Abstract. This paper introduces Bicameral and Auditably Private Signatures (BAPS) – a new privacy-preserving signature system with several novel features. In a BAPS system, given a certified attribute x and
a certified policy P, a signer can issue a publicly verifiable signature Σ
on a message m as long as (m, x) satisfies P. A noteworthy characteristic of BAPS is that both attribute x and policy P are kept hidden
from the verifier, yet the latter is convinced that these objects were
certified by an attribute-issuing authority and a policy-issuing authority, respectively. By considering bicameral certification authorities and requiring privacy for both attributes and policies, BAPS generalizes the
spirit of existing advanced signature primitives with fine-grained controls
on signing capabilities (e.g., attribute-based signatures, predicate signatures, policy-based signatures). Furthermore, BAPS provides an appealing feature named auditable privacy, allowing the signer of Σ to verifiably
disclose various pieces of partial information about P and x when asked
by auditor(s)/court(s) at later times. Auditable privacy is intrinsically
different from and can be complementary to the notion of accountable
privacy traditionally incorporated in traceable anonymous systems such
as group signatures. Equipped with these distinguished features, BAPS
can potentially address interesting application scenarios for which existing primitives do not offer a direct solution.
We provide rigorous security definitions for BAPS, following a “sim-ext”
approach. We then demonstrate a generic construction based on commonly used cryptographic building blocks, which employs a sign-thencommit-then-prove design. Finally, we present a concrete instantiation
of BAPS, that is proven secure in the random oracle model under lattice assumptions. The scheme can handle arbitrary policies represented
by polynomial-size Boolean circuits and can address quadratic disclosing functions. In the construction process, we develop a new technical
building block that could be of independent interest: a zero-knowledge
argument system allowing to prove the satisfiability of a certified-andhidden Boolean circuit on certified-and-committed inputs.
标签:signatures,Signatures,privacy,attribute,Auditably,policy,Bicameral,BAPS,certifie From: https://blog.51cto.com/u_14897897/8431992