SoK: Anonymous Credentials
Pages 129 - 151
Abstract
Anonymous credentials are a powerful tool for making assertions about identity while maintaining privacy and have been the subject of study for many years. The interest in anonymous credentials has intensified in recent years as the Internet and Web have become more and more interwoven into the fabric of our daily lives, causing large scale concerns about privacy. In particular, users are now wanting to reduce the amount of personal information they share in order to gain access to services. Since their introduction by Chaum (Comm. ACM 1985) there have been a plethora of results attempting to instantiate them with the first fully anonymous scheme being realised by Camenish and Lysyanskaya (EUROCRYPT 2001). Since this breakthrough result, there have been several newer schemes that have been proposed that not only improve on the Camenish-Lysyanskaya scheme but also introduce new features. In fact there have been a large variety of extensions proposed that have led to a seemingly incomparable landscape of schemes. In this paper, we review the many properties of anonymous credential systems, and systematically categorise and compare the approaches in the literature. Our analysis allows us to highlight gaps, open questions and directions for future research in the space of anonymous credentials.
References
[1]
Acar T and Nguyen L Catalano D, Fazio N, Gennaro R, and Nicolosi A Revocation for delegatable anonymous credentials Public Key Cryptography – PKC 2011 2011 Heidelberg Springer 423-440
[2]
Alamélou, Q., Blazy, O., Cauchie, S., Gaborit, P.: A code-based group signature scheme. Des. Codes Cryptogr. 469–493 (2016).
[3]
Alpár, G., van den Broek, F., Hampiholi, B., Jacobs, B., Lueks, W., Ringers, S.: Irma: practical, decentralized and privacy-friendly identity management using smartphones. In: 10th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2017) (2017)
[4]
Alpár, G., Jacobs, B.: Credential design in attribute-based identity management (2013)
[5]
Angin, P., et al.: An entity-centric approach for privacy and identity management in cloud computing. In: 2010 29th IEEE Symposium on Reliable Distributed Systems, pp. 177–183. IEEE (2010)
[6]
Ateniese G, Camenisch J, Joye M, and Tsudik G Bellare M A practical and provably secure coalition-resistant group signature scheme Advances in Cryptology — CRYPTO 2000 2000 Heidelberg Springer 255-270
[7]
Backes M, Hanzlik L, Kluczniak K, and Schneider J Peyrin T and Galbraith S Signatures with flexible public key: introducing equivalence classes for public keys Advances in Cryptology – ASIACRYPT 2018 2018 Cham Springer 405-434
[8]
Baldimtsi, F., et al.: Accumulators with applications to anonymity-pre-serving revocation. In: 2017 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 301–315. IEEE (2017)
[9]
Bangerter E, Camenisch J, and Lysyanskaya A Christianson B, Crispo B, Malcolm JA, and Roe M A cryptographic framework for the controlled release of certified data Security Protocols 2006 Heidelberg Springer 20-42
[10]
Belenkiy M, Camenisch J, Chase M, Kohlweiss M, Lysyanskaya A, and Shacham H Halevi S Randomizable proofs and delegatable anonymous credentials Advances in Cryptology - CRYPTO 2009 2009 Heidelberg Springer 108-125
[11]
Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: Non-interactive anonymous credentials. IACR Cryptol. ePrint Arch. 2007, 384 (2007)
[12]
Belenkiy M, Chase M, Kohlweiss M, and Lysyanskaya A Canetti R P-signatures and noninteractive anonymous credentials Theory of Cryptography 2008 Heidelberg Springer 356-374
[13]
Bemmann, K., et al.: Fully-featured anonymous credentials with reputation system. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. ARES 2018, Association for Computing Machinery, New York, NY, USA (2018).
