International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Traceable Signatures

Authors:
Aggelos Kiayias
Yiannis Tsiounis
Moti Yung
Download:
URL: http://eprint.iacr.org/2004/007
Search ePrint
Search Google
Abstract: We present, implement and apply a new privacy primitive that we call ``Traceable Signatures.'' To this end we develop the underlying mathematical and protocol tools, present the concepts and the underlying security model, and then realize the scheme and its security proof. Traceable signatures support an extended set of fairness mechanisms (mechanisms for anonymity management and revocation) when compared with the traditional group signature mechanism. We demonstrate that this extended function is needed for proper operation and adequate level of privacy in various settings and applications. For example, the new notion allows (distributed) tracing of all signatures by a single (misbehaving) party without opening signatures and revealing identities of any other user in the system. In contrast, if such tracing is implemented by a state of the art group signature system, such wide opening of all signatures of a single user is a (centralized) operation that requires the opening of {\em all} anonymous signatures and revealing the users associated with them, an act that violates the privacy of all users. Our work includes a novel modeling of security in privacy systems that leads to simulation-based proofs. Security notions in privacy systems are typically more complex than the traditional security of cryptographic systems, thus our modeling methodology may find future applications in other settings. To allow efficient implementation of our scheme we develop a number of basic tools, zero-knowledge proofs, protocols, and primitives that we use extensively throughout. These novel mechanisms work directly over a group of unknown order, contributing to the efficiency and modularity of our design, and may be of independent interest. The interactive version of our signature scheme yields the notion of ``traceable (anonymous) identification.''
BibTeX
@misc{eprint-2004-11983,
  title={Traceable Signatures},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / digital signatures, group signatures, identification protocols},
  url={http://eprint.iacr.org/2004/007},
  note={ aggelos@cse.uconn.edu 12429 received 8 Jan 2004, last revised 11 Jan 2004},
  author={Aggelos Kiayias and Yiannis Tsiounis and Moti Yung},
  year=2004
}