SaTC: CORE: Small: Mercurial Signatures and Applications to Privacy-Preserving Authentication

SaTC：核心：小型：Mercurial 签名和隐私保护身份验证的应用

• 批准号: 2154170
• 负责人: Anna Lysyanskaya
• 金额: $ 49.99万
• 依托单位: Brown University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-01 至 2025-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2154170&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Mercurial; Signatures

Anonymous credentials allow individuals to prove that they have a set of credentials, issued by some trusted issuer, or a set of issuers, without revealing any other information. Thus, for example, using anonymous credentials, an access provider can make sure that only authorized individuals get to participate in transactions and gain access to various resources, without invading the individuals' privacy. In spite of decades of research, the existence of several implementations and some examples of adoption, practitioners have yet to adopt this technology en masse. One reason that practitioners are having a tough time wrapping their minds around anonymous credentials is that the underlying concepts are complex and have yet to enter the popular lexicon. Another issue is that traditional anonymous credentials do not in fact protect users' privacy as much as we want them to. Efficiency, bandwidth and other practical considerations play a role too. This work addresses these gaps by studying mercurial signatures. Conceptually, mercurial signatures are easier to explain to software engineers and decision makers than traditional anonymous credentials, because unlike the latter they do not require familiarity with cryptographic commitments and zero-knowledge proof systems. Instead, they build off intuition that, by now, many practitioners have from standard digital signatures when it comes to unforgeability, and probabilistic encryption when it comes to unlinkability. They immediately lend themselves to privacy-preserving certification chains and delegatable anonymous credentials. And their efficient realization translates to efficient privacy-preserving authentication with strong composition guarantees.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

匿名凭证允许个人证明他们拥有一组凭证，由某个受信任的颁发者或一组颁发者颁发，而不泄露任何其他信息。 因此，例如，使用匿名凭证，访问提供商可以确保只有授权的个人才能参与交易并获得对各种资源的访问，而不会侵犯个人的隐私。尽管有几十年的研究，存在几种实现和一些采用的例子，但实践者还没有完全采用这种技术。从业者很坚韧理解匿名证书的一个原因是，其基本概念很复杂，尚未进入流行词典。另一个问题是，传统的匿名凭证实际上并没有像我们希望的那样保护用户的隐私。效率、带宽和其他实际考虑因素也发挥了作用。这项工作通过研究mercurial签名来解决这些差距。从概念上讲，水银签名比传统的匿名凭证更容易向软件工程师和决策者解释，因为与后者不同，它们不需要熟悉加密承诺和零知识证明系统。相反，他们建立了直觉，到目前为止，许多从业者在不可伪造性方面都有标准数字签名，在不可链接性方面都有概率加密。它们立即适用于保护隐私的认证链和可委托的匿名凭据。该奖项反映了NSF的法定使命，通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。