P-signatures and Noninteractive Anonymous Credentials

In this paper, we introduce P-signatures. A P-signature scheme consists of a signature scheme, a commitment scheme, and (1) an interactive protocol for obtaining a signature on a committed value; (2) a non − interactive proof system for proving that the contents of a commitment has been signed; (3) a noninteractive proof system for proving that a pair of commitments are commitments to the same value. We give a definition of security for P-signatures and show how they can be realized under appropriate assumptions about groups with a bilinear map. We make extensive use of the powerful suite of non-interactive proof techniques due to Groth and Sahai. Our P-signatures enable, for the first time, the design of a practical non-interactive anonymous credential system whose security does not rely on the random oracle model. In addition, they may serve as a useful building block for other privacy-preserving authentication mechanisms.

tcc2008.pdf
PDF file

In  Theory of Cryptography Conference 2008

Publisher  Springer Verlag
All copyrights reserved by Springer 2007.

Details

TypeInproceedings
> Publications > P-signatures and Noninteractive Anonymous Credentials