Paper 2012/356

Fully Anonymous Attribute Tokens from Lattices

Jan Camenisch, Gregory Neven, and Markus Rückert


Anonymous authentication schemes such as group signatures and anonymous credentials are important privacy-protecting tools in electronic communications. The only currently known scheme based on assumptions that resist quantum attacks is the group signature scheme by Gordon et al. (ASIACRYPT 2010). We present a generalization of group signatures called *anonymous attribute tokens* where users are issued attribute-containing credentials that they can use to anonymously sign messages and generate tokens revealing only a subset of their attributes. We present two lattice-based constructions of this new primitive, one with and one without opening capabilities for the group manager. The latter construction directly yields as a special case the first lattice-based group signature scheme offering full anonymity (in the random-oracle model), as opposed to the practically less relevant notion of chosen-plaintext anonymity offered by the scheme of Gordon et al. We also extend our scheme to protect users from framing attacks by the group manager, where the latter creates tokens or signatures in the name of honest users. Our constructions involve new lattice-based tools for aggregating signatures and verifiable CCA2-secure encryption.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. SCN 2012
Anonymous attribute tokensgroup signatureslatticespost-quantum cryptography.
Contact author(s)
markus rueckert @ cased de
2012-06-22: received
Short URL
Creative Commons Attribution


      author = {Jan Camenisch and Gregory Neven and Markus Rückert},
      title = {Fully Anonymous Attribute Tokens from Lattices},
      howpublished = {Cryptology ePrint Archive, Paper 2012/356},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.