OACerts: Oblivious Attribute Certificates

Get BibTex-formatted data

Download

PDF

Author

Jiangtao Li and Ninghui Li

Tech report number

CERIAS TR 2005-26

Entry type

article

Abstract

We propose Oblivious Attribute Certificates (OACerts), an attribute certificate scheme in which a certificate holder can select which attributes to use and how to use them. In particular, a user can use attribute values stored in an OACert obliviously, \ie, the user obtains a service if and only if the attribute values satisfy the policy of the service provider, yet the service provider learns nothing about these attribute values. This way, the service provider's access control policy is enforced in an oblivious fashion. To enable the oblivious access control using OACerts, we propose a new cryptographic primitive called Oblivious Commitment-Based Envelope (OCBE). In an OCBE scheme, Bob has an attribute value committed to Alice and Alice runs a protocol with Bob to send an envelope (encrypted message) to Bob such that: (1) Bob can open the envelope if and only if his committed attribute value satisfies a predicate chosen by Alice, (2) Alice learns nothing about Bob's attribute value. We develop provably secure and efficient OCBE protocols for the Pedersen commitment scheme and predicates such as $=,\ge,\le,>,<,\ne$ as well as logical combinations of them.

Download

PDF

Institution

Purdue University

Key alpha

privacy, access control, certificate, trust negotiation

Affiliation

CERIAS and Department of Computer Science

Publication Date

1900-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ privacy, access control, certificate, trust negotiation,
	title = "OACerts: Oblivious Attribute Certificates",
	author = "Jiangtao Li and Ninghui Li",
	institution = "Purdue University",
	abstract = "We propose Oblivious Attribute Certificates (OACerts), an attribute
certificate scheme in which a certificate holder can select which
attributes to use and how to use them.  In particular, a user can use
attribute values stored in an OACert obliviously, \ie, the user obtains
a service if and only if the attribute values satisfy the policy of the
service provider, yet the service provider learns nothing about these
attribute values.  This way, the service provider's access control
policy is enforced in an oblivious fashion.

To enable the oblivious access control using OACerts, we propose a new
cryptographic primitive called Oblivious Commitment-Based Envelope
(OCBE).  In an OCBE scheme, Bob has an attribute value committed to
Alice and Alice runs a protocol with Bob to send an envelope (encrypted
message) to Bob such that: (1) Bob can open the envelope if and only if
his committed attribute value satisfies a predicate chosen by Alice, (2)
Alice learns nothing about Bob's attribute value. We develop provably
secure and efficient OCBE protocols for the Pedersen commitment scheme
and predicates such as $=,\ge,\le,>,<,\ne$ as well as logical
combinations of them.",
	affiliation = "CERIAS and Department of Computer Science",
}