Academic
Publications
Efficient Traceable Signatures in the Standard Model

Efficient Traceable Signatures in the Standard Model,10.1007/978-3-642-03298-1_13,Benoît Libert,Moti Yung

Efficient Traceable Signatures in the Standard Model   (Citations: 4)
BibTex | RIS | RefWorks Download
Traceable signatures (TS), suggested by Kiayias, Tsiounis and Yung, extend group signatures to address various basic traceability issues beyond merely identifying the anonymous signer of a rogue signature. Namely, they enable the efficient tracing of all signatures produced by a misbehaving party without opening the identity of other parties. They also allow users to provably claim ownership of a previously signed anonymous signature. To date, known TS systems all rely on the random oracle model. In this work we present the first realization of the primitive that avoids resorting to the random oracle methodology in its security proofs. Furthermore, our realization’s efficiency is comparable to that of nowadays’ fastest and shortest standard model group signatures.
Conference: Pairing-Based Cryptography - Pairing , pp. 187-205, 2009
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...As noted in [38], under the knowledge of exponent assumption (KEA) 3 [24], ‘-mTDH is equivalent to BB-CDH...

    Benoît Libertet al. Dynamic fully forward-secure group signatures

    • ...On the other hand, as seen in [13] for instance, the tracing and the claiming mechanisms of traceable signatures are often constructed in a hand-crafted manner...
    • ...Previous constructions, e.g., [12,10,13,9], require an explicit encryption step in signing...
    • ...In the existing schemes, e.g., [13], the approach for claiming the signature authorship is to produce a proof of some witnesses that govern the relationship between the various parts of a signature...
    • ...The resulting vk is published, and (rk,ik,lk) is privately given to the group manager G. Our model assumes a public directory service, denoted by C, that maintains certificates issued by G. Every certificate is registered to C and the consistency is verified publicly. We borrow some notations from [13]...
    • ...For instance, when considering anonymity, the adversary is given the certificate issuing key ik. Such a fine grained security was not considered in the context of traceable signatures [12,13], and we follow that model...
    • ...AHO10 [3] generic no no no CCA yes 58 LY09 [13] tailor-made yes no no CPA no 83 This paper generic yes yes yes CCA yes 107...
    • ...Compared to [13], which is the state of the art traceable signature scheme without random oracles, the increased cost of 24 group elements is the price for gaining the properties of CCA-anonymity with tracing, and concurrent join...

    Masayuki Abeet al. Double-Trapdoor Anonymous Tags for Traceable Signatures

Sort by: