Paper 2012/298

Anonymous Credentials Light

Foteini Baldimtsi and Anna Lysyanskaya


We define and propose an efficient and provably secure construction of blind signatures with attributes. Prior notions of blind signatures did not yield themselves to the construction of anonymous credential systems, not even if we drop the unlinkability requirement of anonymous credentials. Our new notion in contrast is a convenient building block for anonymous credential systems. The construction we propose is efficient: it requires just a few exponentiations in a prime-order group in which the decisional Diffie-Hellman problem is hard. Thus, for the first time, we give a provably secure construction of anonymous credentials that can work in the elliptic group setting without bilinear pairings. In contrast, prior provably secure constructions were based on the RSA group or on groups with pairings, which made them prohibitively inefficient for mobile devices, RFIDs and smartcards. The only prior efficient construction that could work in such elliptic curve groups, due to Brands, does not have a proof of security.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Anonymous credentialsattributesblind signatureslightweight devicesprivate identity management.
Contact author(s)
foteini @ cs brown edu
2013-05-22: revised
2012-06-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Foteini Baldimtsi and Anna Lysyanskaya},
      title = {Anonymous Credentials Light},
      howpublished = {Cryptology ePrint Archive, Paper 2012/298},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.