Article

An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials

Authors:

Markulf Kohlweiss,

Claudio SorienteAuthors Info & Claims

Irvine: Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09

Pages 481 - 500

https://doi.org/10.1007/978-3-642-00468-1_27

Published: 12 March 2009 Publication History

Abstract

The success of electronic authentication systems, be it e-ID card systems or Internet authentication systems such as CardSpace, highly depends on the provided level of user-privacy. Thereby, an important requirement is an efficient means for revocation of the authentication credentials. In this paper we consider the problem of revocation for certificate-based privacy-protecting authentication systems. To date, the most efficient solutions for revocation for such systems are based on cryptographic accumulators. Here, an accumulate of all currently valid certificates is published regularly and each user holds a <em>witness</em> enabling her to prove the validity of her (anonymous) credential while retaining anonymity. Unfortunately, the users' witnesses must be updated at least each time a credential is revoked. For the know solutions, these updates are computationally very expensive for users and/or certificate issuers which is very problematic as revocation is a frequent event as practice shows.

In this paper, we propose a new dynamic accumulator scheme based on bilinear maps and show how to apply it to the problem of revocation of anonymous credentials. In the resulting scheme, proving a credential's validity and updating witnesses both come at (virtually) no cost for credential owners and verifiers. In particular, updating a witness requires the issuer to do only one multiplication per addition or revocation of a credential and can also be delegated to untrusted entities from which a user could just retrieve the updated witness. We believe that thereby we provide the first authentication system offering privacy protection suitable for implementation with electronic tokens such as eID cards or drivers' licenses.

References

[1]

Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. Technical Report Research Report RZ 3419, IBM Research Division (May 2002).

[2]

Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multishow credential system with optional anonymity revocation. Technical Report Research Report RZ 3295, IBM Research Division (November 2000).

[3]

Persiano, G., Visconti, I.: An efficient and usable multi-show nontransferable anonymous credential system. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 196-211. Springer, Heidelberg (2004).

[4]

Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030-1044 (1985).

Digital Library

[5]

Chaum, D., Evertse, J.H.: A secure and privacy-protecting protocol for transmitting personal information between organizations. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 118-167. Springer, Heidelberg (1987).

Digital Library

[6]

Chen, L.: Access with pseudonyms. In: Dawson, E.P., Golić, J.D. (eds.) Cryptography: Policy and Algorithms 1995. LNCS, vol. 1029, pp. 232-243. Springer, Heidelberg (1996).

Digital Library

[7]

Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184-199. Springer, Heidelberg (2000).

Digital Library

[8]

Okamoto, T.: An efficient divisible electronic cash scheme. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 438-451. Springer, Heidelberg (1995).

Digital Library

[9]

Chan, A.H., Frankel, Y., Tsiounis, Y.: Easy come - easy go divisible cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561-575. Springer, Heidelberg (1998).

[10]

Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact e-cash. In: {40}, pp. 302-321.

Digital Library

[11]

Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: {41}, pp. 132-145.

Digital Library

[12]

Bangerter, E., Camenisch, J., Lysyanskaya, A.: A cryptographic framework for the controlled release of certified data. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2004. LNCS, vol. 3957, pp. 20-42. Springer, Heidelberg (2006).

Digital Library

[13]

Ateniese, G., Song, D.X., Tsudik, G.: Quasi-efficient revocation in group signatures. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 183-197. Springer, Heidelberg (2003).

Digital Library

[14]

Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: {41}, pp. 168-177.

Digital Library

[15]

Nakanishi, T., Funabiki, N.: Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. IEICE Transactions 90-A(1), 65-74 (2007).

Digital Library

[16]

Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: {42}, pp. 41-55.

[17]

Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61-76. Springer, Heidelberg (2002).

Digital Library

[18]

Benaloh, J.C., de Mare, M.: One-way accumulators: A decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274-285. Springer, Heidelberg (1994).

Digital Library

[19]

West Virginia Department of Transportation, Division of Motor Vehicles: Wvdmv fy 2005 annual report (2005), http://www.wvdot.com/6 motorists/dmv/ downloads/DMVAnnualReport2005.pdf

[20]

Li, J., Li, N., Xue, R.: Universal accumulators with efficient nonmembership proofs. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 253-269. Springer, Heidelberg (2007).

Digital Library

[21]

Nguyen, L.: Accumulators from bilinear pairings and applications. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 275-292. Springer, Heidelberg (2005).

Digital Library

[22]

Wang, P., Wang, H., Pieprzyk, J.: A new dynamic accumulator for batch updates. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 98-112. Springer, Heidelberg (2007).

Digital Library

[23]

Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: {40}, pp. 440-456.

Digital Library

[24]

Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56-73. Springer, Heidelberg (2004).

[25]

Boyen, X., Waters, B.: Full-Domain Subgroup Hiding and Constant-Size Group Signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 1-15. Springer, Heidelberg (2007).

Digital Library

[26]

Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161-174 (1991).

[27]

Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89-105. Springer, Heidelberg (1993).

Digital Library

[28]

Camenisch, J.L., Michels, M.: Proving in zero-knowledge that a number is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107-122. Springer, Heidelberg (1999).

Digital Library

[29]

Camenisch, J.L.: Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. PhD thesis, ETH Zürich, Diss. ETH No. 12520, Hartung Gorre Verlag, Konstanz (1998).

[30]

Brands, S.: Rapid demonstration of linear relations connected by boolean operators. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 318-333. Springer, Heidelberg (1997).

Digital Library

[31]

Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174-187. Springer, Heidelberg (1994).

Digital Library

[32]

Camenisch, J., Stadler, M.: Proof systems for general statements about discrete logarithms. Technical Report TR 260, Institute for Theoretical Computer Science, ETH Zürich (March 1997).

