Paper 2022/004
Publicly verifiable anonymous tokens with private metadata bit
Fabrice Benhamouda, Tancrède Lepoint, Michele Orrù, and Mariana Raykova
Abstract
We present a new construction for publicly verifiable anonymous tokens with private metadata. This primitive enables an issuer to generate an anonymous authentication token for a user while embedding a single private metadata bit. The token can be publicly verified, while the value of the private metadata is only accessible to the party holding the secret issuing key and remains hidden to any other party, even to the user. The security properties of this primitive also include unforgeability, which guarantees that only the issuer can generate new valid tokens, and unlinkability that guarantees that tokens issued with the same private metadata bit are indistinguishable. Our anonymous tokens scheme builds on the top of blind Schnorr signatures. We analyze its security in the algebraic group model and prove its security under the modified ROS assumption, one-more discrete logarithm, and decisional Diffie-Hellman assumptions.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- cryptographic protocolsanonymity
- Contact author(s)
-
fabrice benhamouda @ gmail com
crypto @ tancre de
marianar @ google com
michele orru @ berkeley edu - History
- 2022-01-02: revised
- 2022-01-01: received
- See all versions
- Short URL
- https://ia.cr/2022/004
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/004,
author = {Fabrice Benhamouda and Tancrède Lepoint and Michele Orrù and Mariana Raykova},
title = {Publicly verifiable anonymous tokens with private metadata bit},
howpublished = {Cryptology ePrint Archive, Paper 2022/004},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/004}},
url = {https://eprint.iacr.org/2022/004}
}
