分野別セミナー

We propose a notion of attribute-based identification (ABID) in two flavors: prover-policy ABID (PP-ABID) and verifier-policy ABID (VP-ABID). In a PP-ABID scheme, a prover has an authorized access policy written as a boolean formula over attributes, while each verifier maintains a set of attributes. The prover is accepted when his access policy fits the verifier’s set of attributes. In a VP-ABID scheme, a verifier maintains an access policy written as a boolean formula over attributes, while each prover has a set of authorized attributes. The prover is accepted when his set of attributes satisfies the verifier’s access policy. We provide two design principles. One principle is to construct key-policy and ciphertext-policy attribute-based key encapsulation mechanisms (KP-ABKEM and CP-ABKEM). Then we convert them into challenge-and-response PPABID and VP-ABID, respectively, by encapsulation-and-decapsulation. KP-ABKEM and CP-ABKEM only have to be secure against chosen-ciphertext attacks on one-wayness (OW-CCA secure) for the obtained PP-ABID and VP-ABID to be secure against concurrent man-in-the-middle attacks (cMiM secure). The other principle is to convert proof of knowledge systems of sigma protocol into VP-ABID. There, we introduce a concept of boolean formula-proof, which is an extension of well-known OR-proof. Obtained VP-ABID is without pairings and secure against concurrent attacks.