Skip to main content

On Linkability and Malleability in Self-blindable Credentials

Part of the Lecture Notes in Computer Science book series (LNSC,volume 9311)


Self-blindable credential schemes allow users to anonymously prove ownership of credentials. This is achieved by randomizing the credential before each showing in such a way that it still remains valid. As a result, each time a different version of the same credential is presented. A number of such schemes have been proposed, but unfortunately many of them are broken, in the sense that they are linkable (i.e., failing to protect the privacy of the user), or malleable (i.e., they allow users to create new credentials using one or more valid credentials given to them). In this paper we prove a general theorem that relates linkability and malleability in self-blindable credential schemes, and that can test whether a scheme is linkable or malleable. After that we apply the theorem to a number of self-blindable credential schemes to show that they suffer from one or both of these issues.


  • Smart Card
  • Signature Scheme
  • Blinded Signature
  • Credential Scheme
  • Valid Signature

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in Elliptic Curve Cryptography. Cambridge University Press (2005), Cambridge Books Online

    Google Scholar 

  2. Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptology 21(2), 149–177 (2008)

    MathSciNet  CrossRef  MATH  Google Scholar 

  3. Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press (2000)

    Google Scholar 

  4. Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  5. Camenisch, J.L., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  6. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)

    CrossRef  Google Scholar 

  7. Emura, K., Miyaji, A., Omote, K.: A certificate revocable anonymous authentication scheme with designated verifier. In: Proceedings of the Forth International Conference on Availability, Reliability and Security, ARES 2009, Fukuoka, Japan, March 16–19, 2009, pp. 769–773. IEEE Computer Society (2009)

    Google Scholar 

  8. Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discrete Applied Mathematics 156(16), 3113–3121 (2008)

    MathSciNet  CrossRef  MATH  Google Scholar 

  9. Hoepman, J.H., Jacobs, B., Vullers, P.: Privacy and security issues in e-ticketing - optimisation of smart card-based attribute-proving. In: Cortier, V., Ryan, M., Shmatikov, V. (eds.) Proceedings of the Workshop on Foundations of Security and Privacy, FCS-PrivMod 2010, Edinburgh, UK, July 14–15, 2010, July 2010

    Google Scholar 

  10. IBM Research Zurich Security Team: Specification of the Identity Mixer cryptographic library, version 2.3.4. Tech. rep., IBM Research, Zurich, February 2012

    Google Scholar 

  11. Kiyomoto, S., Tanaka, T.: Anonymous attribute authentication scheme using self-blindable certificates. In: Proceedings of the IEEE International Conference on Intelligence and Security Informatics, ISI 2008, Taipei, Taiwan, June 17–20, 2008, pp. 215–217. IEEE (2008)

    Google Scholar 

  12. Paquin, C., Zaverucha, G.: U-prove cryptographic specification v1.1 (revision 3), December 2013., released under the Open Specification Promise

  13. Verheul, E.R.: Self-blindable credential certificates from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 533–551. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Sietse Ringers .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2015 IFIP International Federation for Information Processing

About this paper

Cite this paper

Hoepman, JH., Lueks, W., Ringers, S. (2015). On Linkability and Malleability in Self-blindable Credentials. In: Akram, R., Jajodia, S. (eds) Information Security Theory and Practice. WISTP 2015. Lecture Notes in Computer Science(), vol 9311. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24017-6

  • Online ISBN: 978-3-319-24018-3

  • eBook Packages: Computer ScienceComputer Science (R0)