Unlinkable Attribute-Based Credentials with Practical Revocation on Smart-Cards

  • Jan Hajny
  • Lukas Malina
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7771)


Attribute-based credentials are cryptographic schemes designed to enhance user privacy. These schemes can be used for constructing anonymous proofs of the ownership of personal attributes. The attributes can represent any information about a user, e.g., age, citizenship or birthplace. The ownership of these attributes can be anonymously proven to verifiers without leaking any other information. The problem of existing credential schemes is that they do not allow the practical revocation of malicious or expired users when slow off-line devices (for example, smart-cards) are used for storing attributes. This prevents existing systems from being used on eIDs (electronic ID cards), employees’ smart-cards or, for example, library access cards. In this paper, we propose a novel cryptographic scheme which allows both expired user revocation and de-anonymization of malicious users on commercially available smart-cards. In addition to the full cryptographic specification of the scheme, we also provide implementation results on .NET V2+ and MultOS smart-card platform.


Revocation privacy anonymity smart-cards credentials 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bao, F.: An efficient verifiable encryption scheme for encryption of discrete logarithms. In: Quisquater, J.-J., Schneier, B. (eds.) CARDIS 2000. LNCS, vol. 1820, pp. 213–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard java card. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 600–610. ACM, New York (2009)CrossRefGoogle Scholar
  3. 3.
    Boneh, D.: Twenty years of attacks on the rsa cryptosystem. Notices of the AMS 46, 203–213 (1999)MathSciNetzbMATHGoogle Scholar
  4. 4.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Camenisch, J., et al.: Specification of the identity mixer cryptographic library, Tech. rep. (2010)Google Scholar
  6. 6.
    Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Camenisch, J., Stadler, M.: Proof systems for general statements about discrete logarithms. Tech. rep. (1997)Google Scholar
  9. 9.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28, 1030–1044 (1985)CrossRefGoogle Scholar
  10. 10.
    Cramer, R.: Modular Design of Secure, yet Practical Cryptographic Protocols. Ph.D. thesis, University of Amsterdam (1996)Google Scholar
  11. 11.
    Cramer, R., Damgård, I., MacKenzie, P.: Efficient zero-knowledge proofs of knowledge without intractability assumptions. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 354–373. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  13. 13.
    Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  15. 15.
    Hajny, J., Malina, L.: Practical revocable anonymous credentials. In: De Decker, B., Chadwick, D.W. (eds.) CMS 2012. LNCS, vol. 7394, pp. 211–213. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Lapon, J., Kohlweiss, M., De Decker, B., Naessens, V.: Performance analysis of accumulator-based revocation mechanisms. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 289–301. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Malina, L., Hajny, J.: Accelerated Modular Arithmetic for Low-Performance Devices. In: 34th International Conference on Telecommunications and Signal Processing, pp. 131–135. IEEE (2011)Google Scholar
  18. 18.
    Naumann, I., Hogben, G.: Enisa: Privacy features of eid cards. Network Security Newsletter 2008, 9–13 (2008)CrossRefGoogle Scholar
  19. 19.
    Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Paquin, C.: U-prove cryptographic specification v1.1, Tech. rep. (2011)Google Scholar
  21. 21.
    The European Commission: Safer internet programme (2012),
  22. 22.
    The White House: National strategy for trusted identities in cyberspace (2011),

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jan Hajny
    • 1
  • Lukas Malina
    • 1
  1. 1.Department of TelecommunicationsBrno University of TechnologyBrnoCzech Republic

Personalised recommendations