A New Approach to Efficient Revocable Attribute-Based Anonymous Credentials

  • David Derler
  • Christian Hanser
  • Daniel Slamanig
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9496)


Recently, a new paradigm to construct very efficient multi-show attribute-based anonymous credential (ABC) systems has been introduced in Asiacrypt’14. Here, structure-preserving signatures on equivalence classes (SPS-EQ-\(\mathcal {R}\)), a novel flavor of structure-preserving signatures (SPS), and randomizable polynomial commitments are elegantly combined to yield the first ABC systems with O(1) credential size and O(1) communication bandwidth during issuing and showing. It has, however, been left open to present a full-fledged revocable multi-show attribute-based anonymous credential (RABC) system based on the aforementioned paradigm. As revocation is a highly desired and important feature when deploying ABC systems in a practical setting, this is an interesting challenge.

To this end, we propose an RABC system which builds upon the aforementioned ABC system, preserves its nice asymptotic properties and is in particular entirely practical. Our approach is based on universal accumulators, which nicely fit to the underlying paradigm. Thereby, in contrast to existing accumulator-based revocation approaches, we do not require complex zero-knowledge proofs of knowledge (ZKPKs) to demonstrate the possession of a non-membership witness for the accumulator. This is in part due to the nice rerandomization properties of SPS-EQ-\(\mathcal {R}\). Thus, this makes the entire RABC system conceptually simple, efficient and represents a novel direction in credential revocation. We also propose a game-based security model for RABC systems and prove the security of our construction in this model. Finally, to demonstrate the value of our novel approach, we carefully adapt an efficient existing universal accumulator approach (as applied within Microsoft’s U-Prove) to our setting and compare the two revocation approaches when used with the same underlying ABC system.



We would like to thank the anonymous reviewers for their valuable comments.


