Cryptology ePrint Archive: Report 2007/384

Non-Interactive Anonymous Credentials

Mira Belenkiy and Melissa Chase and Markulf Kohlweiss and Anna Lysyanskaya

Abstract: In this paper, we introduce P-signatures. A P-signature scheme consists of a signature scheme, a commitment scheme, and (1) an interactive protocol for obtaining a signature on a committed value; (2) a non-interactive proof system for proving that the contents of a commitment has been signed; (3) a non-interactive proof system for proving that a pair of commitments are commitments to the same value. We give a definition of security for P-signatures and show how they can be realized under appropriate assumptions about groups with bilinear map. Namely, we make extensive use of the powerful suite of non-interactive proof techniques due to Groth and Sahai.

Our P-signatures enable, for the first time, the design of a practical non-interactive anonymous credential system whose security does not rely on the random oracle model. In addition, they may serve as a useful building block for other privacy-preserving authentication mechanisms.

Category / Keywords: cryptographic protocols / zero knowledge, anonymous credentials, CL-signatures

Publication Info: Manuscript

Date: received 29 Sep 2007, last revised 6 Oct 2007

Contact author: markulf kohlweiss at esat kuleuven be

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20071006:151326 (All versions of this report)

Short URL: ia.cr/2007/384

Discussion forum: Show discussion | Start new discussion