Anonymous credential systems are a key ingredient for a secure and privacy protecting electronic world. In their full-fledged form, they can realize a broad range of requirements of authentication systems. However, these many features result in a complex system that can be difficult to use. In this paper, we aim to make credential systems easier to employ by providing an architecture and high-level specifications for the different components, transactions and features of the identity mixer anonymous credential system. The specifications abstract away the cryptographic details but they are still sufficiently concrete to enable all features. We demonstrate the use of our framework by applying it to an e-cash scenario.


Anonymous Credentials Architecture Privacy 


  1. 1.
    Bangerter, E., Camenisch, J., Lysyanskaya, A.: A cryptographic framework for the controlled release of certified data. In: SPW 2004. LNCS, Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java Card. In: Proc. 16th ACM CCS, pp. 600–610 (November 2009)Google Scholar
  3. 3.
    Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: Proc. 11th ACM CCS, pp. 168–177 (2004)Google Scholar
  4. 4.
    Brands, S.: Electronic cash systems based on the representation problem in groups of prime order. In: CRYPTO 1993, pp. 26.1– 26.15 (1993)Google Scholar
  5. 5.
    Brands, S.: Rethinking Public Key Infrastructure and Digital Certificates–Building in Privacy. PhD thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands (1999)Google Scholar
  6. 6.
    Brands, S., Demuynck, L., Decker, B.D.: A practical system for globally revoking the unlinkable pseudonyms of unknown users. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 400–415. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Brands, S., Paquin, C.: U-Prove cryptographic specification v1.0 (March 2010)Google Scholar
  8. 8.
    Camenisch, J., Chaabouni, R., Shelat, A.: Efficient protocols for set membership and range proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234–252. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Camenisch, J., Groß, T.: Efficient attributes for anonymous credentials. In: Proc.15th ACM CCS, pp. 345–356 (November 2008)Google Scholar
  10. 10.
    Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic n-times anonymous authentication. In: Proc. 13th ACM CCS, pp. 201–210 (2006)Google Scholar
  11. 11.
    Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Balancing accountability and privacy using e-cash (extended abstract). In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 141–155. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Camenisch, J., Kohlweiss, M., Soriente, C.: An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In: Jarecki, S., Tsudik, G. (eds.) Public Key Cryptography – PKC 2009. LNCS, vol. 5443, pp. 481–500. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multi- show credential system with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms (2002), http://eprint.iacr.org/2002/161
  18. 18.
    Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proc. 9th ACM CCS (2002)Google Scholar
  19. 19.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Comm. of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  20. 20.
    Damgård, I.B., Fujisaki, E.: An integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Nakanishi, T., Fujii, H., Hira, Y., Funabiki, N.: Revocable group signature schemes with constant costs for signing and verifying. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 463–480. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    IBM Research– Zurich, Security Team. Specification of the identity mixer cryp- tographic library. IBM Research Report RZ 3730, IBM Research Division (April 2010)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2010

Authors and Affiliations

  • Patrik Bichsel
    • 1
  • Jan Camenisch
    • 1
  1. 1.IBM ResearchSwitzerland

Personalised recommendations