Advertisement

Accountable Anonymous Credentials

  • Zuoxia Yu
  • Man Ho Au
  • Rupeng Yang
Chapter

Abstract

Anonymity refers to withholding the identification information associated with an interaction. In the cyberworld, anonymous authentication is an important tool for protecting privacy. However, users may misbehave under the cover of anonymity, thus, accountability is crucial in any practical privacy-preserving authentication. Balancing anonymity and accountability has always been a challenging research problem in privacy protection. Accountable anonymous credentials are the cryptographic schemes designed to address this challenge. Users are allowed to anonymously prove their possession of valid credentials to protect user privacy. If they misbehave, they will be de-anonymized or blacklisted. In other words, it is technically possible for a system to achieve both anonymity and accountability simultaneously. In this chapter, we review the concept of anonymous credentials and discuss various accountability mechanisms. We discuss how the recent development of blockchain and quantum computers have influenced the recent research advances in this area. Finally, we also discuss how anonymous credentials are applied in real-world applications in cryptocurrencies.

References

  1. 1.
    Anthony, D., Smith, S. W., & Williamson, T. (2007). The Quality of Open Source Production: Zealots and Good Samaritans in the Case of Wikipedia. Technical Report TR2007-606, Dartmouth College, Computer Science, Hanover, NH, September 2007.Google Scholar
  2. 2.
    Au, M. H., Chow, S. S. M., Susilo, W., & Tsang, P. P. (2006). Short linkable ring signatures revisited. In European Public Key Infrastructure Workshop (Vol. 4043, pp. 101–115). Berlin: Springer.CrossRefGoogle Scholar
  3. 3.
    Au, M. H., & Kapadia, A. (2012). Perm: Practical reputation-based blacklisting without ttps. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (pp. 929–940). ACM.Google Scholar
  4. 4.
    Au, M. H., Kapadia, A., Susilo, W., & Au, M. H. (2012). Blacr: Ttp-free blacklistable anonymous credentials with reputation. In NDSS.Google Scholar
  5. 5.
    Bellare, M., Micciancio, D., & Warinschi, B. (2003). Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In Eurocrypt (Vol. 2656, pp. 614–629). Berlin: Springer.Google Scholar
  6. 6.
    Bellare, M., Shi, H., & Zhang, C. (2005). Foundations of group signatures: The case of dynamic groups. In Cryptographers’ Track at the RSA Conference (pp. 136–153). Berlin: Springer.Google Scholar
  7. 7.
    Bender, A., Katz, J., & Morselli, R. (2006). Ring signatures: Stronger definitions, and constructions without random oracles. In TCC (Vol. 6, pp. 60–79). Berlin: Springer.CrossRefGoogle Scholar
  8. 8.
    Blazy, O., & Pointcheval, D. (2012). Traceable signature with stepping capabilities. In Cryptography and Security (pp. 108–131). Berlin: Springer.CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Boyen, X., & Shacham, H. (2004). Short group signatures. In Crypto (Vol. 3152, pp. 41–55). Berlin: Springer.CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Gentry, C., Lynn, B., & Shacham, H. (2003). Aggregate and verifiably encrypted signatures from bilinear maps. In Eurocrypt (Vol. 2656, pp. 416–432). Berlin: Springer.Google Scholar
  11. 11.
    Boneh, D., & Shacham, H. (2004). Group signatures with verifier-local revocation. In Proceedings of the 11th ACM Conference on Computer and Communications Security (pp. 168–177). ACM.Google Scholar
  12. 12.
    Brakerski. Z., & Kalai, Y. T. (2010). A framework for efficient signatures, ring signatures and identity based encryption in the standard model. IACR Cryptology ePrint Archive, 2010, 86.Google Scholar
  13. 13.
    Brands, S. A. (2000). Rethinking public key infrastructures and digital certificates: building in privacy. Mit Press.Google Scholar
  14. 14.
    Bresson, E., Stern, J., & Szydlo, M. (2002). Threshold ring signatures and applications to ad-hoc groups. In Annual International Cryptology Conference (pp. 465–480). Berlin: Springer.CrossRefGoogle Scholar
  15. 15.
