Unlinkable Attribute-Based Credentials with Practical Revocation on Smart-Cards
Attribute-based credentials are cryptographic schemes designed to enhance user privacy. These schemes can be used for constructing anonymous proofs of the ownership of personal attributes. The attributes can represent any information about a user, e.g., age, citizenship or birthplace. The ownership of these attributes can be anonymously proven to verifiers without leaking any other information. The problem of existing credential schemes is that they do not allow the practical revocation of malicious or expired users when slow off-line devices (for example, smart-cards) are used for storing attributes. This prevents existing systems from being used on eIDs (electronic ID cards), employees’ smart-cards or, for example, library access cards. In this paper, we propose a novel cryptographic scheme which allows both expired user revocation and de-anonymization of malicious users on commercially available smart-cards. In addition to the full cryptographic specification of the scheme, we also provide implementation results on .NET V2+ and MultOS smart-card platform.
KeywordsRevocation privacy anonymity smart-cards credentials
Unable to display preview. Download preview PDF.
- 5.Camenisch, J., et al.: Specification of the identity mixer cryptographic library, Tech. rep. (2010)Google Scholar
- 8.Camenisch, J., Stadler, M.: Proof systems for general statements about discrete logarithms. Tech. rep. (1997)Google Scholar
- 10.Cramer, R.: Modular Design of Secure, yet Practical Cryptographic Protocols. Ph.D. thesis, University of Amsterdam (1996)Google Scholar
- 12.Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
- 17.Malina, L., Hajny, J.: Accelerated Modular Arithmetic for Low-Performance Devices. In: 34th International Conference on Telecommunications and Signal Processing, pp. 131–135. IEEE (2011)Google Scholar
- 20.Paquin, C.: U-prove cryptographic specification v1.1, Tech. rep. (2011)Google Scholar
- 21.The European Commission: Safer internet programme (2012), http://ec.europa.eu/information_society/activities/sip/policy/index_en.htm
- 22.The White House: National strategy for trusted identities in cyberspace (2011), http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf