To this end, we construct two algebraic MACs in prime-order groups, along with efficient protocols for issuing credentials, asserting possession a credential, and proving statements about hidden attributes (e.g., the age of the credential owner). We prove the security of the first scheme in the generic group model, and prove the security of the second scheme -- using a dual-system-based approach -- under decisional Diffie-Hellman (DDH). Our MACs are of independent interest, as they are the only uf-cmva-secure MACs with efficient proofs of knowledge.
Finally, we compare the efficiency of our new systems to two existing constructions of anonymous credentials: U-Prove and Idemix. We show that the performance of the new schemes is competitive with U-Prove (which is not provably secure, whereas ours is based on DDH), and many times faster than Idemix.Category / Keywords: cryptographic protocols / anonymous credentials Date: received 19 Aug 2013, last revised 31 Oct 2013 Contact author: gregz at microsoft com Available format(s): PDF | BibTeX Citation Note: The DDH-based MAC and its proof of security have been simplified. Version: 20131031:165425 (All versions of this report) Short URL: ia.cr/2013/516 Discussion forum: Show discussion | Start new discussion