[33]

Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: {42}, pp. 56-72.

[34]

Okamoto, T.: Efficient blind and partially blind signatures without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 80-99. Springer, Heidelberg (2006).

Digital Library

[35]

Au, M.H., Susilo, W., Mu, Y.: Constant-size dynamic -taa. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 111-125. Springer, Heidelberg (2006).

Digital Library

[36]

Camenisch, J., Kohlweiss, M., Soriente, C.: An accumulator based on bilinear maps and efficient revocation for anonymous credentials. Cryptology ePrint Archive, Report 2008/634 (2008).

[37]

Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258-275. Springer, Heidelberg (2005).

Digital Library

[38]

Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: P-signatures and noninteractive anonymous credentials. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 356-374. Springer, Heidelberg (2008).

Digital Library

[39]

Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268-289. Springer, Heidelberg (2003).

Digital Library

[40]

Cramer, R. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005).

[41]

Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds.): Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washingtion, DC, USA, October 25-29, 2004. ACM, New York (2004).

[42]

Franklin, M. (ed.): CRYPTO 2004. LNCS, vol. 3152. Springer, Heidelberg (2004).

Cited By

García-Rodríguez JKrenn SBernal Bernabe JSkarmeta A(2024)Beyond selective disclosureComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110498248:COnline publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1016/j.comnet.2024.110498
Barthoulot ABlazy OCanard S(2024)Cryptographic Accumulators: New Definitions, Enhanced Security, and Delegatable ProofsProgress in Cryptology - AFRICACRYPT 202410.1007/978-3-031-64381-1_5(94-119)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-64381-1_5
Baldimtsi FKarantaidou IRaghuraman S(2024)Oblivious AccumulatorsPublic-Key Cryptography – PKC 202410.1007/978-3-031-57722-2_4(99-131)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57722-2_4
Show More Cited By

Index Terms

An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials
1. Security and privacy
  1. Security services
    1. Authentication

Index terms have been assigned to the content through auto-classification.

Recommendations

Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02: Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology

We introduce the notion of a dynamic accumulator. An accumulator scheme allows one to hash a large set of inputs into one short value, such that there is a short proof that a given input was incorporated into this value. A dynamic accumulator allows one ...
Privacy-Enhancing Proxy Signatures from Non-interactive Anonymous Credentials
DBSec 2014: Proceedings of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy XXVIII - Volume 8566

Proxy signatures enable an originator to delegate the signing rights for a restricted set of messages to a proxy. The proxy is then able to produce valid signatures only for messages from this delegated set on behalf of the originator. Recently, two ...
Anonymous credentials light
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

We define and propose an efficient and provably secure construction of blind signatures with attributes. Prior notions of blind signatures did not yield themselves to the construction of anonymous credential systems, not even if we drop the ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Irvine: Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09

March 2009

520 pages

ISBN:9783642004674

Editors:
Stanisław Jarecki
Department of Computer Science, University of California, Irvine,
,
Gene Tsudik
Computer Science Department, University of California, Irvine,

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 12 March 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

86
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

García-Rodríguez JKrenn SBernal Bernabe JSkarmeta A(2024)Beyond selective disclosureComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110498248:COnline publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1016/j.comnet.2024.110498
Barthoulot ABlazy OCanard S(2024)Cryptographic Accumulators: New Definitions, Enhanced Security, and Delegatable ProofsProgress in Cryptology - AFRICACRYPT 202410.1007/978-3-031-64381-1_5(94-119)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-64381-1_5
Baldimtsi FKarantaidou IRaghuraman S(2024)Oblivious AccumulatorsPublic-Key Cryptography – PKC 202410.1007/978-3-031-57722-2_4(99-131)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57722-2_4
Wang KGao JWang QZhang JLi YGuan ZChen Z(2023)Hades: Practical Decentralized Identity with Full Accountability and Fine-grained Sybil-resistanceProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627110(216-228)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627110
Fiore DKolonelos DPerthuis P(2023)Cuckoo Commitments: Registration-Based Encryption and Key-Value Map Commitments for Large SpacesAdvances in Cryptology – ASIACRYPT 202310.1007/978-981-99-8733-7_6(166-200)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-99-8733-7_6
Barthoulot ABlazy OCanard S(2023)Dually Computable Cryptographic Accumulators and Their Application to Attribute Based EncryptionCryptology and Network Security10.1007/978-981-99-7563-1_24(538-562)Online publication date: 30-Oct-2023
https://dl.acm.org/doi/10.1007/978-981-99-7563-1_24
Ansaroudi ZCarbone RSciarretta GRanise S(2023)Control is Nothing Without Trust a First Look into Digital Identity Wallet TrendsData and Applications Security and Privacy XXXVII10.1007/978-3-031-37586-6_7(113-132)Online publication date: 19-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-37586-6_7
Kakvi SMartin KPutman CQuaglia E(2023)SoK: Anonymous CredentialsSecurity Standardisation Research10.1007/978-3-031-30731-7_6(129-151)Online publication date: 22-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30731-7_6
Mir ORoland MMayrhofer R(2022)Decentralized, Privacy-Preserving, Single Sign-OnSecurity and Communication Networks10.1155/2022/99839952022Online publication date: 22-Jan-2022
https://dl.acm.org/doi/10.1155/2022/9983995
Ren YLiu XWu QWang LZhang W(2022)Cryptographic Accumulator and Its ApplicationSecurity and Communication Networks10.1155/2022/54291952022Online publication date: 7-Mar-2022
https://dl.acm.org/doi/10.1155/2022/5429195
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents