Paper 2017/1106

Formal Analysis of a TTP-Free Blacklistable Anonymous Credentials System (Full Version)

Weijin Wang, Yu Qin, Jingbin Liu, and Dengguo Feng

Abstract

This paper firstly introduces a novel security definition for BLAC-like schemes (BLAC represents TTP-free BLacklist-able Anonymous Credentials) in the symbolic model using applied pi calculus, which is suitable for automated reasoning via a certain formal analysis tool. We model the definitions of some common security properties: authenticity, non-framebility, mis-authentication resistance and privacy (anonymity and unlinkability). Then the case study of these security definitions is demonstrated by modelling and analyzing BLACR (BLAC with Reputation) system. We verify these security properties by Blanchet’s ProVerif and a ZKP (Zero-Knowledge Proof) compiler developed by Backes et al.. In particular, we model and analyze the express-lane authentication in BLACR system. The analysis discovers a known attack that can be carried out by any potential user. This attack allows a user escaping from being revoked as he wishes. We provide a revised variant that can be proved successfully by ProVerif as well, which also indicates that the fix provided by ExBLACR (Extending BLACR) is incorrect.

Note: I miss adding “and” between the authors’ names

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. ICICS 2017 (will appear)
Keywords
Formal analysisAnonymous CredentialProVerifBLACR
Contact author(s)
wangweijin @ tca iscas ac cn
History
2017-11-20: received
Short URL
https://ia.cr/2017/1106
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1106,
      author = {Weijin Wang and Yu Qin and Jingbin Liu and Dengguo Feng},
      title = {Formal Analysis of a TTP-Free Blacklistable Anonymous Credentials System (Full Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1106},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/1106}},
      url = {https://eprint.iacr.org/2017/1106}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.