Anonymous Deniable Identification in Ephemeral Setup and Leakage Scenarios (Brief Announcement)

Abstract

We present anonymous identification schemes, where a verifier can check that the user belongs to an ad-hoc group of users (just like in case of ring signatures), however a transcript of a session executed between a user and a verifier is deniable: neither the verifier nor the prover can convice a third party that a given user has been involved in a session but also he cannot prove that any user has been interacting with the verifier. Our realization of this idea is based on Schnorr identification scheme and ring signatures. We present two constructions, a simple 1-of-n case and a more advanced k-of-n, where the prover must use at least k private keys. They are immune to leakage of ephemeral keys and with minor modifications this property can be sacrificed for a simpler construction.