    Brickell, E., & Li, J. (2007). Enhanced privacy id: A direct anonymous attestation scheme with enhanced revocation capabilities. In Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society (pp. 21–30). ACM.Google Scholar
  16. 16.
    Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., & Meyerovich, M. (2006). How to win the clonewars: efficient periodic n-times anonymous authentication. In Proceedings of the 13th ACM Conference on Computer and Communications Security (pp. 201–210). ACM.Google Scholar
  17. 17.
    Camenisch, J., Hohenberger, S., & Lysyanskaya, A. (2005). Compact e-cash. In Eurocrypt (Vol. 3494, pp. 302–321). Berlin: Springer.Google Scholar
  18. 18.
    Camenisch, J., & Lysyanskaya, A. (2001). An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In B. Pfitzmann (Ed.), Advances in Cryptology - EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, Austria, May 6–10, 2001, Proceeding (Vol. 2045, pp. 93–118)., Lecture notes in computer science Berlin: Springer.Google Scholar
  19. 19.
    Camenisch, J., & Lysyanskaya, A. (2001). An efficient system for non-transferable anonymous credentials with optional anonymity revocation. Advances in Cryptology-EUROCRYPT, 2001, 93–118.MathSciNetzbMATHGoogle Scholar
  20. 20.
    Camenisch, J., & Lysyanskaya, A. (2002). Dynamic accumulators and application to efficient revocation of anonymous credentials. In Crypto (Vol. 2442, pp. 61–76). Berlin: Springer.CrossRefGoogle Scholar
  21. 21.
    Camenisch, J., & Lysyanskaya, A. (2002). A signature scheme with efficient protocols. In International Conference on Security in Communication Networks (pp. 268–289). Berlin: Springer.CrossRefGoogle Scholar
  22. 22.
    Camenisch, J., & Lysyanskaya, A. (2004). Signature schemes and anonymous credentials from bilinear maps. In Annual International Cryptology Conference (pp. 56–72). Berlin: Springer.CrossRefGoogle Scholar
  23. 23.
    Camenisch, J., Neven, G., & Rückert, M. (2012). Fully anonymous attribute tokens from lattices. In SCN (pp. 57–75). Berlin: Springer.Google Scholar
  24. 24.
    Canard, S., & Gouget, A. (2007). Divisible e-cash systems can be truly anonymous. In Eurocrypt (Vol. 4515, pp. 482–497). Berlin: Springer.CrossRefGoogle Scholar
  25. 25.
    Chaum, D. (1983). Blind signatures for untraceable payments. In Advances in Cryptology (pp. 199–203). Berlin: Springer.CrossRefGoogle Scholar
  26. 26.
    Chaum, D. (1985). Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM, 28(10), 1030–1044.CrossRefGoogle Scholar
  27. 27.
    Chaum, D. (1989). Online cash checks. In Workshop on the Theory and Application of of Cryptographic Techniques (pp. 288–293). Berlin: Springer.Google Scholar
  28. 28.
    Chaum, D., & Evertse, J. -H. (1986). A secure and privacy-protecting protocol for transmitting personal information between organizations. In Crypto (Vol. 86, pp. 118–167). Berlin: Springer.Google Scholar
  29. 29.
    Chaum, D., Fiat, A., & Naor, M. (1990). Untraceable electronic cash. In Proceedings on Advances in Cryptology (pp. 319–327). New York, Inc.: Springer.Google Scholar
  30. 30.
    Chaum, D., & Van Heyst, E. (1991). Group signatures. In Advances in Cryptology? EUROCRYPT? 91 (pp. 257–265). Berlin: Springer.CrossRefGoogle Scholar
  31. 31.
    Choi, S. G., Park, K., & Yung, M. (2006). Short traceable signatures based on bilinear pairings. In IWSEC (Vol. 6, pp. 88–103).CrossRefGoogle Scholar
  32. 32.
    Chow, S. S. M., Wei, V. K., Liu, J. K., & Hon Yuen, Tsz. (2006). Ring signatures without random oracles. In Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security (pp. 297–302). ACM.Google Scholar
  33. 33.
