### An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation

Jan Camenisch and Anna Lysyanskaya

##### Abstract

A credential system is a system in which users can obtain credentials from organizations and demonstrate possession of these credentials. Such a system is anonymous when transactions carried out by the same user cannot be linked. An anonymous credential system is of significant practical relevance because it is the best means of providing privacy for users. In this paper we propose a practical anonymous credential system that is based on the strong RSA assumption and the decisional Diffie-Hellman assumption modulo a safe prime product and is considerably superior to existing ones: (1) We give the first practical solution that allows a user to unlinkably demonstrate possession of a credential as many times as necessary without involving the issuing organization. (2) To prevent misuse of anonymity, our scheme is the first to offer optional anonymity revocation for particular transactions. (3) Our scheme offers separability: all organizations can choose their cryptographic keys independently of each other. Moreover, we suggest more effective means of preventing users from sharing their credentials, by introducing {\em all-or-nothing} sharing: a user who allows a friend to use one of her credentials once, gives him the ability to use all of her credentials, i.e., taking over her identity. This is implemented by a new primitive, called {\em circular encryption}, which is of independent interest, and can be realized from any semantically secure cryptosystem in the random oracle model.

Available format(s)
Category
Cryptographic protocols
Publication info
Published elsewhere. Extended version of what is going to appear in EUROCPRYPT 2001
Contact author(s)
jca @ zurich ibm com
History
Short URL
https://ia.cr/2001/019

CC BY

BibTeX

@misc{cryptoeprint:2001/019,
author = {Jan Camenisch and Anna Lysyanskaya},
title = {An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation},
howpublished = {Cryptology ePrint Archive, Paper 2001/019},
year = {2001},
note = {\url{https://eprint.iacr.org/2001/019}},
url = {https://eprint.iacr.org/2001/019}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.