How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups
Journal of Cryptology
On the Theoretical Gap between Group Signatures with and without Unlinkability
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Cryptographic primitives enforcing communication and storage complexity
FC'02 Proceedings of the 6th international conference on Financial cryptography
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Efficient dynamic k-times anonymous authentication
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Dynamic fully anonymous short group signatures
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Dynamic k-times anonymous authentication
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Short linkable ring signatures for e-voting, e-cash and attestation
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
k-times anonymous authentication with a constant proving cost
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Hi-index | 0.01 |
In a k-Times Anonymous Authentication (k-TAA) scheme, Application Providers (APs) authenticates each group member in k times. A user can preserve his/her own privacy and an AP can restrict the number of used services to just k-times, since users are identified if they access an AP more than k times. In all previous schemes, each AP assumes the same k for all users. Added to this, total anonymity of unlinkability requires large computation amount such as pairing computations compared with non-anonymous schemes. In this paper, we propose a selectable k-TAA scheme with relaxed anonymity. Relaxed anonymity is an intermediate level of privacy required between total anonymity and linkability, where authentication executions for the same AP are linkable, but an authentication execution with an AP v 0 and an authentication execution with an AP v 1 (v 0 驴 v 1) are unlinkable. Our authentication algorithm is efficient than existing ones thanks to this relaxed notion.