Anonymous Credential System Research Articles

Anonymous Access System with Limited Number of Uses in a Trustless Environment

This article proposes a novel method for managing usage counters within an anonymous credential system, addressing the limitation of traditional anonymous credentials in tracking repeated use. The method takes advantage of blockchain technology through Smart Contracts deployed on the Ethereum network to enforce a predetermined maximum number of uses for a given credential. Users retain control over increments by providing zero-knowledge proofs (ZKPs) demonstrating private key possession and agreement on the increment value. This approach prevents replay attacks and ensures transparency and security. A prototype implementation on a private Ethereum blockchain demonstrates the feasibility and efficiency of the proposed method, paving the way for its potential deployment in real-world applications requiring both anonymity and usage tracking.

Decentralized multi-authority anonymous credential system with bundled languages on identifiers in bilinear groups

Decentralized multi-authority anonymous credential system with bundled languages on identifiers in bilinear groups

Improving efficiency and security of Camenisch–Lysyanskaya signatures for anonymous credential systems

Camenisch–Lysyanskaya signature scheme with randomizability, namely CL signatures, at CRYPTO’04 has been well adopted for many privacy-preserving constructions, especially in the context of anonymous credential systems. Unfortunately, CL signatures suffer from linear size drawbacks. The signature size grows linearly based on the signing messages, which decreases the interest in practice, as each user may have multiple attributes (messages). Its standard EUF-CMA security was first proven under an interactive assumption. While the interactive assumption is not desirable in cryptography, Fuchsbauer et al. revisited its security at CRYPTO’18 by proving the scheme under the discrete logarithm (Dlog) assumption in the algebraic group model (AGM) that idealizes the adversary’s computation to be algebraic, yet the reduction loss is non-tight. In this work, we propose a new variant of CL signatures, namely CL+ signatures, that improves efficiency and security. The proposed CL+ signatures possess randomizability without the linear size drawback, such that signature size is a constant of three group elements. Besides, we prove the security of CL+ signatures can be tightly reduced to the DLog problem in AGM with only a loss factor of 3. Lastly, we show how CL+ signatures can also be instantiated to anonymous credential systems.

Compact Issuer-Hiding Authentication, Application to Anonymous Credential

Anonymous credentials are cryptographic mechanisms enabling users to authenticate themselves with a fine-grained control on the information they leak in the process. They have been the topic of countless papers which have improved the performance of such mechanisms or proposed new schemes able to prove ever-more complex statements about the attributes certified by those credentials. However, although these papers have studied in depth the problem of the information leaked by the credential and/or the attributes, almost all of them have surprisingly overlooked the information one may infer from the knowledge of the credential issuer. In this paper we address this problem by showing how one can efficiently hide the actual issuer of a credential within a set of potential issuers. The novelty of our work is that we do not resort to zero-knowledge proofs but instead we show how one can tweak Pointcheval-Sanders signatures to achieve this issuer-hiding property in a compact way. This results in an efficient anonymous credential system that indeed provides a complete control of the information leaked in the authentication process. Our construction is moreover modular and can then fit a wide spectrum of applications, notably for Self-Sovereign Identity (SSI) systems.

Dynamic Anonymous Credential Systems With Controllable Anonymity and Unlinkability

Dynamic Anonymous Credential Systems With Controllable Anonymity and Unlinkability

PERCE: A Permissioned Redactable Credentials Scheme for a Period of Membership

The anonymous credential has broad-ranging applications, for example for the pay-as-you-go strategy in the electronic subscription. However, the ‘plain vanilla’ pay-as-you-go strategy may not be suitable for non-regular users since the latter group is likely to require a tighter identity supervision mechanism. We also note that a key building block in the construction of an anonymous credential system is identity supervision. Since identity supervision is more than revocation, the approach to regulating user behavior needs to be both reasonable and practical. In a situation where the user is allowed to control their own identities, the latter approach could be more flexible compared to the revocation. There are existing works about the limitation on the k-times or epochs. However, due to the weaknesses of these single limitations, the combination of the customized k-times and epochs is necessary and remains to be done. In this paper, we present a permissioned redactable credentials scheme, which allows fine-grained supervision, user control, and user redaction. In our approach, we choose times and epochs as the regulation dimensions, which limits users invoke the credential show method for customized times in each epoch determined by the certificate authority. The users could also redact their credentials to realize selective disclosure. We then evaluate the proposed scheme’s performance and present a comparative summary to demonstrate potential utility.

