Generic Construction of Threshold Credential Management With User-Autonomy Aggregation
Authors: 
Meng Jia, Jing Chen, Kun He, Min Shi, Yuanzheng Wang, Ruiying DuAuthors Info & Claims
Meng Jia, Jing Chen, Kun He, Min Shi, Yuanzheng Wang, Ruiying DuAuthors Info & ClaimsPages 2549 - 2564
Abstract
Credential management is widely used in online services such as electronic identity cards, e-health, and e-voting, in which users prove their identity or attributes with credentials issued by authorities. Under some circumstances, a user needs to prove her/his identity or attributes in multiple credentials to a verifier. In existing credential management systems, a user either proves her/his credentials one by one or requests new credentials from authorities with the original ones, and they are inefficient in practice. Moreover, existing decentralized credential management systems either rely on multiple single parties or do not support attribute revocation. In this paper, we present a threshold credential management system with threshold issuance and revocation and user-autonomy aggregation. Specifically, we design a decentralized credential management architecture where multiple authorities form an alliance and manage credentials collaboratively. Then, we propose a threshold credential management scheme, where user issuance and revocation must be approved by multiple credential managers, and a user can aggregate her/his credentials and prove them to a verifier simultaneously. We conduct experiments on our system and the results demonstrate that it is suitable in practice.
References
[1]
(2020). Hyperledger Indy: Distributed Ledger Purpose-Built for Decentralized Identity. [Online]. Available: https://www.hyperledger.org/use/hyperledger-indy
[2]
M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo, “Structure-preserving signatures and commitments to group elements,” J. Cryptol., vol. 29, no. 2, pp. 363–421, Apr. 2016.
[3]
T. Acar and L. Nguyen, “Revocation for delegatable anonymous credentials,” in Proc. Int. Conf. Pract. Theory Public Key Cryptography, 2011, pp. 423–440.
[4]
E. Andreeva, R. Bhattacharyya, and A. Roy, “Compactness of hashing modes and efficiency beyond Merkle tree,” in Proc. Annu. Int. Conf. Theory Appl. Cryptograph. Techn., vol. 12697, Zagreb, Croatia, 2021, pp. 92–123.
[5]
G. Ateniese, B. Magri, D. Venturi, and E. Andrade, “Redactable blockchain—Or—Rewriting history in Bitcoin and friends,” in Proc. IEEE Eur. Symp. Secur. Privacy, Apr. 2017, pp. 111–126.
[6]
C. Baum, T. Frederiksen, J. Hesse, A. Lehmann, and A. Yanai, “PESTO: Proactively secure distributed single sign-on, or how to trust a hacked server,” in Proc. IEEE Eur. Symp. Secur. Privacy, Genoa, Italy, Sep. 2020, pp. 587–606.
[7]
M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A. Lysyanskaya, and H. Shacham, “Randomizable proofs and delegatable anonymous credentials,” in Proc. Annu. Int. Cryptol. Conf., 2009, pp. 108–125.
[8]
D. Benarroch, M. Campanelli, D. Fiore, K. Gurkan, and D. Kolonelos, “Zero-knowledge proofs for set membership: Efficient, succinct, modular,” in Proc. Financial Cryptography Data Secur., 2021, pp. 393–414.
[9]
J. Blömer, J. Bobolz, D. Diemert, and F. Eidens, “Updatable anonymous credentials and applications to incentive systems,” in Proc. Conf. Comput. Commun. Secur., 2019, pp. 1671–1685.
[10]
D. Boneh, B. Bunz, and B. Fisch, “Batching techniques for accumulators with applications to IOPs and stateless blockchains,” in Proc. Annu. Int. Cryptol. Conf., 2019, pp. 561–586.
[11]
D. Boneh, C. Gentry, B. Lynn, and H. Shacham, “Aggregate and verifiably encrypted signatures from bilinear maps,” in Proc. Int. Conf. Theory Appl. Cryptograph. Techn., 2003, pp. 416–432.
[12]
J. Camenisch, M. Drijvers, and M. Dubovitskaya, “Practical UC-secure delegatable credentials with attributes and their application to blockchain,” in Proc. Conf. Comput. Commun. Secur., 2017, pp. 683–699.
[13]
J. Camenisch and T. Groß, “Efficient attributes for anonymous credentials,” in Proc. Conf. Comput. Commun. Secur., 2008, pp. 345–356.
[14]
J. Camenisch and E. V. Herreweghen, “Design and implementation of the idemix anonymous credential system,” in Proc. Conf. Comput. Commun. Secur., 2002, pp. 21–30.
