ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things

• We describe ePASS, an expressive and privacy-preserving attribute-based signature scheme for IoT.
• We prove that ePASS is unforgeable for the computational Diffie–Hellman assumption.
• We prove user anonymity and attribute privacy for ePASS.
• We compare ePASS with existing attribute-based signature schemes.
• Our proposed ePASS scheme outperforms existing approaches in both functionality and performance.

The Internet of Things (IoT) provides anywhere, anything, anytime connections, for which user privacy is vulnerable and authentication methods that favor policy over attributes are essential. Thus, a signature scheme that considers user privacy and implements an attributes policy is required. Emerging attribute-based signature (ABS) schemes allow a requester of a resource to generate a signature with attributes satisfying the policy without leaking more information. However, few existing approaches simultaneously achieve an expressive policy and security under the standard Diffie–Hellman assumption. Here we describe ePASS, a novel ABS scheme that uses an attribute tree and expresses any policy consisting of AND, OR threshold gates under the computational Diffie–Hellman problem. Users cannot forge signatures with attributes they do not possess, and the signature provides assurance that only a user with appropriate attributes satisfying the policy can endorse the message, resulting in unforgeability. However, legitimate signers remain anonymous and are indistinguishable among all users whose attributes satisfy the policy, which provides attribute privacy for the signer. Compared to existing schemes, our approach delivers enhanced performance by reducing the computational cost and signature size.