Efficient and Traceable Anonymous Credentials on Smart Cards

Anonymous credential (AC) systems allow users, obtaining a credential on a set of attributes, to anonymously prove ownership of the credential and then to selectively disclose a subset of attributes without leaking any other attributes. Recently, a new type of AC, called keyed-verification anonymous credential (KVAC), has been proposed, which indicates that the credential issuer is also the verifier. Conceptually, the KVAC system is suitable for being used as employee cards, library access cards or eIDs (electronic ID cards). However, since the limited process power of smart cards, most of the existing KVAC systems are hard to be implemented on them. In addition, none of the existing KVAC systems provide traceability to obtain the user’s identity if anyone tries to misbehave with KVAC. In this paper, we present the first efficient and traceable KVAC system designated for smart cards. Our scheme provides the following security properties: unforgeability, anonymity, traceability and unlinkability. To demonstrate the efficiency and feasibility, we present an implementation of our scheme on standard Multos smart cards. The implementation results show that our scheme is efficient enough for practical use.

An Anonymous Credential System with Constant-Size Attribute Proofs for CNF Formulas with Negations

To enhance the user’s privacy in electronic ID, anonymous credential systems have been researched. In the anonymous credential system, a trusted issuing organization first issues a certificate certifying the user’s attributes to a user. Then, in addition to the possession of the certificate, the user can anonymously prove only the necessary attributes. Previously, an anonymous credential system was proposed, where CNF (Conjunctive Normal Form) formulas on attributes can be proved. The advantage is that the attribute proof in the authentication has the constant size for the number of attributes that the user owns and the size of the proved formula. Thus, various expressive logical relations on attributes can be efficiently verified. However, the previous system has a limitation: the proved CNF formulas cannot include any negation. Therefore, in this paper, we propose an anonymous credential system with constant-size attribute proofs such that the user can prove CNF formulas with negations. For the proposed system, we extend the previous accumulator for the limited CNF formulas to verify CNF formulas with negations.

Efficient blacklistable anonymous credential system with reputation using a pairing‐based accumulator

As privacy-enhancing authentications without any TTP (Trusted Third Party), blacklistable anonymous credential systems with reputation have been proposed. However, the previous systems have the efficiency problem: The authentication data size is O ( L ) or O ( K ) , where L is the reputation list, and K is the size of a window indicating the most recent K authentications of the user. Therefore, the previous systems suffer from O ( L ) or O ( K ) -size data in each authentication. In addition, the authentication needs the computation of O ( L ) or O ( K ) exponentiations. In this paper, an efficient blacklistable anonymous credential system with reputation is proposed. In our system, the data size of the authentication is O ( 1 ) . Furthermore, although the computational costs in the authentication depend on some parameters, the parameter-related costs are only multiplications instead of exponentiations. Compared to the previously proposed blacklistable system FARB with the constant computational and communication costs, our system has the advantage that the clear/redeem protocol only has to be executed every interval instead of every session. For constructing our system, we newly introduce the concept of an accumulator for reputation, and propose an efficient construction.

An Efficient Blacklistable Anonymous Credentials without TTP of Tracing Authority Using Pairing-Based Accumulator

In conventional ID-based user authentications, privacy issues may occur, since users’ behavior histories are collected in Service Providers (SPs). Although anonymous authentications such as group signatures have been proposed, these schemes rely on a Trusted Third Party (TTP) capable of tracing misbehaving users. Thus, the privacy is not high, because the TTP of tracing authority can always trace users. Therefore, the anonymous credential system using a blacklist without the TTP of tracing authority has been proposed, where blacklisted anonymous users can be blocked. Recently, an RSA-based blacklistable anonymous credential system with efficiency improvement has been proposed. However, this system still has an efficiency problem: The data size in the authentication is O(K0), where K0 is the maximum number of sessions in which the user can conduct. Furthermore, the O(K0)-size data causes the user the computational cost of O(K0) exponentiations. In this paper, a blacklistable anonymous credential system using a pairing-based accumulator is proposed. In the proposed system, the data size in the authentication is constant for parameters. Although the user’s computational cost depends on parameters, the dependent cost is O(δBL · K) multiplications, instead of exponentiations, where δBL is the number of sessions added to the blacklist after the last authentication of the user, and K is the number of past sessions of the user. The demerit of the proposed system is O(n)-size public key, where n corresponds to the total number of all sessions of all users in the system. But, the user only has to download the public key once.

