Skip to main content
SpringerLink
Log in

Credential Transparency System

  • Conference paper
  • First Online:
Security and Cryptography for Networks (SCN 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13409))

Included in the following conference series:

Abstract

A major component of the entire digital identity ecosystem are verifiable credentials. However, for users to have complete control and privacy of their digital credentials, they need to be able to store and manage these credentials and associated cryptographic key material on their devices. This approach has severe usability challenges including portability across devises. A more practical solution is for the users to trust a more reliable and available service to manage credentials on their behalf, such as in the case of Single Sign-On (SSO) systems and identity hubs. But the obvious downside of this design is the immense trust that the users need to place on these service providers.

In this work, we introduce and formalize a credential transparency system (CTS) framework that adds strong transparency guarantees to a credential management system while preserving privacy and usability features of the system. CTS ensures that if a service provider presents any credential to an honest verifier on behalf of a user, and the user’s device tries to audit all the shows presented on the user’s behalf, the service provider will not be able to drop or modify any show information without getting caught. We define CTS to be a general framework that is compatible with a wide range of credential management systems including SSO and anonymous credential systems. We also provide a CTS instantiation and prove its security formally.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that, in cases where usk is not a human-memorable, we want the service provider to commit to the mapping from a username (or equivalent user memorable string) to usk. Then service provider would first show which usk corresponds to the username, and then use CTS to show the presentations linked to that usk. This additional mapping is just a straightforward append only ZKS, so we don’t describe it here.

References

  1. e-identity. https://e-estonia.com/solutions/e-identity/smart-id/. Accessed 15 Sept 2021

  2. Google key transparency. https://github.com/google/keytransparency. Accessed 16 Sept 2021

  3. GOV.UK verify. https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify. Accessed 15 Sept 2021

  4. How does single sign-on work. https://www.onelogin.com/learn/how-single-sign-on-works. Accessed 15 Sept 2021

  5. Verifiable credentials working group. https://www.w3.org/2017/vc/WG/. Accessed 15 Sept 2021

  6. Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4–8 November 2013, pp. 1087–1098. ACM (2013)

    Google Scholar 

  7. Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: P-signatures and noninteractive anonymous credentials. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 356–374. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_20

    Chapter  Google Scholar 

  8. Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)

    Book  Google Scholar 

  9. Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36413-7_20

    Chapter  Google Scholar 

  10. Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_4

    Chapter  Google Scholar 

  11. Chase, M., Deshpande, A., Ghosh, E., Malvai, H.: SEEMless: secure end-to-end encrypted messaging with less trust. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (2019)

    Google Scholar 

  12. Chase, M., Fuchsbauer, G., Ghosh, E., Plouviez, A.: Credential transparency system. Cryptology ePrint Archive (2022). https://eprint.iacr.org/

  13. Chase, M., Meiklejohn, S., Zaverucha, G.: Algebraic macs and keyed-verification anonymous credentials. In: Ahn, G-J., Yung, M., Li, N. (eds.) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November 2014, pp. 1205–1216. ACM (2014)

    Google Scholar 

  14. Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  15. Damgård, I.B.: Payment systems and credential mechanisms with provable security against abuse by individuals. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 328–335. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_26

    Chapter  Google Scholar 

  16. Dauterman, E., Corrigan-Gibbs, H., Mazières, D.: SafetyPin: encrypted backups with human-memorable secrets. In: 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020, Virtual Event, 4–6 November 2020, pp. 1121–1138. USENIX Association (2020)

    Google Scholar 

  17. Fahl, S., Dechand, S., Perl, H., Fischer, F., Smrcek, J., Smith, M.: Hey, NSA: stay away from my market! future proofing app markets against powerful attackers. In: Ahn, G.-J., Yung, M., Li, N. (eds.) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November 2014, pp. 1143–1155. ACM (2014)

    Google Scholar 

  18. Fuchsbauer, G.: Commuting signatures and verifiable encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 224–245. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_14

    Chapter  Google Scholar 

  19. Fuchsbauer, G., Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and constant-size anonymous credentials. J. Cryptol. 32(2), 498–546 (2019)

    Article  MathSciNet  Google Scholar 

  20. Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 383–398. USENIX Association, Washington, D.C. (2015)

    Google Scholar 

  21. Nikitin, K., et al.: CHAINIAC: proactive software-update transparency via collectively signed skipchains and verified builds. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 1271–1287, Vancouver, BC, USENIX Association (2017)

    Google Scholar 

  22. Pointcheval, D., Sanders, O.: Short randomizable signatures. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 111–126. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_7

    Chapter  Google Scholar 

Download references

Acknowledgements

This work was partly funded by the MSR–Inria Joint Centre. The second author is supported by the Vienna Science and Technology Fund (WWTF) through project VRG18-002. Thanks also to Markulf Kohlweiss and Sarah Meiklejohn for early discussions on the problem.

Author information

Authors and Affiliations

  1. Microsoft Research, Redmond, USA

    Melissa Chase & Esha Ghosh

  2. TU Wien, Vienna, Austria

    Georg Fuchsbauer

  3. ENS INRIA, Paris, France

    Antoine Plouviez

Authors
  1. Melissa Chase
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Georg Fuchsbauer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Esha Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Antoine Plouviez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Esha Ghosh .

Editor information

Editors and Affiliations

  1. Università degli Studi di Salerno, Fisciano, Italy

    Clemente Galdi

  2. University of California at Irvine, Irvine, CA, USA

    Stanislaw Jarecki

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chase, M., Fuchsbauer, G., Ghosh, E., Plouviez, A. (2022). Credential Transparency System. In: Galdi, C., Jarecki, S. (eds) Security and Cryptography for Networks. SCN 2022. Lecture Notes in Computer Science, vol 13409. Springer, Cham. https://doi.org/10.1007/978-3-031-14791-3_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-14791-3_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-14790-6

  • Online ISBN: 978-3-031-14791-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation