Restricted identification scheme and diffie-hellman linking problem

Authors:
Mirosław Kutyłowski;Łukasz Krzywiecki;Przemysław Kubiak;Michał Koza
Affiliations:
Faculty of Fundamental Problems of Technology, Wrocław University of Technology, Poland;Faculty of Fundamental Problems of Technology, Wrocław University of Technology, Poland;Faculty of Fundamental Problems of Technology, Wrocław University of Technology, Poland;Faculty of Fundamental Problems of Technology, Wrocław University of Technology, Poland
Venue:
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Year:
2011

Citing 8
Cited 0

The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Anonymous yet accountable access control

Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Rethinking accountable privacy supporting services: extended abstract

Proceedings of the 4th ACM workshop on Digital identity management
The Twin Diffie–Hellman Problem and Applications

Journal of Cryptology
Interactive diffie-hellman assumptions with applications to password-based authentication

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
A note on chosen-basis decisional diffie-hellman assumptions

FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Security analysis of the strong diffie-hellman problem

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

We concern schemes designed for user authentication in different systems (called sectors) with a single private key so that activities of the same person in different sectors are not linkable. In particular, we consider Restricted Identification scheme implemented on personal identity cards (neuer Personalausweis) issued by German authorities. The schemes we concern are devoted for practical application on personal identity cards where limitations of memory size is a critical issue. Unlinkability for German Restricted Identification is silently based on random oracle model. We prove that the construction can be simplified by eliminating hiding certain values with hash functions: we show that unlinkability can be based on a problem that we call Linking Diffie-Hellman Problem (LDHP). We prove that LDHP is as hard as Decisional DHP. Thereby we justify unlinkability in the standard model. We also introduce and analyze a variant of German Restricted Identification providing active authentication. This protocol is intended for application areas where the right to access a sector is not by default (as for German Restricted Identification) and can be both granted and blocked. It is intended to serve as anonymous identity for sectors such as access to medical data and law enforcement, where prevention of Sybil attacks is a fundamental requirement.