Cryptology ePrint Archive: Report 2015/725

The self-blindable U-Prove scheme from FC'14 is forgeable

Eric Verheul and Sietse Ringers and Jaap-Henk Hoepman

Abstract: Recently an unlinkable version of the U-Prove attribute-based credential scheme was proposed at Financial Crypto '14. Unfortunately, the new scheme is forgeable: if sufficiently many users work together then they can construct new credentials, containing any set of attributes of their choice, without any involvement of the issuer. In this note we show how they can achieve this and we point out the error in the unforgeability proof.

Category / Keywords: cryptographic protocols / anonymous credentials, attribute-based credentials

Original Publication (in the same form): Financial Cryptography 2016

Date: received 20 Jul 2015, last revised 10 Feb 2016

Contact author: s ringers at rug nl

Available format(s): PDF | BibTeX Citation

Version: 20160210:210245 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]