Policy-Based Signature Scheme for Credential Privacy Protecting in Trust Negotiation
Zhang Ming-wu①; Yang Bo①; Zhu Sheng-lin①; Zhang Wen-zheng②
①College of Informatics, South China Agricultural University, Guangzhou 510642, China; ②National Laboratory for Modern Communications, Chengdu 610041, China
Abstract:Principals establish trust relationship by iterative disclosure of credentials and access control policies in trust negotiation. The policies and credentials might be protected because the policies might not be revealed directly and credentials possessions are the privacy for the principals. In this paper, a Policy-Based Signature Scheme (PBSS) is proposed, which protect subset of credentials in according to policy using identity-based ring signature scheme. Verifier can get the proof that signer owned credentials in according to specified policy, where signer can not deduce what types credentials supply for. Security and correctness proofs are given in random oracle model with BDH problem assumption. PBSS is only two pairings calculation and irrelevant to policy expression and size of credential set. Compared with Proof-Carrying Proxy Certificates (PCPC) scheme which proposed by Bagga(2006), the proposed PBSS scheme has higher computing efficient and lower bandwidth consumption costs than the later.