A Survey on Non-transferable Anonymous Credentials

  • Sebastian Pape
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 298)


There are at least two principal approaches to prevent users from sharing their anonymous credentials: adding valuable secrets into the system the user does not want to share or embedding biometric access control. This paper seeks to identify possible fields of application and to compare both approaches with respect to the credentials’ non-transferability.

The paper shows that both approaches do not ensure the non- transferability of anonymous credentials, but may be applicable in some fields. On the one hand, it might be hard to find valuable secrets to really prevent the sharing of credentials, in particular with close family members. On the other hand, biometric sensors embedded in a smartcard can be circumvented with some effort, especially if access control is unattended. Although the combination of both approaches may prevent more users from sharing their credentials, it suffers from restrictions of both approaches and from the effort needed to put it in place.

However, assuming that anonymous credentials will probably not be used in high-security environments, both approaches might be sufficient to prevent sharing in some applications. If the users already possess personal digital assistants, embedded valuable secrets are a quite cheap solution, even though they raise the system’s value. If access control is attended, biometric sensors are reasonably safe and limit the possibility of unintentionally sharing the credentials for free.


Access Control Smart Card Blind Signature Credential System Attack Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Communications of the ACM 28, 1030–1044 (1985)CrossRefGoogle Scholar
  2. 2.
    Chaum, D., Evertse, J.-H.: A secure and privacy-protecting protocol for transmitting personal information between organizations. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 118–167. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  3. 3.
    Chaum, D.: Blind Signatures for Untraceable Payments. In: Advances in Cryptology – CRYPTO 1982, pp. 199–203. Springer, Heidelberg (1999)Google Scholar
  4. 4.
    Dwork, C., Lotspiech, J., Naor, M.: Digital Signets: Self-Enforcing Protection of Digital Information. In: Proceedings on Theory of Computing, 28th Ann. ACM Symp. (1997)Google Scholar
  5. 5.
    Goldreich, O., Pfitzmann, B., Rivest, R.L.: Self-Delegation with Controlled Propagation — or — What If You Lose Your Laptop. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 153–168. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. 6.
    Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym Systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Bleumer, G.: Biometric yet Privacy Protecting Person Authentication. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 99–110. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  9. 9.
    Chaum, D.: Blind signatures for untraceable payments. In: Advances in Cryptology – Crypto 1982, pp. 199–203. Springer, Heidelberg (1983)Google Scholar
  10. 10.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  11. 11.
    FFIEC Press Release: Authentication in an Internet Banking Environment. Techreport, Federal Financial Institutions Examination Council (2005)Google Scholar
  12. 12.
    Brainard, J., Juels, A., Rivest, R., Szydlo, M., Yung, M.: Fourth Factor Authentication: Somebody You Know. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 168–178. ACM, New York (2006)Google Scholar
  13. 13.
    Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  14. 14.
    Impagliazzo, R., More, S.M.: Anonymous Credentials with Biometrically-Enforced Non-Transferability. In: Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society (WPES 2003), pp. 60–71 (2003)Google Scholar
  15. 15.
    Homepage of Biometric Associates, Inc.,
  16. 16.
    Pan, S.B., Gil, Y.H., Moon, D., Chung, Y., Park, C.H.: A Memory-Efficient Fingerprint Verification Algorithm Using a Multi-Resolution Accumulator Array. ETRI Journal 25, 179–186 (2003)CrossRefGoogle Scholar
  17. 17.
    Barwise, M., Bachfeld, D.: Attack of the card cloners. IT security news and services at heise Security UK (2007),
  18. 18.
    Finkenzeller, K.: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 446 pages. John Wiley and Sons, Chichester (2003)CrossRefGoogle Scholar
  19. 19.
    Graafstra, A.: RFID Toys: 11 Cool Projects for Home, Office and Entertainment, 336 pages. Wiley, Chichester (2006)Google Scholar
  20. 20.
    Damgård, I., Dupont, K., Pedersen, M.O.: Unclonable Group Identification. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 555–572. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic n-times anonymous authentication. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 201–210. ACM, New York (2006)Google Scholar
  22. 22.
    Beth, T., Desmedt, Y.: Identification tokens – or: Solving the chess grandmaster problem. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 169–176. Springer, Heidelberg (1991)Google Scholar
  23. 23.
    Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  24. 24.
    Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: SS 2007: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–16. USENIX Association (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Sebastian Pape
    • 1
  1. 1.Databases and Interactive Systems Research GroupUniversity of KasselGermany

Personalised recommendations