An accumulator scheme, as introduced by Benaloh and de Mare [BdM94] and further studied by Barić and Pfitzmann [BP97], is an algorithm that allows one to hash a large set of inputs into one short value, called the accumulator, such that there is a (short) witness that a given input was incorporated into the accumulator. At the same time, it is infeasible to find a witness for a value that was not accumulated. We put forward the notion of a dynamic accumulator, which is an accumulator that allows one to dynamically add and delete inputs, such that the cost of an add or delete is independent of the number of accumulated values. We achieve this under the strong RSA assumption. For this construction, we also show an efficient zero-knowledge protocol for proving that a committed value is in the accumulator. Dynamic accumulators enable efficient membership revocation in the anonymous setting. Our construction is especially suitable for membership revocation in group signature and identity escrow schemes, such as the one due to Ateniese et al. [ACJT00], and efficient revocation of credentials in anonymous credential systems, such as the one due to Camenisch and Lysyanskaya [CL01a]. Applying our method to these schemes enables membership revocation and yet does not significantly increase the complexity of any of the operations. In particular, the cost of a membership verification or credential showing increases by only a small constant factor, less than 2. All previously known methods (such as the ones due to Bresson and Stern [BS01] and Ateniese and Tsudik [AT01]) incur an increase in these costs that is linear in the number of members.
|
868
|
A public key cryptosystem and a signature scheme based on discrete logarithms
– ElGamal
- 1985
|
|
765
|
The knowledge complexity of interactive proof systems
– Goldwasser, Micali, et al.
- 1989
|
|
601
|
How to prove yourself: Practical solutions to identification and signature problems
– Fiat, Shamir
- 1987
|
|
569
|
Identity-based encryption from the Weil pairing
– Boneh, Franklin
- 2001
|
|
379
|
Undeniable signatures
– Chaum, van
- 1991
|
|
374
|
A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack
– Cramer, Shoup
- 1998
|
|
321
|
Security without identification: transaction systems to make big brother obsolete
– Chaum
- 1985
|
|
288
|
Security and composition of multiparty cryptographic protocols
– Canetti
- 2000
|
|
211
|
Optimistic fair exchange of digital signatures
– Asokan, Shoup, et al.
- 1998
|
|
188
|
Efficient Group Signature Schemes for Large Groups
– Camenisch, Stadler
- 1997
|
|
176
|
A practical and provably secure coalition-resistant group signature scheme
– Ateniese, Camenisch, et al.
- 2000
|
|
143
|
Collision-Free Accumulators and Fail-Stop Signature Schemes without Trees
– Barić, Pfitzmann
- 1997
|
|
121
|
Signature schemes based on the strong RSA assumption
– Cramer, Shoup
- 1999
|
|
118
|
Short Signatures without Random Oracles
– Boneh, Boyen
- 2004
|
|
112
|
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
– Brands
- 2000
|
|
110
|
An information-theoretic model for steganography
– Cachin
- 1998
|
|
110
|
signatures for untraceable payments
– Blind
- 1983
|
|
105
|
Composition and Integrity Preservation of Secure Reactive Systems
– Pfitzmann, Waidner
- 2000
|
|
101
|
Secure hash-and-sign signatures without the random oracle
– Gennaro, Halevi, et al.
- 1999
|
|
96
|
Efficient proofs that a committed number lies in an interval
– Boudot
- 2000
|
|
85
|
Trustee-based tracing extensions to anonymous cash and the making of anonymous change
– Brickell, Gemmell, et al.
- 1995
|
|
84
|
A group signature scheme with improved efficiency
– Camenisch, Michels
- 1998
|
|
83
|
Proving in zero-knowledge that a number is the product of two safe primes
– Camenisch, Michels
- 1999
|
|
83
|
Efficient concurrent zero-knowledge in the auxiliary string model
– Damgard
- 2000
|
|
83
|
One-way accumulators: A decentralized alternative to digital signatures
– Benaloh, Mare
- 1993
|
|
82
|
The notion of security for probabilistic cryptosystems
– Micali, Rackoff, et al.
- 1988
|
|
80
|
Fast batch verification for modular exponentiation and digital signatures
– Bellare, Garay, et al.
- 1998
|
|
78
|
Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions
– Bellare, Micciancio, et al.
- 2003
|
|
76
|
Studies in Secure Multiparty Computation and Applications
– Canetti
- 1995
|
|
71
|
Efficient and generalized group signatures
– Camenisch
- 1997
|
|
71
|
Pseudonym systems
– Lysyanskaya, Rivest, et al.
- 1999
|
|
69
|
Foundations of Cryptography: Volume 2 – Basic Applications
– Goldreich
- 2004
|
|
68
|
Separability and Efficiency for Generic Group Signature Schemes
– Camenisch, Michels
- 1999
|
|
64
|
On the generation of cryptographically strong pseudorandom sequences
– Shamir
- 1983
|
|
63
|
Fair Blind Signatures
– Stadler, Piveteau, et al.
- 1995
|
|
58
|
Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation
– Camenisch, Lysyanskaya
- 2001
|
|
56
|
Key-privacy in public-key encryption
– Bellare, Boldyreva, et al.
- 2001
|
|
44
|
A secure and privacy-protecting protocol for transmitting personal information between organizations
– CHAUM, EVERTSE
- 1987
|
|
42
|
A statistically-hiding integer commitment scheme based on groups with hidden order
– Damg˚ard, Fujisaki
- 2002
|
|
31
|
Provably secure steganography
– Hopper, Langford, et al.
- 2002
|
|
31
|
Practical forward secure group signature schemes
– Song
- 2001
|
|
29
|
Access with pseudonyms
– Chen
- 1995
|
|
23
|
Rapid demonstration of linear relations connected by boolean operators
– Brands
- 1997
|
|
22
|
Jan-Hendrik Evertse, and Jeroen van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations
– Chaum
- 1988
|
|
22
|
Chaum and Eugène van Heyst. Group signatures
– David
- 1991
|
|
21
|
Model-based steganography
– Sallee
- 2003
|
|
21
|
Public-Key Steganography
– Ahn, Hopper
- 2004
|
|
19
|
Public-Key Steganography with Active Attacks
– Backes, Cachin
- 2005
|
|
19
|
An identity escrow scheme with appointed verifiers
– Camenisch, Lysyanskaya
- 2001
|
|
18
|
Verifiable encryption and applications to group signatures and signature sharing
– Camenisch, Damg˚ard
- 1998
|
