Paper 2018/1148

Towards Practical Security of Pseudonymous Signature on the BSI eIDAS Token

Mirosław Kutyłowski, Lucjan Hanzlik, and Kamil Kluczniak

Abstract

In this paper we present an extension of Pseudonymous Signature introduced by the German Federal BSI authority as a part of technical recommendations for electronic identity documents. Without switching to pairing friendly groups we enhance the scheme so that: (a) the issuer does not know the private keys of the citizen (so it cannot impersonate the citizen), (b) a powerful adversary that breaks any number of ID cards created by the Issuer cannot forge new cards that could be proven as fake ones, (c) deanonymization of the pseudonyms used by a citizen is a multi-party protocol, where the consent of each authority is necessary to reveal the identity of a user. (d) we propose extended features concerning fully anonymous signatures and a pragmatic revocation approach. (e) we present an argument for unlinkability (cross-domain anonymity) of the presented schemes. In this way we make a step forwards to overcome the substantial weaknesses of the Pseudonymous Signature scheme. Moreover, the extension is on top of the original scheme with relatively small number of changes, following the strategy of reusing the previous schemes -- thereby reducing the costs of potential technology update.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. Pseudonymous Signature on eIDAS Token - Implementation Based Privacy Threats, Proc. ACISP 2016
DOI
10.1007/978-3-319-40367-0_31
Keywords
anonymitydigital signaturespseudonymdomain specific signatureseIDAS token
Contact author(s)
miroslaw kutylowski @ pwr edu pl
History
2018-12-03: received
Short URL
https://ia.cr/2018/1148
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1148,
      author = {Mirosław Kutyłowski and Lucjan Hanzlik and Kamil Kluczniak},
      title = {Towards Practical Security of Pseudonymous Signature on the {BSI} {eIDAS} Token},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/1148},
      year = {2018},
      doi = {10.1007/978-3-319-40367-0_31},
      url = {https://eprint.iacr.org/2018/1148}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.