Paper 2014/073

Anonymous Authentication with Shared Secrets

Joel Alwen, Martin Hirt, Ueli Maurer, Arpita Patra, and Pavel Raykov


Anonymity and authenticity are both important yet often conflicting security goals in a wide range of applications. On the one hand for many applications (say for access control) it is crucial to be able to verify the identity of a given legitimate party (a.k.a. entity authentication). Alternatively an application might require that no one but a party can communicate on its behalf (a.k.a. message authentication). Yet, on the other hand privacy concerns also dictate that anonymity of a legitimate party should be preserved; that is no information concerning the identity of parties should be leaked to an outside entity eavesdropping on the communication. This conflict becomes even more acute when considering anonymity with respect to an active entity that may attempt to impersonate other parties in the system. In this work we resolve this conflict in two steps. First we formalize what it means for a system to provide both authenticity and anonymity even in the presence of an active man-in-the-middle adversary for various specific applications such as message and entity authentication using the constructive cryptography framework of~\cite{Mau11}. Our approach inherits the composability statement of constructive cryptography and can therefore be directly used in any higher-level context. Next we demonstrate several simple protocols for realizing these systems, at times relying on a new type of (probabilistic) Message Authentication Code (MAC) called \emph{key indistinguishable} (KI) MACs. Similar to the key hiding encryption schemes of~\cite{BellareBDP01} they guarantee that tags leak no discernible information about the keys used to generate them.

Available format(s)
Publication info
Preprint. MINOR revision.
AnonymityAuthenticationKey Indistinguishabilitiy
Contact author(s)
raykov pavel @ gmail com
2014-02-04: received
Short URL
Creative Commons Attribution


      author = {Joel Alwen and Martin Hirt and Ueli Maurer and Arpita Patra and Pavel Raykov},
      title = {Anonymous Authentication with Shared Secrets},
      howpublished = {Cryptology ePrint Archive, Paper 2014/073},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.