CryptoDB
Updatable Policy-Compliant Signatures
| Authors: |
|
|---|---|
| Download: | |
| Presentation: | Slides |
| Conference: | PKC 2024 |
| Abstract: | Policy-compliant signatures (PCS) are a recently introduced primitive by Badertscher et al. [TCC 2021] in which a central authority distributes secret and public keys associated with sets of attributes (e.g., nationality, affiliation with a specific department, or age) to its users. The authority also enforces a policy determining which senders can sign messages for which receivers based on a joint check of their attributes. For example, senders and receivers must have the same nationality, or only senders that are at least 18 years old can send to members of the computer science department. PCS further requires attribute-privacy -- nothing about the users' attributes is revealed from their public keys and signatures apart from whether the attributes satisfy the policy or not. The policy in a PCS scheme is fixed once and for all during the setup. Therefore, a policy update requires a redistribution of all keys. This severely limits the practicality of PCS. In this work, we introduce the notion of updatable policy-compliant signatures (UPCS) extending PCS with a mechanism to efficiently update the policy without redistributing keys to all participants. We define the notion of UPCS and provide the corresponding security definitions. We then provide a generic construction of UPCS based on digital signatures, a NIZK proof system, and a so-called secret-key two-input partially-hiding predicate encryption (2-PHPE) scheme. Unfortunately, the only known way to build the latter for general two-input predicates is using indistinguishability obfuscation. We show that the reliance on the heavy tool of 2-PHPE is inherent to build UPCS by proving that non-interactive UPCS implies 2-PHPE. To circumvent the reliance on 2-PHPE, we consider interactive UPCS, which allows sender and receiver to interact during the message signing. In this setting, we present two UPCS schemes: the first one requires only a digital signature scheme, a NIZK proof system, and secure two-party computation. This scheme works for arbitrary policies, but requires senders and receivers to engage in the two-party computation for each policy update. Our second scheme additionally requires a (single-input) predicate-encryption scheme and only requires the sender and receiver to interact ones independent of the updates. In contrast to 2-PHPE, single-input predicate encryption supporting certain predicate classes are known to exist (e.g., from pairings) under more concrete and well-understood assumptions. |
BibTeX
@inproceedings{pkc-2024-33777,
title={Updatable Policy-Compliant Signatures},
publisher={Springer-Verlag},
author={Christian Badertscher and Monosij Maitra and Christian Matt and Hendrik Waldner},
year=2024
}