Backward unlinkable and revocable secret handshake without random oracle

Abstract

A Secret Handshake protocol provides a method of mutual authentication and key agreement which preserves users' anonymity, and prevents any information leakage to an unauthorized participant as well. Although in recent studies some schemes with desirable properties of “Unlinkability” and “Revocability” were proposed, in most of them unlinkability of revoked credentials or co-called “Backward Unlinkability” has been disregarded. Recently, Wen and Zhang proposed a backward unlinkable and revocable secret handshake scheme in random oracle model. They left it as an open problem whether such a secret handshake scheme without random oracle exists. In this paper, a new secret handshake protocol is proposed which satisfies these security requirements and also has impersonation resistance against malicious certificate authority. Subsequently, the security reduction proofs for backward unlinkability and impersonation resistance against malicious CA for the proposed scheme are provided.