Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Efficient Group Signature Schemes for Large Groups (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Proceedings of the 11th ACM conference on Computer and communications security
Group signatures with verifier-local revocation
Proceedings of the 11th ACM conference on Computer and communications security
An Efficient Group Signature Scheme from Bilinear Maps
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Enhanced privacy id: a direct anonymous attestation scheme with enhanced revocation capabilities
Proceedings of the 2007 ACM workshop on Privacy in electronic society
Blacklistable anonymous credentials: blocking misbehaving users without ttps
Proceedings of the 14th ACM conference on Computer and communications security
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
A New Direct Anonymous Attestation Scheme from Bilinear Maps
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Simplified security notions of direct anonymous attestation and a concrete scheme from pairings
International Journal of Information Security
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Fast exponentiation with precomputation
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Quasi-efficient revocation of group signatures
FC'02 Proceedings of the 6th international conference on Financial cryptography
Ninja: non identity based, privacy preserving authentication for ubiquitous environments
UbiComp '07 Proceedings of the 9th international conference on Ubiquitous computing
A pairing-based DAA scheme further reducing TPM resources
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
A DAA scheme requiring less TPM resources
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Group signatures: better efficiency and new theoretical aspects
SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Foundations of group signatures: the case of dynamic groups
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Group signatures with efficient concurrent join
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Pairing-Friendly elliptic curves of prime order
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Mutual remote attestation: enabling system cloning for TPM based platforms
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Hi-index | 0.01 |
Direct Anonymous Attestation (DAA) is a cryptographic scheme designed for anonymous attestation of a hardware device while preserving the privacy of the device owner. Signatures created by a DAA signer are anonymous and untraceable, i.e., cannot be opened to find out the identity of the signer. To prevent abuse of privacy, DAA has a feature called user-controlled-traceability in which the signer and verifier can negotiate whether or not the signatures from the signer can linked. This feature is a preventive mechanism against corrupted DAA signers because they can be prevented from making multiple anonymous authentications. However, it is not a proactive deterrent against such activity as nobody is able to identify the corrupted signer. In this paper, we introduce a new cryptographic scheme called Optionally Traceable Anonymous Attestation (OTAA), in which the signer and verifier can negotiate whether signatures from the signer are traceable to the issuer instead of just being linkable. In the OTAA scheme, if a corrupted signer has produced a traceable signature or published his private key widely, the issuer can identify the signer and effectively revoke him using the verifier-local revocation. We give a construction of an OTAA scheme from bilinear pairing. Our OTAA scheme is efficient and provably secure in the random oracle model under the strong Diffie-Hellman assumption and the external Diffie-Hellman assumption.