Cryptology ePrint Archive: Report 2018/1148

Towards Practical Security of Pseudonymous Signature on the BSI eIDAS Token

Mirosław Kutyłowski and Lucjan Hanzlik and Kamil Kluczniak

Abstract: In this paper we present an extension of Pseudonymous Signature introduced by the German Federal BSI authority as a part of technical recommendations for electronic identity documents. Without switching to pairing friendly groups we enhance the scheme so that: (a) the issuer does not know the private keys of the citizen (so it cannot impersonate the citizen), (b) a powerful adversary that breaks any number of ID cards created by the Issuer cannot forge new cards that could be proven as fake ones, (c) deanonymization of the pseudonyms used by a citizen is a multi-party protocol, where the consent of each authority is necessary to reveal the identity of a user. (d) we propose extended features concerning fully anonymous signatures and a pragmatic revocation approach. (e) we present an argument for unlinkability (cross-domain anonymity) of the presented schemes. In this way we make a step forwards to overcome the substantial weaknesses of the Pseudonymous Signature scheme. Moreover, the extension is on top of the original scheme with relatively small number of changes, following the strategy of reusing the previous schemes -- thereby reducing the costs of potential technology update.

Category / Keywords: cryptographic protocols / anonymity, digital signatures, pseudonym, domain specific signatures, eIDAS token

Original Publication (with major differences): Pseudonymous Signature on eIDAS Token - Implementation Based Privacy Threats, Proc. ACISP 2016

Date: received 24 Nov 2018

Contact author: miroslaw kutylowski at pwr edu pl

Available format(s): PDF | BibTeX Citation

Version: 20181203:022540 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]