Cryptology ePrint Archive: Report 2008/539

An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials

Jan Camenisch and Markulf Kohlweiss and Claudio Soriente

Abstract: The success of electronic authentication systems, be it e-ID card systems or Internet authentication systems such as CardSpace, highly depends on the provided level of user-privacy. Thereby, an important requirement is an efficient means for revocation of the authentication credentials. In this paper we consider the problem of revocation for certificate-based privacy-protecting authentication systems. To date, the most efficient solutions for revocation for such systems are based on cryptographic accumulators. Here, an accumulate of all currently valid certificates is published regularly and each user holds a {\em witness} enabling her to prove the validity of her (anonymous) credential while retaining anonymity. Unfortunately, the users' witnesses must be updated at least each time a credential is revoked. For the know solutions, these updates are computationally very expensive for users and/or certificate issuers which is very problematic as revocation is a frequent event as practice shows.

In this paper, we propose a new dynamic accumulator scheme based on bilinear maps and show how to apply it to the problem of revocation of anonymous credentials. In the resulting scheme, proving a credential's validity and updating witnesses both come at (virtually) no cost for credential owners and verifiers. In particular, updating a witness requires the issuer to do only one multiplication per addition or revocation of a credential and can also be delegated to untrusted entities from which a user could just retrieve the updated witness. We believe that thereby we provide the first authentication system offering privacy protection suitable for implementation with electronic tokens such as eID cards or drivers' licenses.

Category / Keywords: cryptographic protocols / dynamic accumulators, anonymous credentials, revocation

Publication Info: Full version of the paper accepted at PKC 2009

Date: received 22 Dec 2008

Contact author: csorient at ics uci edu

Available format(s): PDF | BibTeX Citation

Version: 20081228:090018 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]