The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Dans les authentifications d'utilisateurs conventionnelles basées sur l'ID, des problèmes de confidentialité peuvent survenir, puisque les historiques de comportement des utilisateurs sont collectés auprès des fournisseurs de services (SP). Bien que des authentifications anonymes telles que des signatures de groupe aient été proposées, ces systèmes s'appuient sur un tiers de confiance (TTP) capable de retrouver les utilisateurs qui se comportent mal. Ainsi, la confidentialité n’est pas élevée, car le TTP de l’autorité de traçage peut toujours retracer les utilisateurs. Par conséquent, le système d'identification anonyme utilisant une liste noire sans le TTP de l'autorité de traçage a été proposé, dans lequel les utilisateurs anonymes inscrits sur une liste noire peuvent être bloqués. Récemment, un système d'identification anonyme basé sur une liste noire basé sur RSA avec une amélioration de l'efficacité a été proposé. Cependant, ce système présente toujours un problème d'efficacité : la taille des données lors de l'authentification est O(K'), où K' est le nombre maximum de sessions que l'utilisateur peut effectuer. Par ailleurs, le O(K')-taille des données entraîne pour l'utilisateur le coût de calcul de O(K') exponentiations. Dans cet article, un système d'informations d'identification anonymes pouvant être mis sur liste noire utilisant un accumulateur basé sur le couplage est proposé. Dans le système proposé, la taille des données dans l'authentification est constante pour les paramètres. Bien que le coût de calcul de l'utilisateur dépende des paramètres, le coût dépendant est O(δBL·K) multiplications, au lieu d'exponentiations, où δBL est le nombre de sessions ajoutées à la liste noire après la dernière authentification de l'utilisateur, et K est le nombre de sessions passées de l'utilisateur. L'inconvénient du système proposé est O(n) clé publique de taille, où n correspond au nombre total de toutes les sessions de tous les utilisateurs du système. Mais l’utilisateur ne doit télécharger la clé publique qu’une seule fois.
Yuu AIKOU
Hiroshima University
Shahidatul SADIAH
Hiroshima University
Toru NAKANISHI
Hiroshima University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Yuu AIKOU, Shahidatul SADIAH, Toru NAKANISHI, "An Efficient Blacklistable Anonymous Credentials without TTP of Tracing Authority Using Pairing-Based Accumulator" in IEICE TRANSACTIONS on Fundamentals,
vol. E102-A, no. 12, pp. 1968-1979, December 2019, doi: 10.1587/transfun.E102.A.1968.
Abstract: In conventional ID-based user authentications, privacy issues may occur, since users' behavior histories are collected in Service Providers (SPs). Although anonymous authentications such as group signatures have been proposed, these schemes rely on a Trusted Third Party (TTP) capable of tracing misbehaving users. Thus, the privacy is not high, because the TTP of tracing authority can always trace users. Therefore, the anonymous credential system using a blacklist without the TTP of tracing authority has been proposed, where blacklisted anonymous users can be blocked. Recently, an RSA-based blacklistable anonymous credential system with efficiency improvement has been proposed. However, this system still has an efficiency problem: The data size in the authentication is O(K'), where K' is the maximum number of sessions in which the user can conduct. Furthermore, the O(K')-size data causes the user the computational cost of O(K') exponentiations. In this paper, a blacklistable anonymous credential system using a pairing-based accumulator is proposed. In the proposed system, the data size in the authentication is constant for parameters. Although the user's computational cost depends on parameters, the dependent cost is O(δBL·K) multiplications, instead of exponentiations, where δBL is the number of sessions added to the blacklist after the last authentication of the user, and K is the number of past sessions of the user. The demerit of the proposed system is O(n)-size public key, where n corresponds to the total number of all sessions of all users in the system. But, the user only has to download the public key once.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E102.A.1968/_p
Copier
@ARTICLE{e102-a_12_1968,
author={Yuu AIKOU, Shahidatul SADIAH, Toru NAKANISHI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={An Efficient Blacklistable Anonymous Credentials without TTP of Tracing Authority Using Pairing-Based Accumulator},
year={2019},
volume={E102-A},
number={12},
pages={1968-1979},
abstract={In conventional ID-based user authentications, privacy issues may occur, since users' behavior histories are collected in Service Providers (SPs). Although anonymous authentications such as group signatures have been proposed, these schemes rely on a Trusted Third Party (TTP) capable of tracing misbehaving users. Thus, the privacy is not high, because the TTP of tracing authority can always trace users. Therefore, the anonymous credential system using a blacklist without the TTP of tracing authority has been proposed, where blacklisted anonymous users can be blocked. Recently, an RSA-based blacklistable anonymous credential system with efficiency improvement has been proposed. However, this system still has an efficiency problem: The data size in the authentication is O(K'), where K' is the maximum number of sessions in which the user can conduct. Furthermore, the O(K')-size data causes the user the computational cost of O(K') exponentiations. In this paper, a blacklistable anonymous credential system using a pairing-based accumulator is proposed. In the proposed system, the data size in the authentication is constant for parameters. Although the user's computational cost depends on parameters, the dependent cost is O(δBL·K) multiplications, instead of exponentiations, where δBL is the number of sessions added to the blacklist after the last authentication of the user, and K is the number of past sessions of the user. The demerit of the proposed system is O(n)-size public key, where n corresponds to the total number of all sessions of all users in the system. But, the user only has to download the public key once.},
keywords={},
doi={10.1587/transfun.E102.A.1968},
ISSN={1745-1337},
month={December},}
Copier
TY - JOUR
TI - An Efficient Blacklistable Anonymous Credentials without TTP of Tracing Authority Using Pairing-Based Accumulator
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1968
EP - 1979
AU - Yuu AIKOU
AU - Shahidatul SADIAH
AU - Toru NAKANISHI
PY - 2019
DO - 10.1587/transfun.E102.A.1968
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E102-A
IS - 12
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - December 2019
AB - In conventional ID-based user authentications, privacy issues may occur, since users' behavior histories are collected in Service Providers (SPs). Although anonymous authentications such as group signatures have been proposed, these schemes rely on a Trusted Third Party (TTP) capable of tracing misbehaving users. Thus, the privacy is not high, because the TTP of tracing authority can always trace users. Therefore, the anonymous credential system using a blacklist without the TTP of tracing authority has been proposed, where blacklisted anonymous users can be blocked. Recently, an RSA-based blacklistable anonymous credential system with efficiency improvement has been proposed. However, this system still has an efficiency problem: The data size in the authentication is O(K'), where K' is the maximum number of sessions in which the user can conduct. Furthermore, the O(K')-size data causes the user the computational cost of O(K') exponentiations. In this paper, a blacklistable anonymous credential system using a pairing-based accumulator is proposed. In the proposed system, the data size in the authentication is constant for parameters. Although the user's computational cost depends on parameters, the dependent cost is O(δBL·K) multiplications, instead of exponentiations, where δBL is the number of sessions added to the blacklist after the last authentication of the user, and K is the number of past sessions of the user. The demerit of the proposed system is O(n)-size public key, where n corresponds to the total number of all sessions of all users in the system. But, the user only has to download the public key once.
ER -