[14]
Bichsel, P., et al.: D2. 2 architecture for attribute-based credential technologies-final version. ABC4TRUST project deliverable (2014). https://abc4trust.eu/index.php/pub (2014)
[15]
Bichsel P, Camenisch J, Neven G, Smart NP, and Warinschi B Garay JA and De Prisco R Get shorty via group signatures without encryption Security and Cryptography for Networks 2010 Heidelberg Springer 381-398
[16]
Blazy, O., Gaborit, P., Schrek, J., Sendrier, N.: A code-based blind signature. In: 2017 IEEE International Symposium on Information Theory, ISIT 2017, Aachen, Germany, 25–30 June 2017, pp. 2718–2722 (2017).
[17]
Blömer J and Bobolz J Preneel B and Vercauteren F Delegatable attribute-based anonymous credentials from dynamically malleable signatures Applied Cryptography and Network Security 2018 Cham Springer 221-239
[18]
Blömer, J., Bobolz, J., Diemert, D., Eidens, F.: Updatable anonymous credentials and applications to incentive systems. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1671–1685 (2019)
[19]
Bobolz J, Eidens F, Krenn S, Ramacher S, and Samelin K Conti M, Stevens M, and Krenn S Issuer-hiding attribute-based credentials Cryptology and Network Security 2021 Cham Springer 158-178
[20]
Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 168–177 (2004)
[21]
Boyen X Naor M Mesh signatures Advances in Cryptology - EUROCRYPT 2007 2007 Heidelberg Springer 210-227
[22]
Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)
[23]
Brands S, Demuynck L, and De Decker B Pieprzyk J, Ghodosi H, and Dawson E A practical system for globally revoking the unlinkable pseudonyms of unknown users Information Security and Privacy 2007 Heidelberg Springer 400-415
[24]
Camacho P, Hevia A, Kiwi M, and Opazo R Wu T-C, Lei C-L, Rijmen V, and Lee D-T Strong accumulators from collision-resistant hashing Information Security 2008 Heidelberg Springer 471-486
[25]
Camenisch, J., Drijvers, M., Dubovitskaya, M.: Practical uc-secure delegatable credentials with attributes and their application to blockchain. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 683–699 (2017)
[26]
Camenisch, J., Drijvers, M., Hajny, J.: Scalable revocation scheme for anonymous credentials based on n-times unlinkable proofs. In: Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society, pp. 123–133 (2016)
[27]
Camenisch J, Dubovitskaya M, Lehmann A, Neven G, Paquin C, and Preiss F-S Fischer-Hübner S, de Leeuw E, and Mitchell C Concepts and languages for privacy-preserving attribute-based authentication Policies and Research in Identity Management 2013 Heidelberg Springer 34-52
[28]
Camenisch, J., Groß, T.: Efficient attributes for anonymous credentials. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 345–356 (2008)
[29]
Camenisch J, Kohlweiss M, and Soriente C Jarecki S and Tsudik G An accumulator based on bilinear maps and efficient revocation for anonymous credentials Public Key Cryptography – PKC 2009 2009 Heidelberg Springer 481-500
[30]
Camenisch J and Lysyanskaya A Pfitzmann B An efficient system for non-transferable anonymous credentials with optional anonymity revocation Advances in Cryptology — EUROCRYPT 2001 2001 Heidelberg Springer 93-118
[31]
Camenisch J and Lysyanskaya A Yung M Dynamic accumulators and application to efficient revocation of anonymous credentials Advances in Cryptology — CRYPTO 2002 2002 Heidelberg Springer 61-76
[32]
Camenisch J and Lysyanskaya A Franklin M Signature schemes and anonymous credentials from bilinear maps Advances in Cryptology – CRYPTO 2004 2004 Heidelberg Springer 56-72
[33]
Camenisch J, Sommer D, and Zimmermann R Fischer-Hübner S, Rannenberg K, Yngström L, and Lindskog S A general certification framework with applications to privacy-enhancing certificate infrastructures Security and Privacy in Dynamic Environments 2006 Boston, MA Springer 25-37
[34]
Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 21–30 (2002)
[35]
Chase M and Lysyanskaya A Dwork C On signatures of knowledge Advances in Cryptology - CRYPTO 2006 2006 Heidelberg Springer 78-96
[36]
Chase, M., Meiklejohn, S., Zaverucha, G.: Algebraic macs and keyed-verification anonymous credentials. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1205–1216 (2014)
[37]
Chase, M., Perrin, T., Zaverucha, G.: The signal private group system and anonymous credentials supporting efficient verifiable encryption. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 1445–1459 (2020)
[38]
Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985).
