We present new formal definitions, algorithms, and motivating applications for three natural cryptographic constructions. Our constructions are based on a special type of algebraic group called bilinear groups . (1) Re-signatures . We present the first public key signature scheme where a semi-trusted proxy, given special information, can translate Alice's signature on a message into Bob's signature on the same message. The special information, however, allows nothing else, i.e., the proxy cannot translate from Bob to Alice, nor can it sign on behalf of either Alice or Bob. We show that a path through a graph can be cheaply authenticated using this scheme, with applications to electronic passports. (2) Re-encryption . We present the first public key cryptosystem where a semi-trusted proxy, given special information, can translate an encryption of a message under Alice's key into an encryption of the same message under Bob's key. Again, the special information allows nothing else, i.e. the proxy cannot translate from Bob to Alice, decrypt on behalf of either Alice or Bob, or learn anything else about the message. We apply this scheme to create a new mechanism for secure distributed storage. (3) Compact e-cash with tracing and bounded-anonymity . We present an offline e-cash system where 2 ý coins can be stored in O (ý + k ) bits and withdrawn or spent in O (ý + k ) time, where k is the security parameter. The best previously known schemes required at least one of these complexities to be O (2 ý · k ). In our system, a user's transactions are anonymous and unlinkable, unless she performs a forbidden action, such as double-spending a coin. Performing a forbidden action reveals the identity of the user, and optionally allows to trace all of her past transactions. We provide solutions without using a trusted party. We argue why features of our system are likely to be crucial to the adoption of any e-cash system. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)
Cited By
- Zhong S (2009). Identity-based mix, Computers and Electrical Engineering, 35:5, (705-711), Online publication date: 1-Sep-2009.
- Libert B and Vergnaud D Tracing Malicious Proxies in Proxy Re-encryption Proceedings of the 2nd international conference on Pairing-Based Cryptography, (332-353)
- Libert B and Vergnaud D Unidirectional chosen-ciphertext secure proxy re-encryption Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography, (360-379)
- Libert B and Vergnaud D Multi-use unidirectional proxy re-signatures Proceedings of the 15th ACM conference on Computer and communications security, (511-520)
- Boneh D and Naor M Traitor tracing with constant size ciphertext Proceedings of the 15th ACM conference on Computer and communications security, (501-510)
Index Terms
- Advances in signatures, encryption, and e-cash from bilinear groups
Recommendations
Certificateless undeniable signatures from bilinear maps
Certificateless public-key cryptosystem avoids the inherent key escrow problem in identity-based public-key cryptosystem, and does not need expensive certificates in the public key infrastructure. This cryptographic primitive has received a significant ...
Short traceable signatures based on bilinear pairings
IWSEC'06: Proceedings of the 1st international conference on SecurityWe propose a short traceable signature scheme based on bilinear pairings. Traceable signatures, introduced by Kiayias, Tsiounis and Yung (KTY), support an extended set of fairness mechanisms (mechanisms for anonymity management and revocation) when ...
Provably-secure electronic cash based on certificateless partially-blind signatures
We extend the partially-blind signature approach into certificateless public key cryptography to eliminate the key escrow problem that occurs with identities in public key cryptography. We also formalize conditions for security for certificateless ...