[15]
J. Camenisch and A. Lysyanskaya, “An efficient system for non-transferable anonymous credentials with optional anonymity revocation,” in Proc. Int. Conf. Theory Appl. Cryptograph. Techn., 2001, pp. 93–118.
[16]
D. Catalano and D. Fiore, “Vector commitments and their applications,” in Proc. Int. Conf. Pract. Theory Public-Key Cryptography, Nara, Japan, 2013, pp. 55–72.
[17]
D. Chaum, “Security without identification: Transaction systems to make big brother obsolete,” Commun. ACM, vol. 28, no. 10, pp. 1030–1044, Oct. 1985.
[18]
Y. Chen, J. Li, C. Liu, J. Han, Y. Zhang, and P. Yi, “Efficient attribute based server-aided verification signature,” IEEE Trans. Services Comput., vol. 15, no. 6, pp. 3224–3232, Nov. 2022.
[19]
J. Doesburg, B. Jacobs, and S. Ringers, “Using IRMA for small scale digital elections,” Bachelor thesis, Dept. Comput. Sci., Radboud Univ., Nijmegen, The Netherlands, 2020. [Online]. Available: https://www.cs.ru.nl/bachelors-theses/2020/Job_Doesburg___4809327___Using_IRMA_for_small_scale_digital_elections.pdf
[20]
C. Garman, M. Green, and I. Miers, “Decentralized anonymous credentials,” in Proc. Netw. Distrib. Syst. Secur. Symp., 2014, pp. 1–21.
[21]
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, “Secure distributed key generation for discrete-log based cryptosystems,” in Proc. Int. Conf. Theory Appl. Cryptograph. Techn., 1999, pp. 295–310.
[22]
C. Gorenflo, S. Lee, L. Golab, and S. Keshav, “FastFabric: Scaling hyperledger fabric to 20,000 transactions per second,” in Proc. IEEE Int. Conf. Blockchain Cryptocurrency (ICBC), May 2019, pp. 455–463.
[23]
J. Groth, “Short pairing-based non-interactive zero-knowledge arguments,” in Proc. Annu. Int. Conf. Theory Appl. Cryptol. Inf. Secur., Singapore, 2010, pp. 321–340.
[24]
J. Groth and A. Sahai, “Efficient non-interactive proof systems for bilinear groups,” in Proc. Int. Conf. Theory Appl. Cryptograph. Techn., 2008, pp. 415–432.
[25]
J. Hesse, N. Singh, and A. Sorniotti, “How to bind anonymous credentials to humans,” in Proc. USENIX Security Symp., Anaheim, CA, USA, 2023, pp. 3047–3064.
[26]
Q. Jiang, N. Zhang, J. Ni, J. Ma, X. Ma, and K. R. Choo, “Unified biometric privacy preserving three-factor authentication and key agreement for cloud-assisted autonomous vehicles,” IEEE Trans. Veh. Technol., vol. 69, no. 9, pp. 9390–9401, Sep. 2020.
[27]
S. A. Kakvi, K. M. Martin, C. Putman, and E. A. Quaglia, “SoK: Anonymous credentials,” in Proc. Secur. Standardisation Res., 2023, pp. 129–151.
[28]
E. K. Kogias, D. Malkhi, and A. Spiegelman, “Asynchronous distributed key generation for computationally-secure randomness, consensus, and threshold signatures,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., Oct. 2020, pp. 1751–1767.
[29]
R. W. F. Lai and G. Malavolta, “Subvector commitments with application to succinct arguments,” in Proc. Annu. Int. Cryptol. Conf., 2019, pp. 530–560.
[30]
S. Lim, M.-H. Rhie, D. Hwang, and K.-H. Kim, “A subject-centric credential management method based on the verifiable credentials,” in Proc. Int. Conf. Inf. Netw. (ICOIN), Jan. 2021, pp. 508–510.
[31]
D. Liu, H. Wu, C. Huang, J. Ni, and X. Shen, “Blockchain-based credential management for anonymous authentication in SAGVN,” IEEE J. Sel. Areas Commun., vol. 40, no. 10, pp. 3104–3116, Oct. 2022.
[32]
(2022). Verifiable Credentials Data Model v1.1. [Online]. Available: https://www.w3.org/TR/2022/REC-vc-data-model-20220303/
[33]
D. Maramet al., “CanDID: Can-do decentralized identity with legacy compatibility, Sybil-resistance, and accountability,” in Proc. IEEE Symp. Secur. Privacy (SP), May 2021, pp. 1348–1366.
