Abstract
Oblivious signature-based envelope (OSBE) schemes have demonstrated their potential applications in the protection of users privacy and rights. In an OSBE protocol, an encrypted message can only be decrypted by the receiver who holds a valid signature on a public message, while the sender (encrypter) does not know whether the receiver has the signature or not. Our major contributions in this work lie in the following aspects. We improve the notion of OSBE so that a valid credential holder cannot share his/her credential with other users (i. e., all-or-nothing non-transferability). We clarify the relationship between one-round OSBE and identity-based encryption (IBE) and show that one-round OSBE and semantically secure IBE against the adaptively chosen identity attack (IND-ID-CPA) are equivalent, if the signature in the OSBE scheme is existentially unforgeable against adaptively chosen message attacks. We propose an oblivious access control scheme to protect user privacy without the aid of any zero-knowledge proof. Finally, we also highlight some other novel applications of OSBE, such as attributed-based encryption.
Original language | English |
---|---|
Pages (from-to) | 389-401 |
Journal | International Journal of Information Security |
Volume | 11 |
Issue number | 6 |
Early online date | 26 Aug 2012 |
DOIs | |
Publication status | Published - 01 Nov 2012 |
Externally published | Yes |
Keywords
- Access control
- Oblivious signature-based envelope
- Oblivious transfer
ASJC Scopus subject areas
- Software
- Information Systems
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications