Paper 2020/657

Traceable Constant-Size Multi-Authority Credentials

Chloé Hébant, Cosmian
David Pointcheval, Département d'Informatique

Many attribute-based anonymous credential (ABC) schemes have been proposed allowing a user to prove the possession of some attributes, anonymously. They became more and more practical with, for the most recent papers, a constant-size credential to show a subset of attributes issued by a unique credential issuer. However, proving possession of attributes coming from $K$ different credential issuers usually requires $K$ independent credentials to be shown. Only attribute-based credential schemes from aggregate signatures can overcome this issue. In this paper, we propose new ABC schemes from aggregate signatures with randomizable tags. We consider malicious credential issuers, with adaptive corruptions and collusions with malicious users. Whereas our constructions only support selective disclosures of attributes, to remain compact, our approach significantly improves the complexity in both time and memory of the showing of multiple attributes: for the first time, the cost for the prover is (almost) independent of the number of attributes and the number of credential issuers. Whereas anonymous credentials require privacy of the user, we also propose the first schemes allowing traceability by a specific tracing authority.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. SCN 2022
Anonymous credentials aggregatable signatures traceability
Contact author(s)
chloe hebant @ cosmian com
david pointcheval @ ens fr
2022-09-06: last of 3 revisions
2020-06-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Chloé Hébant and David Pointcheval},
      title = {Traceable Constant-Size Multi-Authority Credentials},
      howpublished = {Cryptology ePrint Archive, Paper 2020/657},
      year = {2020},
      doi = {10.1007/978-3-031-14791-3_18},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.