[39]
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (eds.) Advances in Cryptology–EUROCRYPT 1991. EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Berlin, Heidelberg (1991).
[40]
Chen, L., Li, J.: VLR group signatures with indisputable exculpability and efficient revocation. Int. J. Inf. Priv. Secur. Integr. 2 1(2–3), 129–159 (2010)
[41]
Chu, C.K., Liu, J.K., Huang, X., Zhou, J.: Verifier-local revocation group signatures with time-bound keys. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 26–27 (2012)
[42]
Connolly, A., Lafourcade, P., Perez Kempner, O.: Improved constructions of anonymous credentials from structure-preserving signatures on equivalence classes. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) Public-Key Cryptography – PKC 2022. PKC 2022. LNCS, vol. 13177, pp. 409–438. Springer, Cham (2022).
[43]
Crites EC and Lysyanskaya A Matsui M Delegatable anonymous credentials from mercurial signatures Topics in Cryptology – CT-RSA 2019 2019 Cham Springer 535-555
[44]
Crites, E.C., Lysyanskaya, A.: Mercurial signatures for variable-length messages. IACR Cryptol. ePrint Arch. 2020, 979 (2020)
[45]
Damgård, I., Triandopoulos, N.: Supporting non-membership proofs with bilinear-map accumulators. IACR Cryptol. ePrint Arch. 2008, 538 (2008)
[46]
Davidson A, Goldberg I, Sullivan N, Tankersley G, and Valsorda F Privacy pass: bypassing internet challenges anonymously Proc. Priv. Enhanc. Technol. 2018 2018 3 164-180
[47]
Doesburg, J., Jacobs, B., Ringers, S.: Using IRMA for small scale digital elections (2020)
[48]
Ducas, L., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., Stehlé, D.: Crystals - dilithium: digital signatures from module lattices. IACR Cryptol. ePrint Arch. 2017, 633 (2017)
[49]
Förster, D., Kargl, F., Löhr, H.: PUCA: a pseudonym scheme with user-controlled anonymity for vehicular ad-hoc networks (VANET). In: 2014 IEEE Vehicular Networking Conference (VNC), pp. 25–32. IEEE (2014)
[50]
Fuchsbauer G Paterson KG Commuting signatures and verifiable encryption Advances in Cryptology – EUROCRYPT 2011 2011 Heidelberg Springer 224-245
[51]
Fuchsbauer G, Hanser C, and Slamanig D Structure-preserving signatures on equivalence classes and constant-size anonymous credentials J. Cryptol. 2019 32 2 498-546
[52]
Goodrich MT, Tamassia R, and Hasić J Chan AH and Gligor V An efficient dynamic and distributed cryptographic accumulator Information Security 2002 Heidelberg Springer 372-388
[53]
Gordon SD, Katz J, and Vaikuntanathan V Abe M A group signature scheme from lattice assumptions Advances in Cryptology - ASIACRYPT 2010 2010 Heidelberg Springer 395-412
[54]
Hajny, J., Malina, L.: Anonymous credentials with practical revocation. In: 2012 IEEE First AESS European Conference on Satellite Telecommunications (ESTEL), pp. 1–6. IEEE (2012)
[55]
Hampiholi, B., Jacobs, B.: Trusted self-enrolment for attribute-based credentials on mobile phones. In: Proceedings of the IFIP Summer School 2015, Edinburgh, 16–21 August 2015 (2015)
[56]
Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: International Conference on the Theory and Application of Cryptology and Information Security. pp. 491–511. Springer (2014)
[57]
Hanser C and Slamanig D Sarkar P and Iwata T Structure-preserving signatures on equivalence classes and their application to anonymous credentials Advances in Cryptology – ASIACRYPT 2014 2014 Heidelberg Springer 491-511
[58]
Hölzl, M., Roland, M., Mir, O., Mayrhofer, R.: Bridging the gap in privacy-preserving revocation: practical and scalable revocation of mobile eIDs. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pp. 1601–1609 (2018)
[59]
IBM: Iemix (2022). https://github.com/IBM/idemix
[60]
