Cryptology ePrint Archive: Report 2017/043

Accumulators with Applications to Anonymity-Preserving Revocation

Foteini Baldimtsi and Jan Camenisch and Maria Dubovitskaya and Anna Lysyanskaya and Leonid Reyzin and Kai Samelin and Sophia Yakoubov

Abstract: Membership revocation is essential for cryptographic applications, from traditional PKIs to group signatures and anonymous credentials. Of the various solutions for the revocation problem that have been explored, dynamic accumulators are one of the most promising. We propose Braavos, a new, RSA-based, dynamic accumulator. It has optimal communication complexity and, when combined with efficient zero-knowledge proofs, provides an ideal solution for anonymous revocation. For the construction of Braavos we use a modular approach: we show how to build an accumulator with better functionality and security from accumulators with fewer features and weaker security guarantees. We then describe an anonymous revocation component (ARC) that can be instantiated using any dynamic accumulator. ARC can be added to any anonymous system, such as anonymous credentials or group signatures, in order to equip it with a revocation functionality. Finally, we implement ARC with Braavos and plug it into Idemix, the leading implementation of anonymous credentials. This work resolves, for the first time, the problem of practical revocation for anonymous credential systems.

Category / Keywords: accumulators, anonymous credentials, revocation

Original Publication (with minor differences): IEEE European Symposium on Security and Privacy 2017

Date: received 18 Jan 2017, last revised 24 Jan 2017

Contact author: sophia yakoubov at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20170124:122235 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]