Traceability, Linkability and Policy Hiding in Attribute-Based Signature Schemes

  • Ali El Kaafarani

Student thesis: Doctoral ThesisPhD


Often we are less concerned with \emph{who} signed something than with \emph{what} attributes (director of this company etc.) they have.We propose three Attribute Based Signature schemes, namely, Decentralised Traceable Attribute Based Signatures $\DTABS$, Attribute Based Signatures with User-Controlled Linkability $\ABS$-$\UCL$, and Attribute Based Signatures with Hidden Expressive Policy $\ABS$-$\HEP$. The \emph{Traceability} assures that signatures in dispute, caused by any misuse/abuse cases, can be traced back to their signers. The judge of public opinion guarantees that no misattribution (framing) can take place. Additionally, \emph{User-Controlled Linkability} gives a lightweight solution to session--style ABS; signers can \emph{choose} to link some of their signatures that are directed to the same verifier, and the verifier will be convinced that those signatures are signed by the same anonymous person. %have the option to open a session with the same anonymous signer, whereas any signer has the capability to convince a given verifier that a series of signatures directed to it are all signed by the same person. \emph{Hidden expressive policy} gives the organizations the flexibility to change their signing policies without notifying the outside. All the three schemes are given and proven generically in a modular way. Instantiations for the first two schemes are also given to show both feasibility and practicality of the proposed schemes. The first two schemes substantially improve the state-of-the-art of Attribute Based Signatures that use Bilinear maps as a building block and shape it into a practical form, offering a \emph{decentralized} version of ABS where multiple authorities are involved and yet no reliance on a central authority is needed. In the third scheme, we move ABS into a new stage, where we increase the level of expressiveness of the signing policies to use general circuits, and at the same time, we give the signer the ability to fully hide his signing policy. This scheme makes use of hardness assumptions on the newly realized cryptographic building block, i.e. Multilinear maps.
Date of Award2 Jun 2015
Original languageEnglish
Awarding Institution
  • University of Bath
SupervisorJames Davenport (Supervisor) & Russell Bradford (Supervisor)


  • Digital Signatures

Cite this