Decentralized blacklistable anonymous credentials with reputation

Blacklistable anonymous credential systems provide service providers with a way to authenticate users according to their historical behaviors, while guaranteeing that all users can access services in an anonymous and unlinkable manner, thus are potentially useful in practice. Traditionally, to protect services from illegal access, the credential issuer, which completes the registration with users, must be trusted by the service provider. However, in practice, this trust assumption is usually unsatisfied.In this paper, we solve this problem and present the decentralized blacklistable anonymous credential system with reputation (DBLACR), which inherits nearly all features of the BLACR system presented in Au et al. (2012) but does not need a trusted party to register users.The new system also has extra advantages. In particular, it enables blacklist (historical behaviors) sharing among different service providers and is partially resilient to the blacklist gaming attack, where dishonest service providers attempt to compromise the privacy of users via generating blacklist maliciously.Technically, the main approach to achieve DBLACR system is a novel use of the blockchain technique, which serves as a public append-only ledger. The system can be instantiated from three different types of cryptographic systems, including the RSA system, the classical DL system, and the pairing based system. To demonstrate the practicability of our system, we also give a proof of concept implementation for the instantiation under the RSA system. The experiment results indicate that when authenticating with blacklists of reasonable size, our implementation can fulfill practical efficiency demands.

Probably Secure Efficient Anonymous Credential Scheme

This article describes how after the concept of anonymous credential systems was introduced in 1985, a number of similar systems have been proposed. However, these systems use zero-knowledge protocols to authenticate users, resulting in inefficient authentication during the stage of proving credential possession. To overcome this drawback, this article presents a signature scheme that uses partially blind signatures and chameleon hash functions such that both the prover and verifier achieve efficient authentication. In addition to providing a computational cost comparison table showing that the proposed signature scheme achieves a more efficient credential possession proving compared to other schemes, concrete security proofs are provided under a random oracle model to demonstrate that the proposed scheme satisfies the properties of anonymous credentials.

Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials

Structure-preserving signatures (SPS) are a powerful building block for cryptographic protocols. We introduce SPS on equivalence classes (SPS-EQ), which allow joint randomization of messages and signatures. Messages are projective equivalence classes defined on group-element vectors, so multiplying a vector by a scalar yields a different representative of the same class. Our scheme lets one adapt a signature for one representative to a signature for another representative without knowledge of any secret. Moreover, given a signature, an adapted signature for a different representative is indistinguishable from a fresh signature on a random message. We propose a definitional framework for SPS-EQ and an efficient construction in Type-3 bilinear groups, which we prove secure against generic forgers. We also introduce set-commitment schemes that let one open subsets of the committed set. From this and SPS-EQ, we then build an efficient multi-show attribute-based anonymous credential system for an arbitrary number of attributes. Our ABC system avoids costly zero-knowledge proofs and only requires a short interactive proof to thwart replay attacks. It is the first credential system whose bandwidth required for credential showing is independent of the number of its attributes, i.e., constant-size. We propose strengthened game-based security definitions for ABC and prove our scheme anonymous against malicious organizations in the standard model; finally, we discuss a concurrently secure variant in the CRS model.

Integration of Anonymous Credential Systems in IoT Constrained Environments

The pervasive nature of the Internet of Things (IoT) entails additional threats that compromise the security and privacy of IoT devices and, eventually, the users. This issue is aggravated in constrained IoT devices equipped with minimal hardware resources. Current security and privacy implementations need to be redesigned and implemented maintaining its level of assurance, aiming for this family of devices. To cope with this issue, this paper proposes the first novel attempt to leverage anonymous credential systems (ACSs) to preserve the privacy of autonomous IoT constrained devices. Concretely, we have designed a solution to integrate IBM’s identity mixer into constrained IoT ecosystems, endowing the IoT with ACSs’ privacy-preserving capabilities. The solution has been designed, implemented, and evaluated, proving its feasibility.