ISO: Information technology - security techniques - anonymous digital signatures - part 2: Mechanisms using a group public key. ISO 20008–2:2013, International Organization for Standardization, Geneva, Switzerland (2013). https://www.iso.org/standard/56916.html
[61]
ISO: Information technology - security techniques - anonymous entity authentication - part 2: Mechanisms using a group public key. ISO 20009–2:2013, International Organization for Standardization, Geneva, Switzerland (2013). https://www.iso.org/standard/56913.html
[62]
Johnson PC, Kapadia A, Tsang PP, and Smith SW Borisov N and Golle P Nymble: anonymous ip-address blocking Privacy Enhancing Technologies 2007 Heidelberg Springer 113-133
[63]
Kaaniche N, Laurent M, Rocher P-O, Kiennert C, and Garcia-Alfaro J Garcia-Alfaro J, Navarro-Arribas G, Hartenstein H, and Herrera-Joancomartí J , a privacy-preserving certification scheme Data Privacy Management, Cryptocurrencies and Blockchain Technology 2017 Cham Springer 239-256
[64]
Khader, D.: Attribute based group signatures. IACR Cryptol. ePrint Arch. 2007, 159 (2007)
[65]
Kumar, V., Li, H., Park, J.M., Bian, K., Yang, Y.: Group signatures with probabilistic revocation: a computationally-scalable approach for providing privacy-preserving authentication. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1334–1345 (2015)
[66]
Lapon J, Kohlweiss M, De Decker B, and Naessens V De Decker B, Lapon J, Naessens V, and Uhl A Analysis of revocation strategies for anonymous idemix credentials Communications and Multimedia Security 2011 Heidelberg Springer 3-17
[67]
Li J, Li N, and Xue R Katz J and Yung M Universal accumulators with efficient nonmembership proofs Applied Cryptography and Network Security 2007 Heidelberg Springer 253-269
[68]
Li, J., Kim, K.: Attribute-based ring signatures. IACR Cryptol. ePrint Arch. 2008, 394 (2008)
[69]
Lin, C., He, D., Zhang, H., Shao, L., Huang, X.: Privacy-enhancing decentralized anonymous credential in smart grids. Comput. Stand. Interfaces 75, 103505 (2021)
[70]
Lipmaa H Bao F, Samarati P, and Zhou J Secure accumulators from Euclidean rings without trusted setup Applied Cryptography and Network Security 2012 Heidelberg Springer 224-240
[71]
Lueks W, Alpár G, Hoepman JH, and Vullers P Federrath H and Gollmann D Fast revocation of attribute-based credentials for both users and verifiers ICT Systems Security and Privacy Protection 2015 Cham Springer 463-478
[72]
Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures: achieving attribute-privacy and collusion-resistance. IACR Cryptol. ePrint Arch. 2008, 328 (2008)
[73]
Mir, O., Slamanig, D., Bauer, B., Mayrhofer, R.: Practical delegatable anonymous credentials from equivalence class signatures. Cryptology ePrint Archive (2022)
[74]
Nakanishi T, Fujii H, Hira Y, and Funabiki N Jarecki S and Tsudik G Revocable group signature schemes with constant costs for signing and verifying Public Key Cryptography – PKC 2009 2009 Heidelberg Springer 463-480
[75]
Nguyen L Menezes A Accumulators from bilinear pairings and applications Topics in Cryptology – CT-RSA 2005 2005 Heidelberg Springer 275-292
[76]
Paquin, C., Zaverucha, G.: U-prove cryptographic specification v1. 1. Technical report, Microsoft Corporation (2011)
[77]
Pussewalage HSG and Oleshchuk VA An anonymous delegatable attribute-based credential scheme for a collaborative e-health environment ACM Trans. Internet Technol. (TOIT) 2019 19 3 1-22
[78]
Ringers S, Verheul E, and Hoepman J-H Kiayias A An efficient self-blindable attribute-based credential scheme Financial Cryptography and Data Security 2017 Cham Springer 3-20
[79]
Rivest RL, Shamir A, and Tauman Y Boyd C How to leak a secret Advances in Cryptology — ASIACRYPT 2001 2001 Heidelberg Springer 552-565
[80]
