Constant-Size Dynamic k-TAA

Au, Man Ho; Susilo, Willy; Mu, Yi

doi:10.1007/11832072_8

Cited by 180 publications

(155 citation statements)

References 20 publications

Supporting

Mentioning

132

Contrasting

Order By: Relevance

“…It is described in [33] and has been proven secure under the n-SDH assumption [34,35]. It assumes a non-degenerate bilinear map e : G × G → G T of prime order q with generators h, h 0 , h 1 , .…”

Section: Signature Scheme With Efficient Protocolsmentioning

confidence: 99%

An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials

Camenisch

Kohlweiss

Soriente

2009

Public Key Cryptography – PKC 2009

212

202

View full text Add to dashboard Cite

Abstract. The success of electronic authentication systems, be it e-ID card systems or Internet authentication systems such as CardSpace, highly depends on the provided level of user-privacy. Thereby, an important requirement is an efficient means for revocation of the authentication credentials. In this paper we consider the problem of revocation for certificate-based privacy-protecting authentication systems. To date, the most efficient solutions for revocation for such systems are based on cryptographic accumulators. Here, an accumulate of all currently valid certificates is published regularly and each user holds a witness enabling her to prove the validity of her (anonymous) credential while retaining anonymity. Unfortunately, the users' witnesses must be updated at least each time a credential is revoked. For the know solutions, these updates are computationally very expensive for users and/or certificate issuers which is very problematic as revocation is a frequent event as practice shows.In this paper, we propose a new dynamic accumulator scheme based on bilinear maps and show how to apply it to the problem of revocation of anonymous credentials. In the resulting scheme, proving a credential's validity and updating witnesses both come at (virtually) no cost for credential owners and verifiers. In particular, updating a witness requires the issuer to do only one multiplication per addition or revocation of a credential and can also be delegated to untrusted entities from which a user could just retrieve the updated witness. We believe that thereby we provide the first authentication system offering privacy protection suitable for implementation with electronic tokens such as eID cards or drivers' licenses.

show abstract

Section: Signature Scheme With Efficient Protocolsmentioning

confidence: 99%

An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials

Camenisch

Kohlweiss

Soriente

2009

Public Key Cryptography – PKC 2009

212

202

View full text Add to dashboard Cite

show abstract

“…Identity Mixer and U-Prove build on the CamenischLysyanskaya [24] and the Brands [11] signature schemes, respectively, but also other schemes exist [25,4]. An issued credential is a signature (or, for single-show schemes such as [11], a batch of renewable signatures) under such a scheme on the user's attributes.…”

Section: Cryptographic Realizationmentioning

confidence: 99%

Concepts and languages for privacy-preserving attribute-based authentication

Camenisch

Dubovitskaya

Enderlein

et al. 2014

Journal of Information Security and Applications

View full text Add to dashboard Cite

“…The signature scheme originates from the same Boneh and Boyen signatures as the LN scheme, which is further modified by Camenisch et al [20] for the issuance of anonymous credentials and proven secure in [21] under the q-SDH assumption: σ = (g i…”

Section: Cks Schemementioning

confidence: 99%