TY - GEN
T1 - Privacy for private key in signatures
AU - Wu, Qianhong
AU - Qin, Bo
AU - Mu, Yi
AU - Susilo, Willy
PY - 2009
Y1 - 2009
N2 - One of the important applications of digital signature is anonymous credential or pseudonym system. In these scenarios, it is essential that the identity of the signer is kept secret from any third party, except the trusted authority. The identity in such a system is uniquely identified by the secret key (or the signing key) rather than the public key, since the public key may be repeatedly randomized. This paper formalizes this notion by investigating a new property of digital signatures, called key indistinguishability. In this notion, given a number of digital signatures generated from two known public keys, an adversary cannot determine whether the signing keys used to generate these public keys, and hence the signatures, are the same. This property ensures that the signatures do not leak any information of the signing keys. Observing that existing digital signatures without random oracles do not provide such a property, we fill the gap with the first key indistinguishable signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The proposed scheme is also efficient and practical for applications in pseudonym systems.
AB - One of the important applications of digital signature is anonymous credential or pseudonym system. In these scenarios, it is essential that the identity of the signer is kept secret from any third party, except the trusted authority. The identity in such a system is uniquely identified by the secret key (or the signing key) rather than the public key, since the public key may be repeatedly randomized. This paper formalizes this notion by investigating a new property of digital signatures, called key indistinguishability. In this notion, given a number of digital signatures generated from two known public keys, an adversary cannot determine whether the signing keys used to generate these public keys, and hence the signatures, are the same. This property ensures that the signatures do not leak any information of the signing keys. Observing that existing digital signatures without random oracles do not provide such a property, we fill the gap with the first key indistinguishable signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The proposed scheme is also efficient and practical for applications in pseudonym systems.
KW - Anonymous identity
KW - Chosen message attack
KW - Key indistinguishability
KW - Key leakage
KW - Key privacy
KW - Pairing groups
UR - https://www.scopus.com/pages/publications/67650112871
U2 - 10.1007/978-3-642-01440-6_9
DO - 10.1007/978-3-642-01440-6_9
M3 - 会议稿件
AN - SCOPUS:67650112871
SN - 9783642014390
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 84
EP - 95
BT - Information Security and Cryptology - 4th International Conference, Inscrypt 2008, Revised Selected Papers
T2 - 4th International Conference on Information Security and Cryptology, Inscrypt 2008
Y2 - 14 December 2008 through 17 December 2008
ER -