  1. 1.
    Acar, T., Chow, S.S.M., Nguyen, L.: Accumulators and U-Prove revocation. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 189–196. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  2. 2.
    Akagi, N., Manabe, Y., Okamoto, T.: An efficient anonymous credential system. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 272–286. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  3. 3.
    Au, M.H., Tsang, P.P., Susilo, W., Mu, Y.: Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 295–308. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  4. 4.
    Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: ACM CCS. ACM (2013)Google Scholar
  5. 5.
    Begum, N., Nakanishi, T., Funabiki, N.: Efficient proofs for CNF formulas on attributes in pairing-based anonymous credential system. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 495–509. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  6. 6.
    Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  7. 7.
    Benaloh, J.C., de Mare, M.: One-way accumulators: a decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: ACM CCS (2004)Google Scholar
  9. 9.
    Boyen, X.: The uber-assumption family – a unified complexity framework for bilinear groups. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 39–56. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  10. 10.
    Brands, S.: Rethinking public-key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)Google Scholar
  11. 11.
    Camenisch, J., Dubovitskaya, M., Haralambiev, K., Kohlweiss, M.: Composable and modular anonymous credentials: definitions and practical constructions. IACR Cryptology ePrint ArchiveGoogle Scholar
  12. 12.
    Camenisch, J., Herreweghen, E.V.: Design and implementation of the idemix anonymous credential system. In: ACM CCS. ACM (2002)Google Scholar
  13. 13.
    Camenisch, J., Kohlweiss, M., Soriente, C.: An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 481–500. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  14. 14.
    Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G.L., Neven, G., Pedersen, M.O.: Formal treatment of privacy-enhancing credential systems (2015)Google Scholar
  15. 15.
    Camenisch, J., Lehmann, A., Neven, G., Rial, A.: Privacy-preserving auditing for attribute-based credentials. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 109–127. Springer, Heidelberg (2014) Google Scholar
  16. 16.
    Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  17. 17.
    Camenisch, J.L., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  18. 18.
    Camenisch, J.L., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 61. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  19. 19.
    Camenisch, J.L., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  20. 20.
    Canard, S., Lescuyer, R.: Anonymous credentials from (indexed) aggregate signatures. In: DIM. ACM (2011)Google Scholar
  21. 21.
    Canard, S., Lescuyer, R.: Protecting privacy by sanitizing personal data: a new approach to anonymous credentials. In: ASIA CCS. ACM (2013)Google Scholar
  22. 22.
    Chase, M., Meiklejohn, S., Zaverucha, G.M.: Algebraic MACs and keyed-verification anonymous credentials. In: ACM CCS. ACM (2014)Google Scholar
  23. 23.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  24. 24.
    Cheon, J.H.: Security analysis of the strong diffie-hellman problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 1–11. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  25. 25.
    Derler, D., Hanser, C., Slamanig, D.: Revisiting cryptographic accumulators, additional properties and relations to other primitives. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 127–144. Springer, Heidelberg (2015) Google Scholar
  26. 26.
    Fuchsbauer, G.: Breaking existential unforgeability of a signature scheme from Asiacrypt 2014. IACR Cryptology ePrint Archive (2014)Google Scholar
  27. 27.
    Fuchsbauer, G., Hanser, C., Slamanig, D.: EUF-CMA-Secure structure-preserving signatures on equivalence classes. IACR Cryptology ePrint Archive (2014)Google Scholar
  28. 28.
    Garman, C., Green, M., Miers, I.: Decentralized anonymous credentials. In: NDSS (2014)Google Scholar
  29. 29.
    Hajny, J., Malina, L.: Unlinkable attribute-based credentials with practical revocation on smart-cards. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 62–76. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  30. 30.
    Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 491–511. Springer, Heidelberg (2014) Google Scholar
  31. 31.
    Lapon, J., Kohlweiss, M., De Decker, B., Naessens, V.: Analysis of revocation strategies for anonymous idemix credentials. In: De Decker, B., Lapon, J., Naessens, V., Uhl, A. (eds.) CMS 2011. LNCS, vol. 7025, pp. 3–17. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  32. 32.
    Li, J., Li, N., Xue, R.: Universal accumulators with efficient nonmembership proofs. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 253–269. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  33. 33.
    Lueks, W., Alpár, G., Hoepman, J.H., Vullers, P.: Fast revocation of attribute-based credentials for both users and verifiers. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IFIP AICT, vol. 455, pp. 463–478. Springer, Heidelberg (2015) CrossRefGoogle Scholar
  34. 34.
    Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems (extended abstract). In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  35. 35.
    Nakanishi, T., Fujii, H., Hira, Y., Funabiki, N.: Revocable group signature schemes with constant costs for signing and verifying. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 463–480. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  36. 36.
    Nakanishi, T., Funabiki, N.: Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 533–548. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  37. 37.
    Nguyen, L.: Accumulators from bilinear pairings and applications. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 275–292. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  38. 38.
    Nguyen, L., Paquin, C.: U-prove designated-verifier accumulator revocation extension. Technical report, Microsoft Research (2014)Google Scholar
  39. 39.
    Paquin, C., Zaverucha, G.: U-prove cryptographic specification v1.1, revision 3. Technical report, Microsoft Corporation (2013)Google Scholar
  40. 40.
    Song, D.X.: Practical forward secure group signature schemes. In: ACM CCS. ACM (2001)Google Scholar
  41. 41.
    Sudarsono, A., Nakanishi, T., Funabiki, N.: Efficient proofs of attributes in pairing-based anonymous credential system. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 246–263. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  42. 42.
    Unterluggauer, T., Wenger, E.: Efficient pairings and ECC for embedded systems. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 298–315. Springer, Heidelberg (2014) Google Scholar
  43. 43.
    Verheul, E.R.: Self-blindable credential certificates from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 533–551. Springer, Heidelberg (2001) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • David Derler
    • 1
  • Christian Hanser
    • 1
  • Daniel Slamanig
    • 1
  1. 1.IAIK, Graz University of TechnologyGrazAustria

Personalised recommendations