Scalable Revocation Scheme for Anonymous Credentials Based on n-times Unlinkable Proofs

Camenisch, Jan; Drijvers, Manu; Hajný, Jan

doi:10.1145/2994620.2994625

Cited by 32 publications

(38 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(vii) Revocation and identification: the proposed scheme is compatible with major revocation and identification schemes [22][23][24] for attribute-based credentials.…”

Section: Our Contributionmentioning

confidence: 91%

See 1 more Smart Citation

Multidevice Authentication with Strong Privacy Protection

Hajný

Dzurenda

Malina

2018

Wireless Communications and Mobile Computing

Self Cite

View full text Add to dashboard Cite

Card-based physical access control systems are used by most people on a daily basis, for example, at work, in public transportation, or at hotels. Yet these systems have often very poor cryptographic protection. User identifiers and keys can be easily eavesdropped on and counterfeited. The privacy-preserving features are almost missing in these systems. To improve this state, we propose a novel cryptographic scheme based on efficient zero-knowledge proofs and Boneh-Boyen signatures. The proposed scheme is provably secure and provides the full set of privacy-enhancing features, that is, the anonymity, untraceability, and unlinkability of users. Furthermore, our scheme supports distributed multidevice authentication with multiple RFID (Radio-Frequency IDentification) user devices. This feature is particularly important in applications for controlling access to dangerous sites where the presence of protective equipment is checked during each access control session. Besides the full cryptographic specification, we also show the results of our implementation on devices commonly used in access control applications, particularly the smart cards and embedded verification terminals. By avoiding costly operations on user devices, such as bilinear pairings, we were able to achieve times comparable to existing systems (around 500 ms), while providing significantly higher security, privacy protection, and features for RFID multidevice authentication.

show abstract

“…(vii) Revocation and identification: the proposed scheme is compatible with major revocation and identification schemes [22][23][24] for attribute-based credentials.…”

Section: Our Contributionmentioning

confidence: 91%

“…Furthermore, the signature scheme can be easily integrated with the zero-knowledge proofs so that the knowledge of signed messages (and signatures themselves) can be proven anonymously, unlinkably, and untraceably. We recall the signing and verification algorithms below; the efficient proofs of knowledge are described, e.g., in [24].…”

Section: Weak Boneh-boyenmentioning

confidence: 99%

Multidevice Authentication with Strong Privacy Protection

Hajný

Dzurenda

Malina

2018

Wireless Communications and Mobile Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, as every signature verification needs a consultation with OCSP server for revocation checking, the communication overhead between verifier and the OCSP server becomes onerous. Most importantly, it is undesirable to deanonymize the signatures from benign users [27,46], which might encourage massive surveillance [47]. Conversely, in VLR based GS schemes such as ours, trusted authorities are assumed to deanonymize (open) signatures only when the signer is suspected to be malicious.…”

Section: Revocation In Group Signaturesmentioning

confidence: 99%

“…Like linking-based schemes [21], revocation scheme proposed in [56] requires an online central OCSP server to check the revocation status of signatures from all the verifiers, which introduces additional problems, such as extra communication overheads and the surveillance capability of the OCSP server. Camenisch et al [46] presents a new revocation scheme for anonymous credentials based on n-times unlinkable proofs construction, which overcomes previously mentioned performance overhead. However, it does not support backward unlinkability.…”

Section: Revocation In Group Signaturesmentioning

confidence: 99%

“…The size of the revocation token per user is also linear with the total number of pseudonyms, which makes it challenging to use short epochs. On the other hand, unlike [55,56], SRBE does not require centralized computations for revocation management and unlike [46], SRBE supports backward unlinkability and constant sized revocation tokens.…”

Section: Revocation In Group Signaturesmentioning

confidence: 99%

See 1 more Smart Citation

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation

Rahaman

Cheng

Yao

et al. 2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Group signature schemes enable anonymous-yetaccountable communications. Such a capability is extremely useful for applications, such as smartphone-based crowdsensing and citizen science. However, the performance of modern group signature schemes is still inadequate to manage large dynamic groups. In this paper, we design the first provably secure verifier-local revocation (VLR) -based group signature scheme that supports sublinear revocation, named Sublinear Revocation with Backward unlinkability and Exculpability (SRBE). To achieve this performance gain, SRBE introduces time bound pseudonyms for the signer. By introducing lowcost short-lived pseudonyms with sublinear revocation checking, SRBE drastically improves the efficiency of the groupsignature primitive. The backward-unlinkable anonymity of SRBE guarantees that even after the revocation of a signer, her previously generated signatures remain unlinkable across epochs. This behavior favors the dynamic nature of real-world crowdsensing settings. We prove its security and discuss parameters that influence its scalability. Using SRBE, we also implement a prototype named GROUPSENSE for anonymousyet-accountable crowdsensing, where our experimental findings confirm GROUPSENSE's scalability. We point out the open problems remaining in this space.

show abstract

Fast Keyed-Verification Anonymous Credentials on Standard Smart Cards

Camenisch¹,

Drijvers²,

Dzurenda

et al. 2019

ICT Systems Security and Privacy Protection

Self Cite

View full text Add to dashboard Cite

Cryptographic anonymous credential schemes allow users to prove their personal attributes, such as age, nationality, or the validity of a ticket or a pre-paid pass, while preserving their privacy, as such proofs are unlinkable and attributes can be selectively disclosed. Recently, Chase et al. (CCS 2014) observe that in such systems, a typical setup is that the credential issuer also serves as the verifier. They introduce keyed-verification credentials that are tailored to this setting. In this paper, we present a novel keyed-verification credential system designed for lightweight devices (primarily smart cards). By using a novel algebraic MAC based on Boneh-Boyen signatures, we achieve the most efficient proving protocol compared to existing schemes. To demonstrate the practicality of our scheme in real applications, including large-scale services such as public transportation or e-government, we present an implementation on a standard, off-the-shelf, Multos smart card. While using significantly higher security parameters than most existing implementations, we achieve performance that is more than 44 % better than the current state-of-the-art implementation.

show abstract

Scalable Revocation Scheme for Anonymous Credentials Based on n-times Unlinkable Proofs

Cited by 32 publications

References 27 publications

Multidevice Authentication with Strong Privacy Protection

Multidevice Authentication with Strong Privacy Protection

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation

Fast Keyed-Verification Anonymous Credentials on Standard Smart Cards

Contact Info

Product

Resources

About