Cryptology ePrint Archive: Report 2014/708

Formal Treatment of Privacy-Enhancing Credential Systems

Jan Camenisch and Stephan Krenn and Anja Lehmann and Gert Læssøe Mikkelsen and Gregory Neven and Michael Østergaard Pedersen

Abstract: Privacy-enhancing attribute-based credentials (PABCs) are the core ingredient to privacy-friendly authentication systems, allowing users to obtain credentials on attributes and prove possession of these credentials in an unlinkable fashion while revealing only a subset of the attributes. To be useful in practice, however, PABCs typically need additional features such as i) revocation, ii) pooling prevention by binding credentials to users' secret keys, iii) pseudonyms as privacy-friendly user public keys, iv) proving equality of attributes without revealing their values, v) or advanced issuance where attributes can be "blindly" carried over into new credentials. Provably secure solutions exist for most of these features in isolation, but it is unclear how they can be securely combined into a full-fledged PABC system, or even which properties such a system would aim to fulfill. We provide a formal treatment of PABC systems supporting the mentioned features by defining their syntax and security properties, resulting in the most comprehensive definitional framework for PABCs so far. Unlike previous efforts, our definitions are not targeted at one specific use-case; rather, we try to capture generic properties that can be useful in a variety of scenarios. We believe that our definitions can also be used as a starting point for diverse application-dependent extensions and variations of PABCs. We present and prove secure a generic and modular construction of a PABC system from simpler building blocks, allowing for a "plug-and-play" composition based on different instantiations of the building blocks. Finally, we give secure instantiations for each of the building blocks, including in particular instantiations based on CL- and Brands-signatures which are the core of the Idemix and U-Prove protocols.

Category / Keywords: cryptographic protocols / Privacy; attribute-based credentials; anonymous credentials; provable security; strong authentication

Date: received 8 Sep 2014

Contact author: skr at zurich ibm com

Available format(s): PDF | BibTeX Citation

Version: 20140909:080709 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]