Paper 2018/923

Delegatable Anonymous Credentials from Mercurial Signatures

Elizabeth C. Crites and Anna Lysyanskaya

Abstract

In a delegatable anonymous credential system, participants may use their credentials anonymously as well as anonymously delegate them to other participants. Such systems are more usable than traditional anonymous credential systems because a popular credential issuer can delegate some of its responsibilities without compromising users' privacy. They also provide stronger privacy guarantees than traditional anonymous credential systems because the identities of credential issuers are hidden. The identity of a credential issuer may convey information about a user's identity even when all other information about the user is concealed. The only previously known constructions of delegatable anonymous credentials were prohibitively inefficient. They were based on non-interactive zero-knowledge (NIZK) proofs. In this paper, we provide a simple construction of delegatable anonymous credentials and prove its security in the generic group model. Our construction is direct, not based on NIZK proofs, and is therefore considerably more efficient. In fact, in our construction, only five group elements are needed per link to represent an anonymous credential chain. Our main building block is a new type of signature scheme, a mercurial signature, which allows a signature $\sigma$ on a message $M$ under public key $\mathsf{pk}$ to be transformed into a signature $\sigma'$ on an equivalent but unlinkable message $M'$ under an equivalent but unlinkable public key $\mathsf{pk}'$.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Anonymous credentialssignature schemesgeneric group model.
Contact author(s)
elizabeth_crites @ brown edu
History
2018-10-02: received
Short URL
https://ia.cr/2018/923
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/923,
      author = {Elizabeth C.  Crites and Anna Lysyanskaya},
      title = {Delegatable Anonymous Credentials from Mercurial Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2018/923},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/923}},
      url = {https://eprint.iacr.org/2018/923}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.