    Damgård, I. B. (1990). Payment systems and credential mechanisms with provable security against abuse by individuals. In Proceedings on Advances in Cryptology (pp. 328–335). New York, Inc.: Springer.Google Scholar
  34. 34.
    Delerablée, C., & Pointcheval, D. (2006). Dynamic fully anonymous short group signatures. Vietcrypt, 4341, 193–210.zbMATHGoogle Scholar
  35. 35.
    Dodis, Y., Kiayias, A., Nicolosi, A., & Shoup, V. (2004). Anonymous identification in ad hoc groups. In Eurocrypt (Vol. 3027, pp. 609–626). Berlin: Springer.CrossRefGoogle Scholar
  36. 36.
    Fujisaki, E., & Suzuki, K. (2007). Traceable ring signature. In Public Key Cryptography (Vol. 4450, pp. 181–200). Berlin: Springer.Google Scholar
  37. 37.
    Garman, C., Green, M., & Miers, I. (2014). Decentralized anonymous credentials. In NDSS.Google Scholar
  38. 38.
    Ge, H., & Tate, S. R. (2006). Traceable signature: better efficiency and beyond. In International Conference on Computational Science and Its Applications (pp. 327–337). Berlin: Springer.CrossRefGoogle Scholar
  39. 39.
    Gordon, S. D., Katz, J., & Vaikuntanathan, V. (2010). A group signature scheme from lattice assumptions. In ASIACRYPT (pp. 395–412). Berlin: Springer.CrossRefGoogle Scholar
  40. 40.
    Groth, J. (2007). Fully anonymous group signatures without random oracles. Advances in Cryptology-ASIACRYPT, 2007, 164–180.Google Scholar
  41. 41.
    Groth, J., & Kohlweiss, M. (2015). One-out-of-many proofs: Or how to leak a secret and spend a coin. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 253–280). Berlin: Springer.Google Scholar
  42. 42.
    Khattak, S., Fifield, D., Afroz, S., Javed, M., Sundaresan, S., McCoy, D., Paxson, V., & Murdoch, S. J. (2016). Do you see what I see? differential treatment of anonymous users. In 23nd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21–24 2016. The Internet Society.Google Scholar
  43. 43.
    Kiayias, A., Tsiounis, Y., & Yung, M. (2004). Traceable signatures. In Eurocrypt (Vol. 3027, pp. 571–589). Berlin: Springer.CrossRefGoogle Scholar
  44. 44.
    Koshy, P., Koshy, D., & McDaniel, P. (2014). An analysis of anonymity in bitcoin using p2p network traffic. In International Conference on Financial Cryptography and Data Security (pp. 469–485). Berlin: Springer.Google Scholar
  45. 45.
    Kumar, A., Fischer, C., Tople, S., & Saxena, P. (2017). A traceability analysis of monero’s blockchain. IACR Cryptology ePrint Archive, 2017, 338.Google Scholar
  46. 46.
    Laguillaumie, F., Langlois, A., Libert, B., & Stehlé, D. (2013). Lattice-based group signatures with logarithmic signature size. In ASIACRYPT (pp. 41–61). Berlin: Springer.CrossRefGoogle Scholar
  47. 47.
    Langlois, A., Ling, S., Nguyen, K., & Wang, H. (2014). Lattice-based group signature scheme with verifier-local revocation. In PKC (pp. 345–361). Berlin: Springer.CrossRefGoogle Scholar
  48. 48.
    Libert, B., Ling, S., Mouhartem, F., Nguyen, K., & Wang, H. (2016). Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions. In ASIACRYPT (pp. 373–403). Berlin: Springer.CrossRefGoogle Scholar
  49. 49.
    Libert, B., Ling, S., Nguyen, K., & Wang, H. (2016). Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In EUROCRYPT (pp. 1–31). Berlin: Springer.Google Scholar
  50. 50.
    Libert, B., Ling, S., Nguyen, K., & Wang, H. (2017). Zero-knowledge arguments for lattice-based prfs and applications to e-cash. In International Conference on the Theory and Application of Cryptology and Information Security (pp. 304–335). Berlin: Springer.CrossRefGoogle Scholar
  51. 51.
