CL03

The CL03 algorithm refers to the one described in the paper, A Signature Scheme with Efficient Protocols by Jan Camenisch and Anna Lysyanskaya. This paper presents an efficient signature scheme and protocols designed for anonymous credential systems and other privacy-preserving cryptographic applications. This scheme enables signing committed values without revealing them and proving knowledge of signatures selectively, supporting use cases like anonymous verifiable credentials. The security of the scheme relies on the Strong RSA assumption.

The scheme is extended to handle blocks of messages, allowing signatures on multiple attributes or claims at once. This is beneficial in scenarios requiring a compact, unified signature on a set of related information, such as multi-attribute credentials.

Preliminary Protocols

1. Commitment Scheme: Uses a secure RSA modulus and group commitments to ensure message integrity and confidentiality.
2. Discrete-Logarithm-Based Protocols: Protocols for verifying knowledge of discrete logarithms and proving that committed values meet certain conditions without revealing them.

Protocols for the Signature Scheme

1. Signing a Committed Value: A secure protocol enables signing of a committed message without the signer learning the message content. This enables anonymous credential issuance.
2. Proof of Knowledge of a Signature: Users can prove possession of a valid signature on a committed value without revealing the message. This protocol uses zero-knowledge proofs to maintain privacy.
3. Protocols for Signatures on Blocks of Messages: The scheme supports proofs of knowledge for blocks of committed values, allowing users to disclose selectively, such as showing only specific credentials or attributes.

This scheme offers practical applications in anonymous credentials and privacy-preserving systems, where verifying credentials without compromising identity or personal data is crucial.