Advertisement

Fast Keyed-Verification Anonymous Credentials on Standard Smart Cards

  • Jan Camenisch
  • Manu Drijvers
  • Petr Dzurenda
  • Jan HajnyEmail author
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 562)

Abstract

Cryptographic anonymous credential schemes allow users to prove their personal attributes, such as age, nationality, or the validity of a ticket or a pre-paid pass, while preserving their privacy, as such proofs are unlinkable and attributes can be selectively disclosed. Recently, Chase et al. (CCS 2014) observe that in such systems, a typical setup is that the credential issuer also serves as the verifier. They introduce keyed-verification credentials that are tailored to this setting. In this paper, we present a novel keyed-verification credential system designed for lightweight devices (primarily smart cards). By using a novel algebraic MAC based on Boneh-Boyen signatures, we achieve the most efficient proving protocol compared to existing schemes. To demonstrate the practicality of our scheme in real applications, including large-scale services such as public transportation or e-government, we present an implementation on a standard, off-the-shelf, Multos smart card. While using significantly higher security parameters than most existing implementations, we achieve performance that is more than 44% better than the current state-of-the-art implementation.

Keywords

Privacy Anonymous credentials Authentication Smart cards 

Notes

Acknowledgment

This paper is supported in part by European Union’s Horizon 2020 research and innovation programme under grant agreement No 830892, project SPARTA, the Ministry of Industry and Trade grant # FV20354 and the National Sustainability Program under grant LO1401. For the research, infrastructure of the SIX Center was used.