    Libert, B., Mouhartem, F., & Nguyen, K. (2016). A lattice-based group signature scheme with message-dependent opening. In ACNS (pp. 137–155). Berlin: Springer.Google Scholar
  52. 52.
    Libert, B., & Yung, M. (2009). Efficient traceable signatures in the standard model. Pairing-Based Cryptography-Pairing, 2009, 187–205.Google Scholar
  53. 53.
    Andrew, Y. (2016). Lindell. Anonymous authentication, Online Database.Google Scholar
  54. 54.
    Ling, S., Nguyen, K., & Wang, H. (2015). Group signatures from lattices: simpler, tighter, shorter, ring-based. In PKC (pp. 427–449). Berlin: Springer.Google Scholar
  55. 55.
    Ling, S., Nguyen, K., Wang, H., & Xu, Y. (2017). Lattice-based group signatures: Achieving full dynamicity with ease. Cryptology ePrint Archive, Report 2017/353. http://eprint.iacr.org/2017/353.
  56. 56.
    Ling, S., Nguyen, K., Wang, H., & Xu, Y. (2018). Constant-size group signatures from lattices. In IACR International Workshop on Public Key Cryptography (pp. 58–88). Berlin: Springer.CrossRefGoogle Scholar
  57. 57.
    Liu, J. K., Au, M. H., Susilo, W., & Zhou, J. (2014). Linkable ring signature with unconditional anonymity. IEEE Transactions on Knowledge and Data Engineering, 26(1), 157–165.CrossRefGoogle Scholar
  58. 58.
    Liu, J. K., Wei, V. K., & Wong, D. S. (2004). Linkable spontaneous anonymous group signature for ad hoc groups. In ACISP (Vol. 4, pp. 325–335). Berlin: Springer.CrossRefGoogle Scholar
  59. 59.
    Liu, J. K., & Wong, D. S. (2005). Linkable ring signatures: Security models and new schemes. In International Conference on Computational Science and Its Applications (pp. 614–623). Berlin: Springer.CrossRefGoogle Scholar
  60. 60.
    Lysyanskaya, A., Rivest, R. L., Sahai, A., & Wolf, S. (1999). Pseudonym systems. In Selected Areas in Cryptography (Vol. 1758, pp. 184–199). Berlin: Springer.CrossRefGoogle Scholar
  61. 61.
    Miers, I., Garman, C., Green, M., & Rubin, A. D. (2013). Zerocoin: Anonymous distributed e-cash from bitcoin. In 2013 IEEE Symposium on Security and Privacy (SP) (pp. 397–411). IEEE.Google Scholar
  62. 62.
    Miller, A., Möser, M., Lee, K., & Narayanan, A. (2017). An empirical analysis of linkability in the monero blockchain. arXiv preprint. arXiv:1704.04299.
  63. 63.
    Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system.Google Scholar
  64. 64.
    Naor, M. (2002). Deniable ring authentication. In Crypto (Vol. 2, pp. 481–498). Berlin: Springer.CrossRefGoogle Scholar
  65. 65.
    Narayanan, A., & Shmatikov, V. (2008). Robust de-anonymization of large sparse datasets. In 2008 IEEE Symposium on Security and Privacy (S&P 2008), May 18–21 2008, Oakland, California, USA (pp. 111–125). IEEE Computer Society.Google Scholar
  66. 66.
    Nguyen, L., & Safavi-Naini, R. (2004). Efficient and provably secure trapdoor-free group signature schemes from bilinear pairings. In International Conference on the Theory and Application of Cryptology and Information Security (pp. 372–386). Berlin: Springer.CrossRefGoogle Scholar
  67. 67.
    Nguyen, L., & Safavi-Naini, R. (2005). Dynamic k-times anonymous authentication. In ACNS (Vol. 3531, pp. 318–333). Berlin: Springer.CrossRefGoogle Scholar
  68. 68.
    Nguyen, P. Q., Zhang, J., & Zhang, Z. (2015). Simpler efficient group signatures from lattices. In PKC (pp. 401–426). Berlin: Springer.Google Scholar
  69. 69.
