Paper 2018/1148
Towards Practical Security of Pseudonymous Signature on the BSI eIDAS Token
Mirosław Kutyłowski, Lucjan Hanzlik, and Kamil Kluczniak
Abstract
In this paper we present an extension of Pseudonymous Signature introduced by the German Federal BSI authority as a part of technical recommendations for electronic identity documents. Without switching to pairing friendly groups we enhance the scheme so that: (a) the issuer does not know the private keys of the citizen (so it cannot impersonate the citizen), (b) a powerful adversary that breaks any number of ID cards created by the Issuer cannot forge new cards that could be proven as fake ones, (c) deanonymization of the pseudonyms used by a citizen is a multi-party protocol, where the consent of each authority is necessary to reveal the identity of a user. (d) we propose extended features concerning fully anonymous signatures and a pragmatic revocation approach. (e) we present an argument for unlinkability (cross-domain anonymity) of the presented schemes. In this way we make a step forwards to overcome the substantial weaknesses of the Pseudonymous Signature scheme. Moreover, the extension is on top of the original scheme with relatively small number of changes, following the strategy of reusing the previous schemes -- thereby reducing the costs of potential technology update.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. Pseudonymous Signature on eIDAS Token - Implementation Based Privacy Threats, Proc. ACISP 2016
- DOI
- 10.1007/978-3-319-40367-0_31
- Keywords
- anonymitydigital signaturespseudonymdomain specific signatureseIDAS token
- Contact author(s)
- miroslaw kutylowski @ pwr edu pl
- History
- 2018-12-03: received
- Short URL
- https://ia.cr/2018/1148
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/1148, author = {Mirosław Kutyłowski and Lucjan Hanzlik and Kamil Kluczniak}, title = {Towards Practical Security of Pseudonymous Signature on the {BSI} {eIDAS} Token}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/1148}, year = {2018}, doi = {10.1007/978-3-319-40367-0_31}, url = {https://eprint.iacr.org/2018/1148} }