The Self-blindable U-Prove Scheme from FC’14 Is Forgeable (Short Paper)

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9603)


Recently an unlinkable version of the U-Prove attribute-based credential scheme was proposed at Financial Crypto’14 [9]. Unfortunately, the new scheme is forgeable: if sufficiently many users work together then they can construct new credentials, containing any set of attributes of their choice, without any involvement of the issuer. In this note we show how they can achieve this and we point out the error in the unforgeability proof.


  1. 1.
    Alpár, G., Hoepman, J., Siljee, J.: The identity crisis. security, privacy and usability issues in identity management. CoRR abs/1101.0427 (2011).
  2. 2.
    Bellare, M., Palacio, A.: The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 273–289. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_17 CrossRefGoogle Scholar
  3. 3.
    Bichsel, P., Camenisch, J., Dubovitskaya, M., Enderlein, R.R., Krenn, S., Krontiris, I., Lehmann, A., Neven, G., Nielsen, J.D., Paquin, C., Preiss, F.S., Rannenberg, K., Sabouri, A., Stausholm, M.: D2.2 architecture for attribute-based credential technologies. Technical report, final version, ABC4Trust (2014).
  4. 4.
    Bitansky, N., Canetti, R., Chiesa, A., Goldwasser, S., Lin, H., Rubinstein, A., Tromer, E.: The hunting of the SNARK. IACR Cryptology ePrint Archive 2014 (2014).
  5. 5.
    Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge (2005)zbMATHGoogle Scholar
  6. 6.
    Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)Google Scholar
  7. 7.
    Damgård, I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992). doi: 10.1007/3-540-46766-1_36 Google Scholar
  8. 8.
    Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Hanzlik, L., Kluczniak, K.: A short paper on how to improve U-Prove using self-blindable certificates. In: Christin, N., Safavi-Naini, R. (eds.) Financial Cryptography and Data Security. LNCS, pp. 273–282. Springer, Heidelberg (2014)Google Scholar
  10. 10.
    Paquin, C., Zaverucha, G.: U-prove cryptographic specification v1.1 (revision 3), December 2013., released under the Open Specification Promise
  11. 11.
    Verheul, E.R.: Self-blindable credential certificates from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 533–551. Springer, Heidelberg (2001). doi: 10.1007/3-540-45682-1_31 CrossRefGoogle Scholar

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  1. 1.Radboud UniversityNijmegenThe Netherlands
  2. 2.Johann Bernoulli Institute for Mathematics and Computer ScienceUniversity of GroningenGroningenThe Netherlands

Personalised recommendations