Comment on ‘Attribute-Based Signatures for Supporting Anonymous Certification’ by N. Kaaniche and M. Laurent (ESORICS 2016)

Anonymous credential systems enable users to authenticate themselves in a privacy-preserving manner. At the conference ESORICS 2016, Kaaniche and Laurent presented an anonymous certification scheme based on a new attribute based signature. In this note, we provide several attacks on their scheme.

Quantum one-way accumulator

Here presented analysis of the structure, function and properties of cryptographic one-way accumulator and pos-sibility of its practical application in the digital signature scheme, anonymous credential systems, time stamps protocols, digital money and so on. First formally defined the concept of a quantum one-way accumulator - cryptographic primitive that allow you to combine a large set of values into one value, so that by having a witness you will be able to verify the ownership of each of the values from the total group and by that it would provide significant cryptographic security because of using the basic laws of quantum physics. Built quantum one-way accumulator – Q-OWA and studied its properties; proved that primitive built Q-OWA is a quantum one-way combiner. Based on the Q-OWA accumulator built dynamic quantum accumulator that in addition to the properties of the one-way accumulator has the ability to add or delete values without the need to recalculate the entire accumulator.

Holistic Privacy-Preserving Identity Management System for the Internet of Things

Security and privacy concerns are becoming an important barrier for large scale adoption and deployment of the Internet of Things. To address this issue, the identity management system defined herein provides a novel holistic and privacy-preserving solution aiming to cope with heterogeneous scenarios that requires both traditional online access control and authentication, along with claim-based approach for M2M (machine to machine) interactions required in IoT. It combines a cryptographic approach for claim-based authentication using the Idemix anonymous credential system, together with classic IdM mechanisms by relying on the FIWARE IdM (Keyrock). This symbiosis endows the IdM system with advanced features such as privacy-preserving, minimal disclosure, zero-knowledge proofs, unlikability, confidentiality, pseudonymity, strong authentication, user consent, and offline M2M transactions. The IdM system has been specially tailored for the Internet of Things bearing in mind the management of both users’ and smart objects’ identity. Moreover, the IdM system has been successfully implemented, deployed, and tested in the scope of SocIoTal European research project.

Accumulator for Monotone Formulas and its Application to Anonymous Credential System

Accumulator for Monotone Formulas and its Application to Anonymous Credential System

Restricted usage of anonymous credentials in vehicular ad hoc networks for misbehavior detection

The automobile industry is entering a new era of digitalization with major impact on human mobility and transportation infrastructures. A result of such a convergence between the automobile and information technologies is vehicular ad hoc network (VANET), a type of mobile ad hoc networks that has recently enjoyed a lot of attention from the industry, the research community, lawmakers and privacy activists. In VANET, vehicles frequently broadcast various types of messages, including location data. This enables innovative applications and improvements in safety and driving experience. As messages broadcasted in the VANET are digitally signed and the receiver must be able to verify the sender's authentication and message integrity, there is a need to ensure broadcast authentication and protect driver's anonymity. However, communication in VANETs takes place with high frequency, and malicious vehicles can hide behind anonymity in order to duplicate packets and get advantage over other vehicles in the network. Indeed, state-of-the-art approaches to privacy-preserving messages broadcast in the VANET typically ensure that each vehicle has a number of pseudonymous certificates that are changed regularly in order to thwart an automated tracing of its activities. However, the possibility of uncontrolled simultaneous use of pseudonyms by misbehaving vehicles remain unaddressed. This paper proposes a set of anonymous credential system based protocols for VANET that enables the detection and limitation of pseudonym/credential overspending. The revocation of the misbehaving vehicle can be also achieved through the proposed solutions. With the prototypical implementation of the proposed protocols, it has been shown that the successful detection of fraud, i.e., pseudonyms overspending and the subsequent revocation of credentials are possible in VANET.

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.