Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials

Camenisch, Jan; Lysyanskaya, Anna

doi:10.1007/3-540-45708-9_5

Cited by 544 publications

(516 citation statements)

References 28 publications

Supporting

Mentioning

494

Contrasting

Order By: Relevance

“…Every value in the accumulator comes with a witness, which enables efficient membership checks. Camenisch and Lysyanskaya [10] proposed an updatable accumulator that can be used for revocation. A credential is unrevoked as long as it appears on the whitelist, represented by the accumulator.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Fast Revocation of Attribute-Based Credentials for Both Users and Verifiers

Lueks¹,

Alpár²,

Hoepman³

et al. 2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Abstract. Attribute-based credentials allow a user to prove properties about herself anonymously. Revoking such credentials, which requires singling them out, is hard because it is at odds with anonymity. All revocation schemes proposed to date either sacrifice anonymity altogether, require the parties to be online, or put high load on the user or the verifier. As a result, these schemes are either too complicated for low-powered devices like smart cards or they do not scale. We propose a new revocation scheme that has a very low computational cost for users and verifiers, and does not require users to process updates. We trade only a limited, but well-defined, amount of anonymity to make the first practical revocation scheme that is efficient at large scales and fast enough for smart cards.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Table 1. We compare CRLs [14], accumulators [8,10,24], traditional VLR schemes [1,4,6], VLR schemes with backward unlinkability (VLR-BU) [22], blacklistable anonymous credentials (BLAC) [28], and our scheme. We compare the complexity of the operations and data transfers.…”

Section: Related Workmentioning

confidence: 99%

Fast Revocation of Attribute-Based Credentials for Both Users and Verifiers

Lueks¹,

Alpár²,

Hoepman³

et al. 2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

show abstract

“…Currently there are two main revocation approaches for group signatures. The first approach requires all the unrevoked members to update their signing keys after each revocation ( [4,12,8,11],...). At the same time, all the signature verifiers need to download the up-to-date group public key.…”

Section: Introductionmentioning

confidence: 99%

A lattice-based group signature scheme with verifier-local revocation

Ling

Nguyen

Roux-Langlois

et al. 2018

Theoretical Computer Science

View full text Add to dashboard Cite

Abstract. Support of membership revocation is a desirable functionality for any group signature scheme. Among the known revocation approaches, verifier-local revocation (VLR) seems to be the most flexible one, because it only requires the verifiers to possess some up-to-date revocation information, but not the signers. All of the contemporary VLR group signatures operate in the bilinear map setting, and all of them will be insecure once quantum computers become a reality. In this work, we introduce the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant. In comparison with existing lattice-based group signatures, our scheme has several noticeable advantages: support of membership revocation, logarithmic-size signatures, and weaker security assumption. In the random oracle model, our scheme is proved to be secure based on the hardness of the SIVP O(n 1.5 ) problem in general lattices -an assumption that is as weak as those of state-of-the-art lattice-based standard signatures. Moreover, our construction works without relying on encryption schemes, which is an intriguing feature for group signatures.

show abstract

“…Another approach, which was adopted by e.g. [CL02,TX03,DKNS04,Ngu05], uses accumulators, i.e. functions that map a set of values into a fixed-length string and permit efficient proofs of membership.…”

Section: Introductionmentioning

confidence: 99%