Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials

@inproceedings{Camenisch2002DynamicAA,
  title={Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials},
  author={J. Camenisch and Anna Lysyanskaya},
  booktitle={CRYPTO},
  year={2002}
}
We introduce the notion of a dynamic accumulator. [...] Key Method We prove their security under the strong RSA assumption. We then show that our construction of dynamic accumulators enables efficient revocation of anonymous credentials, and membership revocation for recent group signature and identity escrow schemes.Expand
Accumulators with Applications to Anonymity-Preserving Revocation
TLDR
This work proposes Braavos, a new, RSA-based, dynamic accumulator that has optimal communication complexity and provides an ideal solution for anonymous revocation, and describes an anonymous revocation component (ARC) that can be instantiated using any dynamic accumulators. Expand
An Efficient Dynamic and Distributed Cryptographic Accumulator
TLDR
An accumulator-based scheme for authenticated dictionaries that supports efficient incremental updates of the underlying set by insertions and deletions of elements and can optimally verify in constant time the authenticity of the answer provided by a directory with a simple and practical algorithm. Expand
Universal Accumulators with Efficient Nonmembership Proofs
TLDR
This work gives an efficient zero-knowledge proof protocol for proving that a committed value is not in the accumulator, and presents a construction for dynamic universal accumulators, which allows one to dynamically add and delete inputs with constant computational cost. Expand
An Efficient Dynamic and Distributed RSA Accumulator
We show how to use the RSA one-way accumulator to realize an efficient and dynamic authenticated dictionary, where untrusted directories provide cryptographically verifiable answers to membershipExpand
Dynamic reversed accumulator
TLDR
This paper examines the security of several recent accumulator schemes and proposes a novel approach, the dynamic reversed accumulator, which is more efficient than existing schemes because a corresponding witness can be updated when several members have been revoked. Expand
Efficient Asynchronous Accumulators for Distributed PKI
TLDR
This work defines low update frequency, which means that a witness only needs to be updated a small number of times, and old-accumulator compatibility, which mean that a Witness can be used with outdated accumulator values. Expand
A New Dynamic Accumulator for Batch Updates
TLDR
This paper generalizes formal definitions for accumulators, formulates a security game for dynamic accumulators so-called Chosen Element Attack (CEA), and proposes a new dynamic accumulator for batch updates based on the Paillier cryptosystem. Expand
Chameleon accumulator and its applications
TLDR
A more powerful primitive called chameleon accumulator ( C A ) is introduced, which is compatible with the previous accumulator scheme and formalizes its corresponding security called indistinguishability: arbitrary adversary cannot find out whether the collision finding algorithm had been used or not. Expand
Efficient Proofs of Attributes in Pairing-Based Anonymous Credential System
TLDR
This paper shows how to achieve the constant complexity in a pairing-based anonymous credential system excluding the RSA by using zero-knowledge proofs of Pairing-based certificates and accumulators to prove AND and OR relations with Constant complexity in the number of finite-set attributes. Expand
Strong accumulators from collision-resistant hashing
TLDR
This work gives a simple construction of a strong universal accumulator scheme, which is provably secure under the assumption that collision-resistant hash functions exist, and shows how to use stronguniversal accumulators to solve a problem of practical relevance, the so-called e-Invoice Factoring Problem. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 47 REFERENCES
Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees
TLDR
The definition of accumulators is generalized and a collision-free subtype is defined and a fail-stop signature scheme in which many one-time public keys are accumulated into one short public key is constructed. Expand
Identity Escrow
TLDR
Protocols for escrowed identity based on the El-Gamal (signature and encryption) schemes and on the RSA function are given, which ensure that after setting up A to use the system, E is only involved when it is actually needed to determine A's identity. Expand
An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation
TLDR
This paper proposes a practical anonymous credential system that is based on the strong RSA assumption and the decisional Diffie-Hellman assumption modulo a safe prime product and is considerably superior to existing ones. Expand
An Identity Escrow Scheme with Appointed Verifiers
TLDR
This paper provides a formal definition of this new notion and gives an efficient construction of an identity escrow scheme with appointed verifiers provably secure under common number-theoretic assumptions in the public-key model. Expand
Efficient Revocation in Group Signatures
TLDR
This paper provides the first solution to achieve the revocation of identity in group signatures for the Camenish-Stadler scheme, and is efficient provided the number of revoked members remains small. Expand
Quasi-Efficient Revocation in Group Signatures
TLDR
This paper constructs a new revocation method for group signatures based on the signature scheme by Ateniese et al. Expand
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme
TLDR
This work introduces a new provably secure group signature and a companion identity escrow scheme that are significantly more efficient than the state of the art. Expand
Efficient and Secure Member Deletion in Group Signature Schemes
TLDR
An efficient group signature scheme that allows member deletion is proposed and the method of tracing all signatures of a specific member is introduced and the security of the scheme relies on the RSA assumption. Expand
Secure Hash-and-Sign Signatures Without the Random Oracle
TLDR
A new signature scheme is presented which is existentially unforgeable under chosen message attacks, assuming some variant of the RSA conjecture, and is unique in that the assumptions made on the cryptographic hash function in use are well defined and reasonable. Expand
A Group Signature Scheme with Improved Efficiency
TLDR
This paper proposes a new group signature scheme that is well suited for large groups, i.e., the length of the group’s public key and of signatures do not depend on the size of the groups. Expand
...
1
2
3
4
5
...