Authors: Cao, Dan | Zhao, Baokang | Wang, Xiaofeng | Su, Jinshu
Attribute-based signature (ABS) is a new cryptographic primitive, in which a signer can sign a message with his attributes, and the verifier can only known whether the signer owns attributes satisfying his policy. Moreover, the signature cannot be forged by any user not having attributes satisfying the policy. ABS has many applications, such as anonymous authentication, and attribute-based messaging systems. But many applications may require a user obtaining attributes from different authorities, which calls for
…multi-authority ABS schemes. In this paper, we first propose a multi-authority ABS scheme, called TR_MABS, adopting an attribute tree to support expressive policy consisting of AND, OR, threshold gates. As TR_MABS brings in expensive cost on adding or removing attribute authorities, we present another multi-authority ABS scheme, named DNF_MABS, which uses a disjunctive normal form (DNF) to express a policy, bringing in the capability of implementing NOT gate. To prevent collusion attack, we adopt a unique global identity (GID) for a user to combine his attribute keys and identity. Moreover, we use a central authority to assure the usability of attribute keys a user getting from different attribute authorities, make the verification independent of user's identity, and allow attribute authorities' dynamic change. Our schemes fit the requirements of applications, and also distribute the trust to authorities in the system. In addition, we prove the security of our schemes under computational Diffie-Hellman assumption.
Keywords: ABS, multi-authority, trust, policy, tree, DNF, GID, central authority
Citation: Mobile Information Systems,
vol. 8, no. 3, pp. 255-274, 2012
Price: EUR 27.50