Paper 2018/923

Delegatable Anonymous Credentials from Mercurial Signatures

Elizabeth C. Crites and Anna Lysyanskaya


In a delegatable anonymous credential system, participants may use their credentials anonymously as well as anonymously delegate them to other participants. Such systems are more usable than traditional anonymous credential systems because a popular credential issuer can delegate some of its responsibilities without compromising users' privacy. They also provide stronger privacy guarantees than traditional anonymous credential systems because the identities of credential issuers are hidden. The identity of a credential issuer may convey information about a user's identity even when all other information about the user is concealed. The only previously known constructions of delegatable anonymous credentials were prohibitively inefficient. They were based on non-interactive zero-knowledge (NIZK) proofs. In this paper, we provide a simple construction of delegatable anonymous credentials and prove its security in the generic group model. Our construction is direct, not based on NIZK proofs, and is therefore considerably more efficient. In fact, in our construction, only five group elements are needed per link to represent an anonymous credential chain. Our main building block is a new type of signature scheme, a mercurial signature, which allows a signature $\sigma$ on a message $M$ under public key $\mathsf{pk}$ to be transformed into a signature $\sigma'$ on an equivalent but unlinkable message $M'$ under an equivalent but unlinkable public key $\mathsf{pk}'$.

Available format(s)
Publication info
Preprint. MINOR revision.
Anonymous credentialssignature schemesgeneric group model.
Contact author(s)
elizabeth_crites @ brown edu
2018-10-02: received
Short URL
Creative Commons Attribution


      author = {Elizabeth C.  Crites and Anna Lysyanskaya},
      title = {Delegatable Anonymous Credentials from Mercurial Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2018/923},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.