Cryptology ePrint Archive: Report 2020/072

Efficient Anonymous Tokens with Private Metadata Bit

Ben Kreuter and Tancrede Lepoint and Michele Orru and Mariana Raykova

Abstract: We present a cryptographic construction for anonymous tokens with private metadata bit, called PMBTokens. This primitive enables an issuer to provide a user with anonymous trust tokens that can embed a single private bit, which is accessible only to the party who holds the secret authority key and is private with respect to anyone else. Our construction extends the functionality of Privacy Pass (PETS 2018) with this private metadata bit capability. It provides unforgeability, unlinkability, and privacy for the metadata bit properties based on the DDH and CTDH assumptions in the random oracle model.

Both Privacy Pass and PMBTokens rely on discrete logarithm proofs (DLog equality, or OR of DLog equality). We present techniques to remove the need for proofs of knowledge in these constructions and achieve a slightly weaker notion of unlinkability.

We implement our constructions and we report their efficiency costs.

Category / Keywords: cryptographic protocols /

Date: received 23 Jan 2020, last revised 24 Mar 2020

Contact author: benkreuter at google com,tancrede@google com,michele orru@ens fr,marianar@google com

Available format(s): PDF | BibTeX Citation

Version: 20200324:214215 (All versions of this report)

Short URL: ia.cr/2020/072


[ Cryptology ePrint archive ]