Intersection-policy private mutual authentication from authorized private set intersection

Abstract

Private mutual authentication (PMA) enables two-wayanonymous authentication between two users certified by the same trusted group authority. Most existing PMA schemes focus on acquiring a relatively onefold authentication policy that ensures affiliation-hiding or designated single-attribute matching. However, in practice, users are typically provided with multiple attributes. In addition to the affiliation-hiding requirement, how to effectively achieve a more flexible authentication policy for multi-attribute applications remains a challenging issue. The intersection policy for authentication is also required when the attribute intersection is not an empty set or its cardinality is no less than a threshold value. To solve the above problems, we first propose an optimal authorized private set intersection protocol with forward security based on identity-based encryption and then design a new PMA protocol with intersection-policy called IP-PMA, which provides a simple solution for secret handshakes between two members (holding multiple attributes) from the same organization. Formal security analyses proved that our two proposed protocols are secure in the random oracle model. Empirical tests demonstrated that the IP-PMA protocol is optimized with linear complexity and may be more suitable for resource-constrained applications.