Secret handshakes: Full dynamicity, deniability and lattice-based design

Abstract

Secret handshake (SH), as an essential privacy-preserving primitive, entitles members of the same group to anonymously authenticate each other. Among all the existing designs, only the ones separately proposed by Zhang et al. over coding theory and An et al. over lattice are post-quantum secure. However, both schemes fall short of being practical due to their huge overhead (≫ 100 MB), and the code-based one is even insecure under impersonator attacks. Besides, all the known SH constructions are powerless to handle the problem of dynamically managing users. To fill the gap, in this work we first formalize the model of fully dynamic secret handshakes (FDSH), where members have the freedom of joining or leaving a group. Then, to achieve anonymous mutual authentication with ease, we introduce a newly-defined cryptographic primitive called anonymous message exchange (AME), where legal participants can exchange their messages anonymously. Further, two generic approaches of AME from non-interactive zero-knowledge arguments of knowledge (NIZKAoK) are provided, along with heuristic applications. Finally, by combining a well-designed AME and other suitable techniques, we present the first lattice-based FDSH in the random oracle model offering another attractive property: full deniability, which enables users to plausibly deny their participating in interactions. Our scheme sharply reduces the communication cost (< 10 MB) and surpasses the existing post-quantum systems in terms of security, efficiency, and functionality.