Abstract
SUPERCEDED BY CERIAS TR 2005-26
We propose Oblivious Attribute Certificates (OACerts), an attribute certificate scheme in which a certificate holder can select which attributes to use and how to use them. In particular, a user can use
attribute values stored in an OACert obliviously, \ie, the user obtains
a service if and only if the attribute values satisfy the policy of the service provider, yet the service provider learns nothing about these attribute values.
To build OACerts, we propose a new cryptographic primitive called
Oblivious Commitment Based Envelope (OCBE). In an OCBE scheme, Bob has
an attribute value committed to Alice and Alice runs a protocol with Bob
to send an envelope (encrypted message) to Bob such that: (1) Bob can
open the envelope if and only if his committed attribute value satisfies
a predicate chosen by Alice. (2) Alice learns nothing about Bob's
attribute value. We develop provably secure and efficient OCBE protocols
for the Pedersen commitment scheme and predicates such as
$=,\ge,\le,>,<,\ne$ as well as logical combinations of them.