    Noether, S., & Mackenzie, A. (2016). Ring confidential transactions. Ledger, 1, 1–18.CrossRefGoogle Scholar
  70. 70.
    The Tor Project. List of irc/chat networks that block or support tor. Accessed on 6 Jan 2018.Google Scholar
  71. 71.
    Rivest, R., Shamir, A., & Tauman, Y. (2001). How to leak a secret. Advances inCryptology?ASIACRYPT 2001 (pp. 552–565).CrossRefGoogle Scholar
  72. 72.
    Sasson, E. B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., & Virza, M. (2014). Zerocash: Decentralized anonymous payments from bitcoin. In 2014 IEEE Symposium on Security and Privacy (SP) (pp. 459–474). IEEE.Google Scholar
  73. 73.
    Schäge, S., & Schwenk, J. (2010). A cdh-based ring signature scheme with short signatures and public keys. In Financial Cryptography (Vol. 6052, pp. 129–142). Berlin: Springer.CrossRefGoogle Scholar
  74. 74.
    Shacham, H., & Waters, B. (2007). Efficient ring signatures without random oracles. In Public Key Cryptography (Vol. 4450, pp. 166–180). Berlin: Springer.Google Scholar
  75. 75.
    Shor, P. W. (1994). Algorithms for quantum computation: Discrete logarithms and factoring. In 1994 Proceedings of the 35th Annual Symposium on Foundations of Computer Science (pp. 124–134). IEEE.Google Scholar
  76. 76.
    Sun, S. -F., Au, M. H., Liu, J. K., & Yuen, T. H. (2017). Ringct 2.0: A compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero. In European Symposium on Research in Computer Security (pp. 456–474). Berlin: Springer.CrossRefGoogle Scholar
  77. 77.
    Teranishi, I., Furukawa, J., & Sako, K. (2004). K-times anonymous authentication. In Asiacrypt (Vol. 3329, pp. 308–322). Berlin: Springer.Google Scholar
  78. 78.
    Tsang, P. P., Au, M. H., Kapadia, A., & Smith, S. W. (2007). Blacklistable anonymous credentials: Blocking misbehaving users without ttps. In Proceedings of the 14th ACM Conference on Computer and Communications Security (pp. 72–81). ACM.Google Scholar
  79. 79.
    Tsang, P. P., Au, M. H., Kapadia, A., & Smith, S. W. (2008). Perea: Towards practical ttp-free revocation in anonymous authentication. In Proceedings of the 15th ACM Conference on Computer and Communications Security (pp. 333–344). ACM.Google Scholar
  80. 80.
    Tsang, P. P., & Wei, V. K. (2005). Short linkable ring signatures for e-voting, e-cash and attestation. In ISPEC (Vol. 3439, pp. 48–60). Berlin: Springer.CrossRefGoogle Scholar
  81. 81.
    Tsang, P. P, Wei, V. K., Chan, T. K., Au, M. H., Liu, J. K., & Wong, D. S. (2004). Separable linkable threshold ring signatures. In Indocrypt (Vol. 3348, pp. 384–398). Berlin: Springer.CrossRefGoogle Scholar
  82. 82.
    van Saberhagen, N. (2013). Cryptonote v 2. 0.Google Scholar
  83. 83.
    Yang, R., Au, M. H., Lai, J., Xu, Q., & Yu, Z. (2017). Lattice-based techniques for accountable anonymity: Composition of abstract sterns protocols and weak prf with efficient protocols from lwr. Cryptology ePrint Archive, Report 2017/781. https://eprint.iacr.org/2017/781.
  84. 84.
    Yang, R., Au, M. H., Xu, Q., & Yu, Z. (2017). Decentralized blacklistable anonymous credentials with reputation. In IACR Cryptology ePrint Archive (Vol. 2017, p. 389).Google Scholar
  85. 85.
    Zhang, H., Zhang, F., Tian, H., & Au, M. H. (2018). Anonymous post-quantum cryptocash. In FC.Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Department of ComputingThe Hong Kong Polytechnic UniversityHong KongChina
  2. 2.School of Computer Science and TechnologyShandong UniversityJinanChina

Personalised recommendations