emmy – Trust-Enhancing Authentication Library

  • Miha Stopar
  • Manca BizjakEmail author
  • Jolanda Modic
  • Jan Hartman
  • Anže Žitnik
  • Tilen Marc
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 563)


People, organizations, devices need to make many kinds of claims as part of their everyday activities. Digital credentials can enable to transmit instantly verifiable claims about their name, date of birth, gender, location, accomplishments. Some privacy-enhancing digital credentials enable revealing only part of your identity and thus hiding all information that is not necessarily needed for the online service. In the past two decades, several privacy- and trust-enhancing authentication techniques and approaches have been proposed to implement such verifiable digital credentials, mostly on the theoretical level. Some implementations exist, but either lack functionalities, rely on heavy computational machinery or are not available in open source. This paper presents emmy, a fully-fledged open source cryptographic library for secure, privacy-aware, and trust-enhancing authentication towards online services.


Trust Privacy Zero-knowledge proofs Identity management Anonymity Cloud services 



The research was supported, in part, by grants H2020-DS-2017-780108 (FENTEC) and H2020-ICT-2016-730929 (mF2C).


  1. 1.
    Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, ITCS 2012, pp. 326–349. ACM, New York (2012)Google Scholar
  2. 2.
    Brands, S., Demuynck, L., De Decker, B.: A practical system for globally revoking the unlinkable pseudonyms of unknown users. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 400–415. Springer, Heidelberg (2007). Scholar
  3. 3.
    Brands, S.A.: An efficient off-line electronic cash system based on the representation problem. Technical report, CWI (Centre for Mathematics and Computer Science), Amsterdam, The Netherlands (1993)Google Scholar
  4. 4.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 132–145. ACM, New York (2004)Google Scholar
  5. 5.
    Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: Proceedings of the 39th IEEE Symposium on Security and Privacy 2018, SP 2018, San Francisco, CA, US, pp. 315–334. IEEE (2018)Google Scholar
  6. 6.
    Camenisch, J., Chen, L., Drijvers, M., Lehmann, A., Novick, D., Urian, R.: One TPM to bind them all: fixing TPM 2.0 for provably secure anonymous attestation. In: Proceedings of the 38th IEEE Symposium on Security and Privacy, SP 2017, pp. 901–920. IEEE, NY (2017)Google Scholar
  7. 7.
    Camenisch, J., Damgård, I.: Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 331–345. Springer, Heidelberg (2000). Scholar
  8. 8.
    Camenisch, J., Drijvers, M., Lehmann, A.: Universally composable direct anonymous attestation. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 234–264. Springer, Heidelberg (2016). Scholar
  9. 9.
    Camenisch, J., Groß, T.: Efficient attributes for anonymous credentials. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 345–356. ACM, New York (2008)Google Scholar
  10. 10.
    Camenisch, J., Kohlweiss, M., Soriente, C.: An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 481–500. Springer, Heidelberg (2009). Scholar
  11. 11.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). Scholar
  12. 12.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004). Scholar
  13. 13.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003). Scholar
  14. 14.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). Scholar
  15. 15.
    Cramer, R., Damgård, I.: Zero-knowledge proofs for finite field arithmetic, or: can zero-knowledge be for free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424–441. Springer, Heidelberg (1998). Scholar
  16. 16.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994). Scholar
  17. 17.
    Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002). Scholar
  18. 18.
  19. 19.
    emmy - Library for Zero-Knowledge Proofs.
  20. 20.
    FENTEC Project Homepage.
  21. 21.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). Scholar
  22. 22.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. In: Proceedings of the 17th Annual ACM Symposium on Theory of Computing, STOC 1985, pp. 291–304. ACM, New York (1985)Google Scholar
  23. 23.
  24. 24.
  25. 25.
  26. 26.
    IBM Identity Mixer (idemix).
  27. 27.
  28. 28.
  29. 29.
  30. 30.
  31. 31.
    JSON Web Tokens.
  32. 32.
    Bemmann, K., et al.: Fully-featured anonymous credentials with reputation system. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 1918, pp. 42:1–42:10. ACM, New York (2018)Google Scholar
  33. 33.
    Lipmaa, H.: On diophantine complexity and statistical zero-knowledge arguments. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 398–415. Springer, Heidelberg (2003). Scholar
  34. 34.
    Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000). Scholar
  35. 35.
    Marketing Week: Consumers are ‘dirtying’ databases with false details.
  36. 36.
    mF2C Project Homepage.
  37. 37.
    Nakanishi, T., Fujii, H., Hira, Y., Funabiki, N.: Revocable group signature schemes with constant costs for signing and verifying. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 463–480. Springer, Heidelberg (2009). Scholar
  38. 38.
  39. 39.
  40. 40.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). Scholar
  41. 41.
  42. 42.
    Sabouri, A., Krontiris, I., Rannenberg, K.: Attribute-based credentials for trust (ABC4Trust). In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 218–219. Springer, Heidelberg (2012). Scholar
  43. 43.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). Scholar
  44. 44.
    Security Assertion Markup Language (SAML) V2.0 Technical Overview.
  45. 45.
    Technical introduction to IRMA.
  46. 46.
    The Intel(R) Enhanced Privacy ID Software Development Kit.
  47. 47.
  48. 48.
    Trusted Computing Group.
  49. 49.
  50. 50.
    Verifiable Claims Working Group.
  51. 51.

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  • Miha Stopar
    • 1
  • Manca Bizjak
    • 1
    Email author
  • Jolanda Modic
    • 1
  • Jan Hartman
    • 1
  • Anže Žitnik
    • 1
  • Tilen Marc
    • 1
    • 2
  1. 1.XLAB d.o.o.LjubljanaSlovenia
  2. 2.Institute of Mathematics, Physics and MechanicsLjubljanaSlovenia

Personalised recommendations