Affiliations: School of Computer, National University of Defense
Technology, Changsha, Hunan, China
Note: [] Corresponding author: Dr. Baokang Zhao, School of Computer,
National University of Defense Technology, Changsha 410073, Hunan, China. Tel.:
+86 731 84575815; E-mail: bkzhao@nudt.edu.cn
Abstract: Attribute-based signature (ABS) is a new cryptographic primitive, in
which a signer can sign a message with his attributes, and the verifier can
only known whether the signer owns attributes satisfying his policy. Moreover,
the signature cannot be forged by any user not having attributes satisfying the
policy. ABS has many applications, such as anonymous authentication, and
attribute-based messaging systems. But many applications may require a user
obtaining attributes from different authorities, which calls for
multi-authority ABS schemes. In this paper, we first propose a multi-authority
ABS scheme, called TR_MABS, adopting an attribute tree to support expressive
policy consisting of AND, OR, threshold gates. As TR_MABS brings in
expensive cost on adding or removing attribute authorities, we present another
multi-authority ABS scheme, named DNF_MABS, which uses a disjunctive normal
form (DNF) to express a policy, bringing in the capability of implementing NOT
gate. To prevent collusion attack, we adopt a unique global identity (GID) for
a user to combine his attribute keys and identity. Moreover, we use a central
authority to assure the usability of attribute keys a user getting from
different attribute authorities, make the verification independent of user's
identity, and allow attribute authorities' dynamic change. Our schemes fit the
requirements of applications, and also distribute the trust to authorities in
the system. In addition, we prove the security of our schemes under
computational Diffie-Hellman assumption.
Keywords: ABS, multi-authority, trust, policy, tree, DNF, GID, central authority