Abstract
We propose Oblivious Attribute Certificates (OACerts), an attribute
certificate scheme in which a certificate holder can select which
attributes to use and how to use them. In particular, a user can use
attribute values stored in an OACert obliviously, \ie, the user obtains
a service if and only if the attribute values satisfy the policy of the
service provider, yet the service provider learns nothing about these
attribute values. This way, the service provider's access control
policy is enforced in an oblivious fashion.
To enable the oblivious access control using OACerts, we propose a new
cryptographic primitive called Oblivious Commitment-Based Envelope
(OCBE). In an OCBE scheme, Bob has an attribute value committed to
Alice and Alice runs a protocol with Bob to send an envelope (encrypted
message) to Bob such that: (1) Bob can open the envelope if and only if
his committed attribute value satisfies a predicate chosen by Alice, (2)
Alice learns nothing about Bob's attribute value. We develop provably
secure and efficient OCBE protocols for the Pedersen commitment scheme
and predicates such as $=,\ge,\le,>,<,\ne$ as well as logical
combinations of them.
Key alpha
privacy, access control, certificate, trust negotiation