Cryptology ePrint Archive: Report 2014/468
Privacy-Preserving Auditing for Attribute-Based Credentials
Jan Camenisch, Anja Lehmann, Gregory Neven, Alfredo Rial
Abstract: Privacy-enhancing attribute-based credentials (PABCs) allow users to authenticate to verifiers in a data-minimizing way, in the sense that users are unlinkable between authentications and only disclose those attributes from their credentials that are relevant to the verifier. We propose a practical scheme to apply the same data minimization principle when the verifiers’ authentication logs are subjected to external audits. Namely, we propose an extended PABC scheme where the verifier can further remove attributes from presentation tokens before handing them to an auditor, while preserving the verifiability of the audited tokens. We present a generic construction based on a signature, a signature of knowledge and a trapdoor commitment scheme, prove it secure in the universal composability framework, and give efficient instantiations based on the strong RSA and Decision Composite Residuosity (DCR) assumptions in the random-oracle model.
Category / Keywords: cryptographic protocols / privacy-enhancing credentials, data minimization, auditing
Original Publication (with major differences): ESORICS 2014
Date: received 16 Jun 2014
Contact author: anj at zurich ibm com
Available format(s): PDF | BibTeX Citation
Version: 20140621:045330 (All versions of this report)
Short URL: ia.cr/2014/468
[ Cryptology ePrint archive ]