[34]
G. Medvinsky, C. Lai, and B. C. Neuman, “Endorsements, licensing, and insurance for distributed system services,” in Proc. 2nd ACM Conf. Comput. Commun. Secur., 1994, pp. 170–175.
[35]
H. S. G. Pussewalage and V. A. Oleshchuk, “An anonymous delegatable attribute-based credential scheme for a collaborative e-health environment,” ACM Trans. Internet Technol., vol. 19, no. 3, pp. 1–22, Aug. 2019.
[36]
L. Rotem and G. Segev, “Non-malleable vector commitments via local equivocability,” in Proc. Theory Cryptogr. (TCC). Raleigh, NC, USA: Springer, 2021, pp. 415–446.
[37]
A. Sonnino, M. Al-Bassam, S. Bano, S. Meiklejohn, and G. Danezis, “Coconut: Threshold issuance selective disclosure credentials with applications to distributed ledgers,” in Proc. Netw. Distrib. Syst. Secur. Symp., 2019, pp. 1–15.
[38]
S. Srinivasan, I. Karantaidou, F. Baldimtsi, and C. Papamanthou, “Batching, aggregation, and zero-knowledge proofs in bilinear accumulators,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., Nov. 2022, pp. 2719–2733.
[39]
J. Sun, Y. Su, J. Qin, J. Hu, and J. Ma, “Outsourced decentralized multi-authority attribute based signature and its application in IoT,” IEEE Trans. Cloud Comput., vol. 9, no. 3, pp. 1195–1209, Jul. 2021.
[40]
J. Thaler. (2023). Proofs, Arguments, and Zero-Knowledge. [Online]. Available: https://engineering.fb.com/2022/12/12/security/anonymous-credential-service-acs-open-source/
[41]
D. Wang, D. He, P. Wang, and C.-H. Chu, “Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment,” IEEE Trans. Dependable Secure Comput., vol. 12, no. 4, pp. 428–442, Jul. 2015.
[42]
D. Wang and P. Wang, “Two birds with one stone: Two-factor authentication with security beyond conventional bound,” IEEE Trans. Dependable Secure Comput., vol. 15, no. 4, pp. 708–722, Jul. 2018.
[43]
Q. Wang, D. Wang, C. Cheng, and D. He, “Quantum2FA: Efficient quantum-resistant two-factor authentication scheme for mobile devices,” IEEE Trans. Dependable Secure Comput., vol. 20, no. 1, pp. 193–208, Jan. 2023.
[44]
J. Xie, F. R. Yu, T. Huang, R. Xie, J. Liu, and Y. Liu, “A survey on the scalability of blockchain systems,” IEEE Netw., vol. 33, no. 5, pp. 166–173, Sep. 2019.
[45]
F. Zhang, D. Maram, H. Malvai, S. Goldfeder, and A. Juels, “DECO: Liberating web data using decentralized oracles for TLS,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., Oct. 2020, pp. 1919–1938.
[46]
R. Zhang and H. Xiong. (2022). Open-Sourcing Anonymous Credential Service. [Online]. Available: https://engineering.fb.com/2022/12/12/security/anonymous-credential-service-acs-open-source
Index Terms
- Generic Construction of Threshold Credential Management With User-Autonomy Aggregation
Index terms have been assigned to the content through auto-classification.
Recommendations
Credential life cycle management in open credential platforms (short paper)
STC '11: Proceedings of the sixth ACM workshop on Scalable trusted computingHardware-based trusted execution environments (TEEs) allow remote provisioning of secure credentials. In a closed credential platform installation of credentials to a TEE is controlled by a centralized authority. Due to the central control point ...
Attribute-based anonymous credential: Delegation, traceability, and revocation
AbstractAttribute-based anonymous credential schemes have been envisioned with the motivation to allow users to prove the possession of their attributes interactively with service providers anonymously. So far, three major properties: delegation, ...
Threshold Attribute-Based Signatures and Their Application to Anonymous Credential Systems
AFRICACRYPT '09: Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in CryptologyIn this paper we propose <em>threshold attribute-based signatures</em> (t-ABS). A t-ABS scheme enables a signature holder to prove possession of signatures by revealing only the relevant attributes of the signer, hence providing <em>signer-attribute ...
Comments
Information & Contributors
Information
Published In
1556-6021 © 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
Publisher
IEEE Press
Publication History
Published: 01 January 2024
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 23 Jan 2025