International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Hidden Identity-Based Signatures

Authors:
Aggelos Kiayias
Hong-Sheng Zhou
Download:
URL: http://eprint.iacr.org/2007/140
Search ePrint
Search Google
Abstract: This paper introduces Hidden Identity-based Signatures (Hidden-IBS), a type of digital signatures that provide mediated signer-anonymity on top of Shamir's Identity-based signatures. The motivation of our new signature primitive is to resolve an important issue with the kind of anonymity offered by ``group signatures'' where it is required that either the group membership list is {\em public} or that the opening authority is {\em dependent} on the group manager for its operation. Contrary to this, Hidden-IBS do not require the maintenance of a group membership list and they enable an opening authority that is totally independent of the group manager. As we argue this makes Hidden-IBS much more attractive than group signatures for a number of applications. In this paper, we provide a formal model of Hidden-IBS as well as two efficient constructions that realize the new primitive. Our elliptic curve construction that is based on the SDH/DLDH assumptions produces signatures that are merely half a Kbyte long and can be implemented very efficiently. To demonstrate the power of the new primitive, we apply it to solve a problem of current onion-routing systems focusing on the Tor system in particular. Posting through Tor is currently blocked by sites such as Wikipedia due to the real concern that anonymous channels can be used to vandalize online content. By injecting a Hidden-IBS inside the header of an HTTP POST request and requiring the exit-policy of Tor to forward only properly signed POST requests, we demonstrate how sites like Wikipedia may allow anonymous posting while being ensured that the recovery of (say) the IP address of a vandal would be still possible through a dispute resolution system. Using our new Hidden-IBS primitive in this scenario allows to keep the listing of identities (e.g., IP addresses) of Tor users computationally hidden while maintaining an independent Opening Authority which would not have been possible with previous approaches.
BibTeX
@misc{eprint-2007-13422,
  title={Hidden Identity-Based Signatures},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols /},
  url={http://eprint.iacr.org/2007/140},
  note={Extended version for a Financial Cryptography 2007 paper hszhou@cse.uconn.edu 13627 received 19 Apr 2007, last revised 24 Apr 2007},
  author={Aggelos Kiayias and Hong-Sheng Zhou},
  year=2007
}