Cryptology ePrint Archive: Report 2014/684

Towards a Full-Featured Implementation of Attribute Based Credentials on Smart Cards

Antonio de la Piedra and Jaap-Henk Hoepman and Pim Vullers

Abstract: Attribute-based Credentials (ABCs) allow citizens to prove certain properties about themselves without necessarily revealing their full identity. Smart cards are an attractive container for such credentials, for security and privacy reasons. But their limited processing power and random access storage capacity pose a severe challenge. Recently, we, the IRMA team, managed to fully implement a limited subset of the Idemix ABC system on a smart card, with acceptable running times. In this paper we extend this functionality by overcoming the main hurdle: limited RAM. We implement an efficient extended Pseudo-Random Number Generator (PRNG) for recomputing pseudorandomness and reconstructing variables. Using this we implement Idemix standard and domain pseudonyms, AND proofs based on prime-encoded attributes, and equality proofs of representation modulo a composite, together with terminal verification and secure messaging. In contrast to prior work that only addressed the verification of one credential with only one attribute (particularly, the master secret), we can now perform multi-credential proofs on credentials of 5 attributes and complex proofs in reasonable time. We provide a detailed performance analysis and compare our results to other approaches.

Category / Keywords: implementation / Attribute-based credentials, smart cards, privacy

Original Publication (in the same form): CANS 2014

Date: received 1 Sep 2014, last revised 3 Sep 2014

Contact author: A delaPiedra at cs ru nl

Available format(s): PDF | BibTeX Citation

Version: 20140903:075633 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]