Anonymity 2.0 – X.509 Extensions Supporting Privacy-Friendly Authentication

  • Vicente Benjumea
  • Seung Geol Choi
  • Javier Lopez
  • Moti Yung
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4856)


We present a semantic extension to X.509 certificates that allows incorporating new anonymity signature schemes into the X.509 framework. This fact entails advantages to both components. On the one hand, anonymous signature schemes benefit from all the protocols and infrastructure that the X.509 framework provides. On the other hand, the X.509 framework incorporates anonymity as a very interesting new feature. This semantic extension is part of a system that provides user’s controlled anonymous authorization under the X.509 framework. Additionally, the proposal directly fits the much active Identity 2.0 effort, where anonymity is a major supplementary feature that increases the self-control of one’s identity and privacy which is at the center of the activity.


Anonymous authentication X.509 certificates group signatures ring signatures traceable signatures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ateniese, G., Camenish, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)Google Scholar
  2. 2.
    Ateniese, G., Tsudik, G.: Some open issues and new directions in group signatures. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 196–211. Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Benjumea, V., Lopez, J., Montenegro, J.A., Troya, J.M.: A first approach to provide anonymity in attribute certificates. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 402–415. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Benjumea, V., Lopez, J., Troya, J.M.: Anonymous attribute certificates based on traceable signatures. Internet Research 16(2), 120–139 (2006)Google Scholar
  5. 5.
    Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates Building in Privacy, The MIT Press, Cambridge (August 2000)Google Scholar
  6. 6.
    Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)Google Scholar
  7. 7.
    Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R., Sherman, A. (eds.) CRYPTO 1982: Advances in Cryptology, pp. 199–203. Plenum Press, Santa Barbara, CA (August 1983)Google Scholar
  8. 8.
    Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)Google Scholar
  9. 9.
    Chaum, D., Evertse, J.H.: A secure and privacy-protecting protocol for transmitting personal information between organizations. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 118–170. Springer, Heidelberg (1987)Google Scholar
  10. 10.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)Google Scholar
  11. 11.
    Chen, L.: Access with pseudonyms. In: Dawson, E.P., Golić, J.D. (eds.) Cryptography: Policy and Algorithms. LNCS, vol. 1029, pp. 232–243. Springer, Heidelberg (1996)Google Scholar
  12. 12.
    Choi, S.G., Park, K., Yung, M.: Short traceable signatures based on bilinear pairings. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 88–103. Springer, Heidelberg (2006)Google Scholar
  13. 13.
    Dierks, T., Rescorla, E.: RFC-4346. The Transport Layer Security (TLS) Protocol. The Internet Society (April 2006)Google Scholar
  14. 14.
    Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in Ad Hoc groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004)Google Scholar
  15. 15.
    Ellison, C.: RFC-2692. SPKI requirements. IETF SPKI Working Group (September 1999)Google Scholar
  16. 16.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: RFC-2693. SPKI certificate theory. IETF SPKI Working Group (September 1999)Google Scholar
  17. 17.
    Farrel, S., Housley, R.: RFC-3281. An Internet Attribute Certificate Profile for Authorization. The Internet Society (April 2002)Google Scholar
  18. 18.
    FIPS 186. Digital Signature Standard. U.S. Department of Commerce/N.I.S.T., National Technical Information Service, Springfield, Virginia (1994)Google Scholar
  19. 19.
    Freier, A., Karlton, P., Kocher, P.: The SSL Protocol. Netscape (November 1996)Google Scholar
  20. 20.
    Housley, R., Polk, W., Ford, W., Solo, D.: RFC-3280. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. The Internet Society (April 2002)Google Scholar
  21. 21.
  22. 22.
    ITU-T Recommendation X.509. Information Technology - Open systems interconnection - The Directory: Authentication Framework (June 1997)Google Scholar
  23. 23.
    ITU-T Recommendation X.509. Information Technology - Open systems interconnection - The Directory: Public-key and attribute certificate frameworks (March 2000)Google Scholar
  24. 24.
    Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004)Google Scholar
  25. 25.
    Lysyanskaya, A., Rivest, R., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, Springer, Heidelberg (2000)Google Scholar
  26. 26.
    Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: RFC-2560. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. The Internet Society (June 1999)Google Scholar
  27. 27.
    Nguyen, L., Safavi-Naini, R.: Efficient and provably secure trapdoor-free group signature schemes from bilinear pairings. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 372–386. Springer, Heidelberg (2004)Google Scholar
  28. 28.
    Persiano, P., Visconti, I.: A secure and private system for subscription-based remote services. ACM Trans. on Information and System Security 6(4), 472–500 (2003)Google Scholar
  29. 29.
    Persiano, P., Visconti, I.: An efficient and usable multi-show non-transferable anonymous credential system. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 196–211. Springer, Heidelberg (2004)Google Scholar
  30. 30.
    Rivest, R., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)Google Scholar
  31. 31.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)Google Scholar
  32. 32.
    Schechter, S., Parnell, T., Hartemink, A.: Anonymous authentication of membership in dynamic groups. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 184–195. Springer, Heidelberg (1999)Google Scholar
  33. 33.
    Stubblebine, S.G., Syverson, P.F., Goldschlag, D.M.: Unlinkable serial transactions: Protocols and applications. ACM Trans. on Information and System Security 2(4), 354–389 (1999)Google Scholar
  34. 34.
    Verheul, E.R.: Self-blindable credential certificates from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 533–551. Springer, Heidelberg (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Vicente Benjumea
    • 1
  • Seung Geol Choi
    • 2
  • Javier Lopez
    • 1
  • Moti Yung
    • 3
  1. 1.Computer Science Dept., University of MalagaSpain
  2. 2.Computer Science Dept., Columbia UniversityUSA
  3. 3.Google & Computer Science Dept., Columbia UniversityUSA

Personalised recommendations