OACerts: Oblivious Attribute Certificates

We propose oblivious attribute certificates (OACerts), an attribute certificate scheme in which a certificate holder can select which attributes to use and how to use them. In particular, a user can use attribute values stored in an OACert obliviously, i.e., the user obtains a service if and only if the attribute values satisfy the policy of the service provider, yet the service provider learns nothing about these attribute values. This way, the service provider´s access control policy is enforced in an oblivious fashion. To enable the oblivious access control using OACerts, we propose a new cryptographic primitive called oblivious commitment-based envelope (OCBE). In an OCBE scheme, Bob has an attribute value committed to Alice and Alice runs a protocol with Bob to send an envelope (encrypted message) to Bob such that: 1) Bob can open the envelope if and only if his committed attribute value satisfies a predicate chosen by Alice and 2) Alice learns nothing about Bob´s attribute value. We develop provably secure and efficient OCBE protocols for the Pedersen commitment scheme and comparison predicates as well as logical combinations of them