Paper 2017/115

An efficient self-blindable attribute-based credential scheme

Sietse Ringers, Eric Verheul, and Jaap-Henk Hoepman


An attribute-based credential scheme allows a user, given a set of attributes, to prove ownership of these attributes to a verifier, voluntarily disclosing some of them while keeping the others secret. A number of such schemes exist, of which some additionally provide unlinkability: that is, when the same attributes were disclosed in two transactions, it is not possible to tell if one and the same or two different credentials were involved. Recently full-fledged implementations of such schemes on smart cards have emerged; however, these need to compromise the security level to achieve reasonable transaction speeds. In this paper we present a new unlinkable attribute-based credential scheme with a full security proof, using a known hardness assumption in the standard model. Defined on elliptic curves, the scheme involves bilinear pairings but only on the verifier's side, making it very efficient both in terms of speed and size on the user's side.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. Financial Cryptography 2017
anonymous credentialsattribute-based credentialselliptic curve cryptosystembilinear pairings
Contact author(s)
sringers @ cs ru nl
2017-07-03: last of 2 revisions
2017-02-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sietse Ringers and Eric Verheul and Jaap-Henk Hoepman},
      title = {An efficient self-blindable attribute-based credential scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2017/115},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.