Cryptology ePrint Archive: Report 2017/1106

Formal Analysis of a TTP-Free Blacklistable Anonymous Credentials System (Full Version)

Weijin Wang and Yu Qin and Jingbin Liu and Dengguo Feng

Abstract: This paper firstly introduces a novel security definition for BLAC-like schemes (BLAC represents TTP-free BLacklist-able Anonymous Credentials) in the symbolic model using applied pi calculus, which is suitable for automated reasoning via a certain formal analysis tool. We model the definitions of some common security properties: authenticity, non-framebility, mis-authentication resistance and privacy (anonymity and unlinkability). Then the case study of these security definitions is demonstrated by modelling and analyzing BLACR (BLAC with Reputation) system. We verify these security properties by Blanchet’s ProVerif and a ZKP (Zero-Knowledge Proof) compiler developed by Backes et al.. In particular, we model and analyze the express-lane authentication in BLACR system. The analysis discovers a known attack that can be carried out by any potential user. This attack allows a user escaping from being revoked as he wishes. We provide a revised variant that can be proved successfully by ProVerif as well, which also indicates that the fix provided by ExBLACR (Extending BLACR) is incorrect.

Category / Keywords: Formal analysis, Anonymous Credential, ProVerif, BLACR

Original Publication (with minor differences): ICICS 2017 (will appear)

Date: received 3 Nov 2017, last revised 18 Nov 2017

Contact author: wangweijin at tca iscas ac cn

Available format(s): PDF | BibTeX Citation

Note: I miss adding “and” between the authors’ names

Version: 20171120:133814 (All versions of this report)

Short URL: ia.cr/2017/1106

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]