{"title":"最佳私有访问控制","authors":"Markulf Kohlweiss, A. Rial","doi":"10.1145/2517840.2517857","DOIUrl":null,"url":null,"abstract":"Access control based on anonymous credentials allows users to prove to a service provider in a privacy-friendly manner that they possess the credentials required to access a resource. To achieve optimal privacy, the information that service providers can learn from the access control protocol should in principle be just a single event, namely that a user is granted access. However, existing anonymous credential schemes reveal additional information to the service provider such as the identity of the credential issuer, the credential type, and constraints on the attributes of the credential that reveal more than the access decision itself. In addition, the efficiency of selective attribute disclosure is not optimal. Our contribution is both cryptographic and conceptual. First, we extend existing vector commitment schemes with efficient zero-knowledge protocols to prove correct generation of a new commitment, to prove that a secret value is committed at a secret position, and to prove that a secret position was updated to a new secret value. Second, we employ these protocols along with structure preserving signatures and conceptual techniques from logic-based access control to design a private access control protocol with efficient selective attribute disclosure that achieves our optimality criteria.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Optimally private access control\",\"authors\":\"Markulf Kohlweiss, A. Rial\",\"doi\":\"10.1145/2517840.2517857\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Access control based on anonymous credentials allows users to prove to a service provider in a privacy-friendly manner that they possess the credentials required to access a resource. To achieve optimal privacy, the information that service providers can learn from the access control protocol should in principle be just a single event, namely that a user is granted access. However, existing anonymous credential schemes reveal additional information to the service provider such as the identity of the credential issuer, the credential type, and constraints on the attributes of the credential that reveal more than the access decision itself. In addition, the efficiency of selective attribute disclosure is not optimal. Our contribution is both cryptographic and conceptual. First, we extend existing vector commitment schemes with efficient zero-knowledge protocols to prove correct generation of a new commitment, to prove that a secret value is committed at a secret position, and to prove that a secret position was updated to a new secret value. Second, we employ these protocols along with structure preserving signatures and conceptual techniques from logic-based access control to design a private access control protocol with efficient selective attribute disclosure that achieves our optimality criteria.\",\"PeriodicalId\":406846,\"journal\":{\"name\":\"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-11-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2517840.2517857\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2517840.2517857","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Access control based on anonymous credentials allows users to prove to a service provider in a privacy-friendly manner that they possess the credentials required to access a resource. To achieve optimal privacy, the information that service providers can learn from the access control protocol should in principle be just a single event, namely that a user is granted access. However, existing anonymous credential schemes reveal additional information to the service provider such as the identity of the credential issuer, the credential type, and constraints on the attributes of the credential that reveal more than the access decision itself. In addition, the efficiency of selective attribute disclosure is not optimal. Our contribution is both cryptographic and conceptual. First, we extend existing vector commitment schemes with efficient zero-knowledge protocols to prove correct generation of a new commitment, to prove that a secret value is committed at a secret position, and to prove that a secret position was updated to a new secret value. Second, we employ these protocols along with structure preserving signatures and conceptual techniques from logic-based access control to design a private access control protocol with efficient selective attribute disclosure that achieves our optimality criteria.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
