN 2006, Proceedings
PB - Springer Verlag
T2 - 5th International Conference on Security and Cryptography for Networks, SCN 2006
Y2 - 6 September 2006 through 8 September 2006
ER -