Paper 2015/108

TRACING ATTACKS ON U-PROVE WITH REVOCATION MECHANISM

Lucjan Hanzlik, Przemysław Kubiak, and Mirosław Kutyłowski

Abstract

Anonymous credential systems have to provide strong privacy protection. A user presenting anonymous credentials may prove his (chosen) attributes without leaking informations about his identity. In this paper we consider U-Prove -- one of the major commercial anonymous credential systems. We show that the efficient revocation mechanism designed for U-Prove enables a system provider to efficiently trace the users' activities. Namely, the Revocation Authority run the system provider may execute the U-Prove protocol in a malicious way so that: (a) the deviations from the protocol remain undetected, (b) the Revocation Authority becomes aware of each single authentication of a user in the whole system and can link them (regardless which attributes are disclosed by the user against the verifiers), (c) can link presentation tokens with the corresponding token issuing procedure (under some conditions). Thereby, the system described in the technical drafts of U-Prove does not protect privacy of a user unless one can unconditionally trust the system provider. In fact, a malicious system provider may convert the Revocation Authority into a ``Big Brother'' installation.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. to appear at ACM ASIA CCS 2015
Keywords
anonymous credentialU-Proverevocationtracing attackcryptographic accumulatorwitness
Contact author(s)
przemyslaw kubiak @ pwr wroc pl
History
2015-02-24: received
Short URL
https://ia.cr/2015/108
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/108,
      author = {Lucjan Hanzlik and Przemysław Kubiak and Mirosław Kutyłowski},
      title = {{TRACING} {ATTACKS} {ON} U-{PROVE} {WITH} {REVOCATION} {MECHANISM}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/108},
      year = {2015},
      url = {https://eprint.iacr.org/2015/108}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.