Paper 2021/1669

Multi-Issuer Anonymous Credentials Without a Root Authority

Kaoutar Elkhiyaoui, Angelo De Caro, and Elli Androulaki


The rise of blockchain technology has boosted interest in privacy-enhancing technologies, in particular, anonymous transaction authentication. Permissionless blockchains realize transaction anonymity through one-time pseudonyms, whereas permissioned blockchains leverage anonymous credentials. Earlier solutions of anonymous credentials assume a single issuer; as a result, they hide the identity of users but still reveal the identity of the issuer. A countermeasure is delegatable credentials, which support multiple issuers as long as a root authority exists. Assuming a root authority however, is unsuitable for blockchain technology and decentralized applications. This paper introduces a solution for anonymous credentials that guarantees user anonymity, even without a root authority. The proposed solution is secure in the universal composability framework and allows users to produce anonymous signatures that are logarithmic in the number of issuers and constant in the number of user attributes.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Anynymous CredentialsMultiple IssuersBlockchain
Contact author(s)
kao @ zurich ibm com
2022-01-03: revised
2021-12-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kaoutar Elkhiyaoui and Angelo De Caro and Elli Androulaki},
      title = {Multi-Issuer Anonymous Credentials Without a Root Authority},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1669},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.