Secret handshake scheme with request-based-revealing

Secret handshake (SH) schemes enable two members who belong to the same group to authenticate each other in a way that hides their affiliation to that group from all others. In previous work on SH, the group authority (GA) of the group G has been shown to have the ability to reveal the identity (ID) of a handshake player who belongs to G. The capability to reveal a malicious player is important in SH systems. In this paper, we focus first on the classification of traceability of GA. We classify this feature as follows: (i) GA of G is able to reveal IDs of members belonging to G by using a transcript of a handshake protocol; and (ii) GA of G is able to confirm whether handshake players belong to G or not by using a transcript of a handshake protocol. Previous research in this field only considers the former capability. In some situations, only the latter capability is needed. Next, we consider a SH system that GA has only an ability to confirm whether a handshake player belongs to his own group without revealing his ID. The most naive method is that member IDs are eliminated and members have a common group ID. However, if member ID does not exist, one cannot reveal the handshake player’s ID in the event of disputes. Thus, we introduce a SH with request-based-revealing (SHRBR). In SHRBR schemes, GA can check whether handshake players belong to their own group, but cannot reveal member IDs alone. After a handshake player AA executes a handshake protocol with BB, if AA wants to reveal a handshake partner (in this case BB), AA requests GA to reveal a handshake partner’s ID by bringing forth his own ID and secret information of AA. We define the security requirements for SHRBR schemes and propose two concrete SHRBR schemes, SHRBR-1 and SHRBR-2. We prove that the proposed SHRBR schemes satisfy security requirements in the random oracle model.