Paper 2024/491

Updatable Policy-Compliant Signatures

Christian Badertscher, Input Output (Switzerland)
Monosij Maitra, Indian Institute of Technology Kharagpur
Christian Matt, Primev (Switzerland)
Hendrik Waldner, University of Maryland, College Park
Abstract

Policy-compliant signatures (PCS) are a recently introduced primitive by Badertscher et al. [TCC 2021] in which a central authority distributes secret and public keys associated with sets of attributes (e.g., nationality, affiliation with a specific department, or age) to its users. The authority also enforces a policy determining which senders can sign messages for which receivers based on a joint check of their attributes. For example, senders and receivers must have the same nationality, or only senders that are at least 18 years old can send to members of the computer science department. PCS further requires attribute-privacy – nothing about the users’ attributes is revealed from their public keys and signatures apart from whether the attributes satisfy the policy or not. The policy in a PCS scheme is fixed once and for all during the setup. Therefore, a policy update requires a redistribution of all keys. This severely limits the practicality of PCS. In this work, we introduce the notion of updatable policy-compliant signatures (UPCS) extending PCS with a mechanism to efficiently update the policy without redistributing keys to all participants. We define the notion of UPCS and provide the corresponding security definitions. We then provide a generic construction of UPCS based on digital signatures, a NIZK proof system, and a so-called secret-key two-input partially-hiding predicate encryption (2-PHPE) scheme. Unfortunately, the only known way to build the latter for general two-input predicates is using indistinguishability obfuscation. We show that the reliance on the heavy tool of 2-PHPE is inherent to build UPCS by proving that non-interactive UPCS implies 2-PHPE. To circumvent the reliance on 2-PHPE, we consider interactive UPCS, which allows the sender and receiver to interact during the message signing procedure. In this setting, we present two schemes: the first one requires only a digital signature scheme, a NIZK proof system, and secure two-party computation. This scheme works for arbitrary policies, but requires sender and receiver to engage in a two-party computation protocol for each policy update. Our second scheme additionally requires a (single-input) predicate-encryption scheme but, in turn, only requires a single interaction between sender and receiver, independent of the updates. In contrast to 2-PHPE, single-input predicate encryption for certain predicate classes is known to exist (e.g., from pairings) under more concrete and well-understood assumptions.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in PKC 2024
Keywords
enhanced signaturespolicy-dependenceupdatability
Contact author(s)
christian badertscher @ iohk io
monosij @ cse iitkgp ac in
christian @ primev xyz
hwaldner @ umd edu
History
2024-03-27: approved
2024-03-27: received
See all versions
Short URL
https://ia.cr/2024/491
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/491,
      author = {Christian Badertscher and Monosij Maitra and Christian Matt and Hendrik Waldner},
      title = {Updatable Policy-Compliant Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2024/491},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/491}},
      url = {https://eprint.iacr.org/2024/491}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.