Paper 2018/923
Delegatable Anonymous Credentials from Mercurial Signatures
Elizabeth C. Crites and Anna Lysyanskaya
Abstract
In a delegatable anonymous credential system, participants may use their credentials anonymously as well as anonymously delegate them to other participants. Such systems are more usable than traditional anonymous credential systems because a popular credential issuer can delegate some of its responsibilities without compromising users' privacy. They also provide stronger privacy guarantees than traditional anonymous credential systems because the identities of credential issuers are hidden. The identity of a credential issuer may convey information about a user's identity even when all other information about the user is concealed. The only previously known constructions of delegatable anonymous credentials were prohibitively inefficient. They were based on non-interactive zero-knowledge (NIZK) proofs. In this paper, we provide a simple construction of delegatable anonymous credentials and prove its security in the generic group model. Our construction is direct, not based on NIZK proofs, and is therefore considerably more efficient. In fact, in our construction, only five group elements are needed per link to represent an anonymous credential chain. Our main building block is a new type of signature scheme, a mercurial signature, which allows a signature $\sigma$ on a message $M$ under public key $\mathsf{pk}$ to be transformed into a signature $\sigma'$ on an equivalent but unlinkable message $M'$ under an equivalent but unlinkable public key $\mathsf{pk}'$.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- Anonymous credentialssignature schemesgeneric group model.
- Contact author(s)
- elizabeth_crites @ brown edu
- History
- 2018-10-02: received
- Short URL
- https://ia.cr/2018/923
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/923, author = {Elizabeth C. Crites and Anna Lysyanskaya}, title = {Delegatable Anonymous Credentials from Mercurial Signatures}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/923}, year = {2018}, url = {https://eprint.iacr.org/2018/923} }