2009 | OriginalPaper | Buchkapitel
Private Mutual Authentication and Conditional Oblivious Transfer
verfasst von : Stanisław Jarecki, Xiaomin Liu
Erschienen in: Advances in Cryptology - CRYPTO 2009
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
A bi-directional Private Authentication, or
Unlinkable Secret Handshake
, allows two parties to authenticate each other as certified by given certification authorities (i.e. affiliated with given groups), in a
mutually private way
, in the sense that the protocol leaks no information about either participant to a party which does not satisfy that participant’s authentication policy. In particular, the protocol hides what group this participant belongs to, and protocol instances involving the same participant are unlinkable. We construct the first realization of such private authentication using
O
(1) exponentiations and bilinear maps, secure under Strong Diffie-Hellman and Decisional Linear assumptions.
Our protocols rely on a novel technical tool, a family of efficient Private Conditional Oblivious Transfer (COT) protocols, secure under DDH, for languages defined by modular arithmetic constraints (e.g. equality, inequality, sums, products) on discrete-log representations of some group elements. (Recall that (
w
1
,...,
w
n
) is a representation of
C
in bases (
g
1
,...,
g
n
) if
$C=g_1^{w_1}...g_n^{w_n}$
.) A COT protocol for language L allows sender
S
to encrypt message
m
“under” statement
x
so that receiver
R
gets
m
only if
R
holds a witness for membership of
x
in
L
, while
S
learns nothing. A
private
COT for
L
hides not only message
m
but also statement
x
from any
R
that does not know a witness for
x
in
L
.