Rothblum RD, Sealfon A, and Sotiraki K Toward non-interactive zero-knowledge proofs for NP from LWE J. Cryptol. 2021 34 1 1-35
[81]
Shahandashti SF and Safavi-Naini R Preneel B Threshold attribute-based signatures and their application to anonymous credential systems Progress in Cryptology – AFRICACRYPT 2009 2009 Heidelberg Springer 198-216
[82]
Sporny, M., Longley, D., Chadwick, D.: Verifiable credentials data model v1.1. Technical report, World Wide Web Consortium: Verifiable Credentials Working Group (2022). https://www.w3.org/TR/2022/REC-vc-data-model-20220303/
[83]
Sujing, Z., Dongdai, L.: A shorter group signature with verifier-location revocation and backward unlinkability. Technical report, Cryptology ePrint Archive: Report 2006/100 (2006)
[84]
TCG: Trusted platform module library part 1: Architecture. Technical report Revision 01.53, Trusted Computing Group (2019)
[85]
Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: Blacklistable anonymous credentials: blocking misbehaving users without TTPs. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 72–81 (2007)
[86]
Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: PEREA: towards practical TTP-free revocation in anonymous authentication. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 333–344 (2008)
[87]
Tsang PP, Au MH, Kapadia A, and Smith SW BLAC: revoking repeatedly misbehaving anonymous users without relying on TTPs ACM Trans. Inf. Syst. Secur. (TISSEC) 2010 13 4 1-33
[88]
Verheul ER Boyd C Self-blindable credential certificates from the Weil pairing Advances in Cryptology — ASIACRYPT 2001 2001 Heidelberg Springer 533-551
[89]
Verheul, E.R.: Practical backward unlinkable revocation in fido, German e-id, idemix and u-prove. IACR Cryptol. ePrint Arch. 2016, 217 (2016)
[90]
Vullers P and Alpár G Fischer-Hübner S, de Leeuw E, and Mitchell C Efficient selective disclosure on smart cards using idemix Policies and Research in Identity Management 2013 Heidelberg Springer 53-67
[91]
Zhang J, Ma L, Sun R, and Wang Y More efficient VLR group signature satisfying exculpability IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 2008 91 7 1831-1835
[92]
Zhang Y and Feng D Chim TW and Yuen TH Efficient attribute proofs in anonymous credential using attribute-based cryptography Information and Communications Security 2012 Heidelberg Springer 408-415
Recommendations
Aggregate Signatures with Versatile Randomization and Issuer-Hiding Multi-Authority Anonymous Credentials
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityAnonymous credentials (AC) offer privacy in user-centric identity management. They enable users to authenticate anonymously, revealing only necessary attributes. With the rise of decentralized systems like self-sovereign identity, the demand for ...
Anonymous credentials light
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityWe define and propose an efficient and provably secure construction of blind signatures with attributes. Prior notions of blind signatures did not yield themselves to the construction of anonymous credential systems, not even if we drop the ...
Delegatable Anonymous Credentials from Mercurial Signatures
Topics in Cryptology – CT-RSA 2019AbstractIn a delegatable anonymous credential system, participants may use their credentials anonymously as well as anonymously delegate them to other participants. Such systems are more usable than traditional anonymous credential systems because a ...
Comments
Information & Contributors
Information
Published In
Apr 2023
160 pages
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 22 April 2023
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 10 Oct 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in