Efficient Secret Handshaking Protocol

Main Article Content

Maged Hamada Ibrahim


Secret handshaking protocols allow two members of the same group to identify each other secretly, i.e., any two parties who are members
of the same group will recognize each other as members, yet, a party which is not a member of this group cannot tell, by engaging some party in the
handshaking protocol, whether that party is a member of this group. Unlinkability is one of the main merits of secret handshaking protocols, that is, a
party engaged in at least two handshakes must not be able to link any two different handshakes to a particular party. To achieve unlinkability, almost
all protocols proposed so far rely on the one-time credentials technique, where each party can use her credential only once. Hence, each party must
hold enough credentials allowing her to engage in the handshakes for enough period of time (e.g. a month) without referring to the group authority
for renewal. There is a severe security problem when one-time credentials are employed, that is, an active adversary may initialize with an honest
party as many handshaking sessions as she can and hence, depletes all the credentials held by this party, once a party runs out of credentials she will
not be able to engage in handshaking no more (Denial of Service attack, DoS). At the same time, the group authority must be able to manage
enormous number of issued credentials in data structures and certificate revocation lists (CRL). Thus, on the large scale implementation (large group
population), one-time credentials become impractical. In this paper, we propose a provably secure two-party secret handshaking protocol which
realizes the unlinkability property using only one permanent credential for each member and avoiding the inefficient one-time credentials. At the
same time, our protocol provides immediate revocation of members by the group authority without relying heavily on CRL structures.


Keywords: Secret handshakes, authentication, one-time credentials, unlinkability, revocation, denial of service, anonymous RSA, mediated PKI.


Download data is not yet available.

Article Details