Accumulators with Applications to Anonymity-Preserving Revocation

“…Definition 5. A dynamic accumulator is sound (or simply secure) if it is difficult to fabricate a witness w x for a value x that has not been added to the accumulator [35,36]. More formally, for any security parameter λ and any stateful PPT adversary A with black-box access to AccAdd and AccDel oracles which take elements x 0 on accumulator a, we should have:…”

“…A key transaction item is valid and will be added to the blockchain only after that a consensus is achieved between t number of units that are already part of the DBPKI. Any efficient and sound dynamic Merkle-tree based accumulator such as those proposed in [35,36] can be used in the scheme.…”

A decentralized dynamic PKI based on blockchain

“…Definition 5. A dynamic accumulator is sound (or simply secure) if it is difficult to fabricate a witness w x for a value x that has not been added to the accumulator [35,36]. More formally, for any security parameter λ and any stateful PPT adversary A with black-box access to AccAdd and AccDel oracles which take elements x 0 on accumulator a, we should have:…”

“…A key transaction item is valid and will be added to the blockchain only after that a consensus is achieved between t number of units that are already part of the DBPKI. Any efficient and sound dynamic Merkle-tree based accumulator such as those proposed in [35,36] can be used in the scheme.…”

A decentralized dynamic PKI based on blockchain

“…In this document we described in detail the construction of ZKRP and ZKSM protocols, which were implemented over Go-Ethereum library. Another way to obtain Zero Knowledge Set Membership protocols is by using cryptographic accumulators [13,12,2]. Also, the underlying digital signature scheme used, namely Boneh-Boyen signatures, can be replaced and the construction presented here can be adapted to use the digital signature proposed by Camenisch and Lysyanskaya [14].…”

A survey on zero knowledge range proofs and applications

“…Each prover has a so-called witness that enables them to prove that their identifier is in the accumulated value, and therefore, that it has a valid anonymous eID. Similarly, the scheme by Baldimitsi et al [1] describes a variant that only has to be updated when an entry is deleted from the accumulator. The downside of these accumulator schemes is the requirement of witness updates when an eID has been added or revoked.…”

“…B Michael Hölzl hoelzl@ins.jku.at 1 Institute of Networks and Security, JKU Linz, Altenbergerstraße 69, 4040 Linz, Austria profile of its holder. This is particularly problematic when such a system is used in a variety of scenarios in form of a mobile eID (e.g., to identify with the police, age check by disco bouncer, etc.)…”

Disposable dynamic accumulators: toward practical privacy-preserving mobile eIDs with scalable revocation