Efficient U-Prove Implementation for Anonymous Credentials on Smart Cards

  • Wojciech Mostowski
  • Pim Vullers
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 96)


In this paper we discuss an efficient implementation of anonymous credentials on smart cards. In general, privacy-preserving protocols are computationally intensive and require the use of advanced cryptography. Implementing such protocols for smart cards involves a trade-off between the requirements of the protocol and the capabilities of the smart card. In this context we concentrate on the implementation of Microsoft’s U-Prove technology on the MULTOS smart card platform. Our implementation aims at making the smart card independent of any other resources, either computational or storage. In contrast, Microsoft suggests an alternative approach based on device-protected tokens which only uses the smart card as a security add-on. Given our very good performance results we argue that our approach should be considered in favour of Microsoft’s one. Furthermore we provide a brief comparison between Java Card and MULTOS which illustrates our choice to implement this technology on the latter more flexible and low-level platform rather than the former.


anonymous credentials smart cards U-Prove MULTOS Java Card 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    MULTOS implementation report. Tech. Rep. MAO-DOC-TEC-010 v1.36a, MAOSCO Limited (February 2010)Google Scholar
  2. 2.
    Batina, L., Hoepman, J.-H., Jacobs, B., Mostowski, W., Vullers, P.: Developing Efficient Blinded Attribute Certificates on Smart Cards via Pairings. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 209–222. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Bender, J., Kügler, D., Margraf, M., Naumann, I.: Privacy-friendly revocation management without unique chip identifiers for the German national ID card. Computer Fraud & Security (September 2010)Google Scholar
  4. 4.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java Card. In: Computer and Communications Security – CCS 2009, pp. 600–610. ACM (November 2009)Google Scholar
  5. 5.
    Brands, S., Paquin, C.: U-Prove cryptographic specification v1.0. Tech. rep., Microsoft Corporation (March 2010)Google Scholar
  6. 6.
    Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press (August 2000)Google Scholar
  7. 7.
    Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Pfitzmann, B., Liu, P. (eds.) Computer and Communications Security – CCS 2004, pp. 132–145. ACM (October 2004)Google Scholar
  8. 8.
    Bundesamt für Sicherheit in der Informationstechnik: Advanced security mechanisms for machine readable travel documents, Version 2.05. Tech. Rep. TR-03110, German Federal Office for Information Security (BSI), Bonn, Germany (2010)Google Scholar
  9. 9.
    Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Camenisch, J., Lysyanskaya, A.: Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Computer and Communications Security – CCS 2002, pp. 21–30. ACM (November 2002)Google Scholar
  12. 12.
    Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L. (eds.) Advances in Cryptology – CRYPTO 1982. pp. 199–203. Plemum Publishing (1983)Google Scholar
  13. 13.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Communications of the ACM 28, 1030–1044 (1985)CrossRefGoogle Scholar
  14. 14.
    Chen, Z.: Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. Java. Addison-Wesley (June 2000)Google Scholar
  15. 15.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  16. 16.
    France-Massey, T.: MULTOS – the high security smart card OS. Tech. rep., MAOSCO Limited (September 2005)Google Scholar
  17. 17.
    Hoepman, J.H., Jacobs, B., Vullers, P.: Privacy and security issues in e-ticketing – Optimisation of smart card-based attribute-proving. In: Cortier, V., Ryan, M., Shmatikov, V. (eds.) Foundations of Security and Privacy – FCS-PrivMod 2010 (July 2010) (informal)Google Scholar
  18. 18.
    Hoepman, J.H., Lueks, W., Vullers, P.: Revoking self-blindable credentials (2011)Google Scholar
  19. 19.
    Lysyanskaya, A.A.: Signature schemes and applications to cryptographic protocol design. Ph.D. thesis, Massachusetts Institute of Technology (September 2002)Google Scholar
  20. 20.
    MAOSCO Limited: MULTOS Developer’s Reference Manual (October 2009)Google Scholar
  21. 21.
    NXP Semiconductors: Smart solutions for smart services (z-card 2009). NXP Literature, Document 75016728 (2009)Google Scholar
  22. 22.
    Paquin, C.: U-Prove cryptographic specification v1.1. Tech. rep., Microsoft Corporation (February 2011)Google Scholar
  23. 23.
    Paquin, C.: U-Prove cryptographic test vectors v1.1. Tech. rep., Microsoft Corporation (February 2011)Google Scholar
  24. 24.
    Paquin, C.: U-Prove technology overview v1.1. Tech. rep., Microsoft Corporation (February 2011)Google Scholar
  25. 25.
    Sterckx, M., Gierlichs, B., Preneel, B., Verbauwhede, I.: Efficient implementation of anonymous credentials on Java Card smart cards. In: Information Forensics and Security – WIFS 2009, pp. 106–110. IEEE (September 2009)Google Scholar
  26. 26.
    Sun Microsystems, Inc.: Java Card 2.2.2 Application Programming Interface Specification (March 2006)Google Scholar
  27. 27.
    Sun Microsystems, Inc.: Java Card 2.2.2 Virtual Machine Specification (March 2006)Google Scholar
  28. 28.
    Tews, H., Jacobs, B.: Performance Issues of Selective Disclosure and Blinded Issuing Protocols on Java Card. In: Markowitch, O., Bilas, A., Hoepman, J.-H., Mitchell, C.J., Quisquater, J.-J. (eds.) WISTP 2009. LNCS, vol. 5746, pp. 95–111. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  29. 29.
    Verheul, E.R.: Self-Blindable Credential Certificates from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 533–550. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  • Wojciech Mostowski
    • 1
  • Pim Vullers
    • 1
  1. 1.Institute for Computing and Information Sciences, Digital Security groupRadboud University NijmegenThe Netherlands

Personalised recommendations