Taming big brother ambitions: more privacy for secret handshakes
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
Affiliation-hiding key exchange with untrusted group authorities
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Privacy-preserving group discovery with linear complexity
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Attribute-based authenticated key exchange
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Practical affiliation-hiding authentication from improved polynomial interpolation
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Affiliation-hiding authentication with minimal bandwidth consumption
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Private discovery of common social contacts
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
A new revocable secret handshake scheme with backward unlinkability
EuroPKI'10 Proceedings of the 7th European conference on Public key infrastructures, services and applications
Delegatable secret handshake scheme
Journal of Systems and Software
Secret handshakes from ID-based message recovery signatures: A new generic approach
Computers and Electrical Engineering
Privacy of Community Pseudonyms in Wireless Peer-to-Peer Networks
Mobile Networks and Applications
Private mutual authentications with fuzzy matching
International Journal of High Performance Systems Architecture
| Hi-index | 0.00 |
A bi-directional Private Authentication, or Unlinkable Secret Handshake, allows two parties to authenticate each other as certified by given certification authorities (i.e. affiliated with given groups), in a mutually private way, in the sense that the protocol leaks no information about either participant to a party which does not satisfy that participant's authentication policy. In particular, the protocol hides what group this participant belongs to, and protocol instances involving the same participant are unlinkable. We construct the first realization of such private authentication using O(1) exponentiations and bilinear maps, secure under Strong Diffie-Hellman and Decisional Linear assumptions.Our protocols rely on a novel technical tool, a family of efficient Private Conditional Oblivious Transfer (COT) protocols, secure under DDH, for languages defined by modular arithmetic constraints (e.g. equality, inequality, sums, products) on discrete-log representations of some group elements. (Recall that (w 1,...,w n ) is a representation of C in bases (g 1,...,g n ) if $C=g_1^{w_1}...g_n^{w_n}$.) A COT protocol for language L allows sender S to encrypt message m "under" statement x so that receiver R gets m only if R holds a witness for membership of x in L, while S learns nothing. A private COT for L hides not only message m but also statement x from any R that does not know a witness for x in L.