TY - GEN
T1 - Attribute-based signatures
AU - Maji, Hemanta K.
AU - Prabhakaran, Manoj
AU - Rosulek, Mike
N1 - Funding Information:
Partially supported by NSF grants CNS 07-16626 and CNS 07-47027.
PY - 2011
Y1 - 2011
N2 - We introduce Attribute-Based Signatures (ABS), a versatile primitive that allows a party to sign a message with fine-grained control over identifying information. In ABS, a signer, who possesses a set of attributes from the authority, can sign a message with a predicate that is satisfied by his attributes. The signature reveals no more than the fact that a single user with some set of attributes satisfying the predicate has attested to the message. In particular, the signature hides the attributes used to satisfy the predicate and any identifying information about the signer (that could link multiple signatures as being from the same signer). Furthermore, users cannot collude to pool their attributes together. We give a general framework for constructing ABS schemes, and then show several practical instantiations based on groups with bilinear pairing operations, under standard assumptions. Further, we give a construction which is secure even against a malicious attribute authority, but the security for this scheme is proven in the generic group model. We describe several practical problems that motivated this work, and how ABS can be used to solve them. Also, we show how our techniques allow us to extend Groth-Sahai NIZK proofs to be simulation-extractable and identity-based with low overhead.
AB - We introduce Attribute-Based Signatures (ABS), a versatile primitive that allows a party to sign a message with fine-grained control over identifying information. In ABS, a signer, who possesses a set of attributes from the authority, can sign a message with a predicate that is satisfied by his attributes. The signature reveals no more than the fact that a single user with some set of attributes satisfying the predicate has attested to the message. In particular, the signature hides the attributes used to satisfy the predicate and any identifying information about the signer (that could link multiple signatures as being from the same signer). Furthermore, users cannot collude to pool their attributes together. We give a general framework for constructing ABS schemes, and then show several practical instantiations based on groups with bilinear pairing operations, under standard assumptions. Further, we give a construction which is secure even against a malicious attribute authority, but the security for this scheme is proven in the generic group model. We describe several practical problems that motivated this work, and how ABS can be used to solve them. Also, we show how our techniques allow us to extend Groth-Sahai NIZK proofs to be simulation-extractable and identity-based with low overhead.
UR - http://www.scopus.com/inward/record.url?scp=79951783454&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79951783454&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-19074-2_24
DO - 10.1007/978-3-642-19074-2_24
M3 - Conference contribution
AN - SCOPUS:79951783454
SN - 9783642190735
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 376
EP - 392
BT - Topics in Cryptology - CT-RSA 2011 - The Cryptographers' Track at the RSA Conference 2011, Proceedings
T2 - 11th Cryptographers' Track at the RSA Conference 2011: Topics in Cryptology, CT-RSA 2011
Y2 - 14 February 2011 through 18 February 2011
ER -