Paper 2016/070
Domain-Specific Pseudonymous Signatures Revisited
Kamil Kluczniak
Abstract
Domain-Specific Pseudonymous Signature schemes were recently proposed for privacy preserving authentication of digital identity documents by the BSI, German Federal Office for Information Security. The crucial property of domain-specific pseudonymous signatures is that a signer may derive unique pseudonyms within a so called domain. Now, the signer's true identity is hidden behind his domain pseudonyms and these pseudonyms are unlinkable, i.e. it is infeasible to correlate two pseudonyms from distinct domains with the identity of a single signer. In this paper we take a critical look at the security definitions and constructions of domain-specific pseudonymous signatures proposed by far. We review two articles which propose ``sound and clean'' security definitions and point out some issues present in these models. Some of the issues we present may have a strong practical impact on constructions ``provably secure'' in this models. Additionally, we point out some worrisome facts about the proposed schemes and their security analysis.
Note: This version fixes some editorial mistakes.
Metadata
- Available format(s)
-
PDF
- Publication info
- Preprint. MINOR revision.
- Keywords
- public-key cryptographyeID DocumentsPrivacyDomain SignaturesPseudonymitySecurity DefinitionProvable Security
- Contact author(s)
- kamil kluczniak @ pwr edu pl
- History
- 2016-02-11: revised
- 2016-01-26: received
- See all versions
- Short URL
- https://ia.cr/2016/070
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2016/070,
author = {Kamil Kluczniak},
title = {Domain-Specific Pseudonymous Signatures Revisited},
howpublished = {Cryptology ePrint Archive, Paper 2016/070},
year = {2016},
note = {\url{https://eprint.iacr.org/2016/070}},
url = {https://eprint.iacr.org/2016/070}
}
