An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation

  • Jan Camenisch
  • Anna Lysyanskaya
Conference paper

DOI: 10.1007/3-540-44987-6_7

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2045)
Cite this paper as:
Camenisch J., Lysyanskaya A. (2001) An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann B. (eds) Advances in Cryptology — EUROCRYPT 2001. EUROCRYPT 2001. Lecture Notes in Computer Science, vol 2045. Springer, Berlin, Heidelberg


A credential system is a system in which users can obtain credentials from organizations and demonstrate possession of these credentials. Such a system is anonymous when transactions carried out by the same user cannot be linked. An anonymous credential system is of significant practical relevance because it is the best means of providing privacy for users. In this paper we propose a practical anonymous credential system that is based on the strong RSA assumption and the decisional Diffie-Hellman assumption modulo a safe prime product and is considerably superior to existing ones: (1) We give the first practical solution that allows a user to unlinkably demonstrate possession of a credential as many times as necessary without involving the issuing organization. (2) To prevent misuse of anonymity, our scheme is the first to offer optional anonymity revocation for particular transactions. (3) Our scheme offers separability: all organizations can choose their cryptographic keys independently of each other. Moreover, we suggest more effective means of preventing users from sharing their credentials, by introducing all-or-nothing sharing: a user who allows a friend to use one of her credentials once, gives him the ability to use all of her credentials, i.e., taking over her identity. This is implemented by a new primitive, called circular encryption, which is of independent interest, and can be realized from any semantically secure cryptosystem in the random oracle model.


Privacy protection credential system pseudonym system e-cash blind signatures circular encryption key-oblivious encryption 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Jan Camenisch
    • 1
  • Anna Lysyanskaya
    • 2
  1. 1.Zurich Research LaboratoryIBM ResearchRüschlikon
  2. 2.MIT LCSCambridgeUSA

Personalised recommendations