Decentralized Blacklistable Anonymous Credentials with Reputation

In current single sign-on authentication schemes on the web, users are required to interact with identity providers securely to set up authentication data during a registration phase and receive a token (credential) for future access to services and applications. This type of interaction can make authentication schemes challenging in terms of security and availability. From a security perspective, a main threat is theft of authentication reference data stored with identity providers. An adversary could easily abuse such data to mount an offline dictionary attack for obtaining the underlying password or biometric. From a privacy perspective, identity providers are able to track user activity and control sensitive user data. In terms of availability, users rely on trusted third-party servers that need to be available during authentication. We propose a novel decentralized privacy-preserving single sign-on scheme through the Decentralized Anonymous Multi-Factor Authentication (DAMFA), a new authentication scheme where identity providers no longer require sensitive user data and can no longer track individual user activity. Moreover, our protocol eliminates dependence on an always-on identity provider during user authentication, allowing service providers to authenticate users at any time without interacting with the identity provider. Our approach builds on threshold oblivious pseudorandom functions (TOPRF) to improve resistance against offline attacks and uses a distributed transaction ledger to improve availability. We prove the security of DAMFA in the universal composibility (UC) model by defining a UC definition (ideal functionality) for DAMFA and formally proving the security of our scheme via ideal-real simulation. Finally, we demonstrate the practicability of our proposed scheme through a prototype implementation.

show abstract

“…[51][52][53]. Yang et al [54] formally define a public append-only ledger, which we use for constructing our DAMFA system (see Figure 5).…”

Section: Public Append-only Ledgermentioning

confidence: 99%

Decentralized, Privacy-Preserving, Single Sign-On

Mir

Roland

Mayrhofer

2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In 2020, Li et al [11] proposed a round-optimal asymmetric PAKE protocol, which could construct a new anonymous credential system. "DAC" [4] and "DBLACR" [5] are two decentralized anonymous credential systems based on blockchain. e anonymity of blockchain ensures that users' private information will not be disclosed.…”

Section: Anonymous Credential (Over Blockchain)mentioning

confidence: 99%

“…Recently, blockchain-based identity management has also had limited success, such as DAC [4] and DBLACR [5]. In these systems, users obtain information credentials from an authority (e.g., government) and upload their credentials to the blockchain.…”

Section: Introductionmentioning

confidence: 99%

Designated-Verifier Anonymous Credential for Identity Management in Decentralized Systems

Deng

Tian

Chen

et al. 2021

Mobile Information Systems

View full text Add to dashboard Cite

Most of the existing identity management is the centralized architecture that has to validate, certify, and manage identity in a centralized approach by trusted authorities. Decentralized identity is causing widespread public concern because it enables to give back control of identity to clients, and the client then has the ability to control when, where, and with whom they share their credentials. A decentralized solution atop on blockchain will bypass the centralized architecture and address the single point of the failure problem. To our knowledge, blockchain is an inherited pseudonym but it cannot achieve anonymity and auditability directly. In this paper, we approach the problem of decentralized identity management starting from the designated-verifier anonymous credential (DVAC in short). DVAC would assist to build a new practical decentralized identity management with anonymity and auditability. Apart from the advantages of the conventional anonymous credential, the main advantage of the proposed DVAC atop blockchain is that the issued cryptographic token will be divided into shares at the issue phase and will be combined at the showing credential phase. Further, the smooth projective hash function ( SPHF in short) is regarded as a designated-verifier zero-knowledge proof system. Thus, we introduce the SPHF to achieve the designated verifiability without compromising the privacy of clients. Finally, the security of the proposed DVAC is proved along with theoretical and experimental evaluations.

show abstract

“…However, similar to the related work [19,20,[46][47][48], in this paper, we do not claim to address all issues of digital advertising. There is an abundance of papers aiming to detect and prevent cases of client-side fraud (i.e., bot clicks, click farms, sybil attacks), which can be also used in the context of THEMIS (e.g., distributed user reputation systems [49], anomaly detection, bluff ads [50], bio-metric systems [51], client puzzles [52], etc.). We do, however, outline mechanisms that reduce the incentives for clients to cheat and to control the number of sybils that an adversary is able to run in the system.…”

Section: Threat Modelmentioning

confidence: 99%

THEMIS: A Decentralized Privacy-Preserving Ad Platform with Reporting Integrity

Pestana¹,

Querejeta-Azurmendi²,

Papadopoulos³

et al. 2021

Preprint

View full text Add to dashboard Cite

Online advertising fuels the (seemingly) free internet. However, although users can access most of the web services free of charge, they pay a heavy cost on their privacy. They are forced to trust third parties and intermediaries, who not only collect behavioral data but also absorb great amounts of ad revenues. Consequently, more and more users opt out from advertising by resorting to ad blockers, thus costing publishers millions of dollars in lost ad revenues. Albeit there are various privacy-preserving advertising proposals (e.g., Adnostic, Privad, Brave Ads) from both academia and industry, they all rely on centralized management that users have to blindly trust without being able to audit, while they also fail to guarantee the integrity of the performance analytics they provide to advertisers. In this paper, we design and deploy THEMIS, a novel, decentralized and privacy-by-design ad platform that requires zero trust by users. THEMIS (i) provides auditability to its participants, (ii) rewards users for viewing ads, and (iii) allows advertisers to verify the performance and billing reports of their ad campaigns. By leveraging smart contracts and zero-knowledge schemes, we implement a prototype of THEMIS and early performance evaluation results show that it can scale linearly on a multi-sidechain setup while it supports more than 51M users on a single-sidechain.

show abstract

Decentralized Blacklistable Anonymous Credentials with Reputation

Cited by 12 publications

References 23 publications

Decentralized, Privacy-Preserving, Single Sign-On

Decentralized, Privacy-Preserving, Single Sign-On

Designated-Verifier Anonymous Credential for Identity Management in Decentralized Systems

THEMIS: A Decentralized Privacy-Preserving Ad Platform with Reporting Integrity

Contact Info

Product

Resources

About