References

  1. 1.
    Arfaoui, G., Lalande, J.F., Traoré, J., Desmoulins, N., Berthomé, P., Gharout, S.: A practical set-membership proof for privacy-preserving NFC mobile ticketing. In: PoPETs, pp. 25–45 (2015)Google Scholar
  2. 2.
    Barki, A., Brunet, S., Desmoulins, N., Gambs, S., Gharout, S., Traoré, J.: Private eCash in practice (short paper). In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 99–109. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54970-4_6CrossRefGoogle Scholar
  3. 3.
    Barki, A., Brunet, S., Desmoulins, N., Traoré, J.: Improved algebraic MACs and practical keyed-verification anonymous credentials. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 360–380. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-69453-5_20CrossRefGoogle Scholar
  4. 4.
    Barki, A., Desmoulins, N., Gharout, S., Traoré, J.: Anonymous attestations made practical. In: ACM WiSec 2017 Proceedings, pp. 87–98 (2017)Google Scholar
  5. 5.
    Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_7CrossRefGoogle Scholar
  6. 6.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard java card. In: ACM CCS 2009 Proceedings, pp. 600–610 (2009)Google Scholar
  7. 7.
    Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054851CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_4CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21, 149–177 (2008)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy (2000)CrossRefGoogle Scholar
  11. 11.
    Camenisch, J., Drijvers, M., Dzurenda, P., Hajny, J.: Fast keyed-verification anonymous credentials on standard smart cards. Cryptology ePrint Archive, Report 2019 (2019). https://eprint.iacr.org/2019/
  12. 12.
    Camenisch, J., Drijvers, M., Hajny, J.: Scalable revocation scheme for anonymous credentials based on n-times unlinkable proofs. In: ACM CCS WPES 2016 Proceedings, pp. 123–133 (2016)Google Scholar
  13. 13.
    Camenisch, J., Dubovitskaya, M., Neven, G.: Oblivious transfer with access control. In: ACM CCS 2009 Proceedings, pp. 131–140 (2009)Google Scholar
  14. 14.
    Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic n-times anonymous authentication. In: ACM CCS 2006 Proceedings, pp. 201–210 (2006)Google Scholar
  15. 15.
    Camenisch, J., Kohlweiss, M., Soriente, C.: Solving revocation with efficient update of anonymous credentials. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 454–471. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15317-4_28CrossRefGoogle Scholar
  16. 16.
    Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G.L., Neven, G., Pedersen, M.Ø.: Scientific comparison of ABC protocols (2014)Google Scholar
  17. 17.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_7CrossRefGoogle Scholar
  18. 18.
    Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45708-9_5CrossRefGoogle Scholar
  19. 19.
    Camenisch, J., Neven, G., Rückert, M.: Fully anonymous attribute tokens from lattices. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 57–75. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32928-9_4CrossRefGoogle Scholar
  20. 20.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0052252CrossRefGoogle Scholar
  21. 21.
    Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: ACM CCS 2002 Proceedings, pp. 21–30 (2002)Google Scholar
  22. 22.
    Chase, M., Meiklejohn, S., Zaverucha, G.: Algebraic MACs and keyed-verification anonymous credentials. In: ACM SIGSAC 2014 Proceedings, pp. 1205–1216 (2014)Google Scholar
  23. 23.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28, 1030–1044 (1985)CrossRefGoogle Scholar
  24. 24.
    Couteau, G., Reichle, M.: Non-interactive keyed-verification anonymous credentials. Cryptology ePrint Archive, Report 2019/117 (2019). https://eprint.iacr.org/2019/117
  25. 25.
    Dodis, Y., Kiltz, E., Pietrzak, K., Wichs, D.: Message authentication, revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 355–374. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_22CrossRefGoogle Scholar
  26. 26.
    Hajny, J., Malina, L.: Unlinkable attribute-based credentials with practical revocation on smart-cards. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 62–76. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-37288-9_5CrossRefGoogle Scholar
  27. 27.
    Hinterwälder, G., Riek, F., Paar, C.: Efficient E-cash with attributes on MULTOS smartcards. In: Mangard, S., Schaumont, P. (eds.) RFIDSec 2015. LNCS, vol. 9440, pp. 141–155. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-24837-0_9CrossRefGoogle Scholar
  28. 28.
    Isaakidis, M., Halpin, H., Danezis, G.: UnlimitID: privacy-preserving federated identity management using algebraic MACs. In: ACM CCS WPES 2016 Proceedings, pp. 139–142 (2016)Google Scholar
  29. 29.
    Kerry, C.F., Secretary, A., Director, C.R.: FIPS PUB 186–4 Federal Information Processing Standards Publication: Digital Signature Standard (DSS) (2013)Google Scholar
  30. 30.
    Mostowski, W., Vullers, P.: Efficient U-prove implementation for anonymous credentials on smart cards. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds.) SecureComm 2011. LNICST, vol. 96, pp. 243–260. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-31909-9_14CrossRefGoogle Scholar
  31. 31.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_16CrossRefGoogle Scholar
  32. 32.
    Paquin, C.: U-Prove cryptographic specification v1.1. Technical report, Microsoft Corporation (2011)Google Scholar
  33. 33.
    de la Piedra, A., Hoepman, J.-H., Vullers, P.: Towards a full-featured implementation of attribute based credentials on smart cards. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 270–289. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-12280-9_18CrossRefGoogle Scholar
  34. 34.
    Ringers, S., Verheul, E., Hoepman, J.-H.: An efficient self-blindable attribute-based credential scheme. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 3–20. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70972-7_1CrossRefGoogle Scholar
  35. 35.
    Rivest, R.L., Kaliski, B.: RSA problem. In: van Tilborg, H.C.A. (ed.) Encyclopedia of Cryptography and Security, pp. 532–536. Springer, New York (2005).  https://doi.org/10.1007/0-387-23483-7_363CrossRefGoogle Scholar
  36. 36.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997).  https://doi.org/10.1007/3-540-69053-0_18CrossRefGoogle Scholar
  37. 37.
    Smart, N.: Yearly report on algorithms and keysizes. Katholieke Universiteit Leuven, Technical report (2012)Google Scholar
  38. 38.
    Vullers, P., Alpár, G.: Efficient selective disclosure on smart cards using idemix. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 53–67. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-37282-7_5CrossRefGoogle Scholar
  39. 39.
    Wei, V.K., Yuen, T.H.: More short signatures without random oracles (2005). https://eprint.iacr.org/2005/463

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  • Jan Camenisch
    • 1
  • Manu Drijvers
    • 1
  • Petr Dzurenda
    • 2
  • Jan Hajny
    • 2
    Email author
  1. 1.DfinityZurichSwitzerland
  2. 2.Brno University of TechnologyBrnoCzech Republic

Personalised recommendations