Paper 2022/004

Publicly verifiable anonymous tokens with private metadata bit

Fabrice Benhamouda, Tancrède Lepoint, Michele Orrù, and Mariana Raykova

Abstract

We present a new construction for publicly verifiable anonymous tokens with private metadata. This primitive enables an issuer to generate an anonymous authentication token for a user while embedding a single private metadata bit. The token can be publicly verified, while the value of the private metadata is only accessible to the party holding the secret issuing key and remains hidden to any other party, even to the user. The security properties of this primitive also include unforgeability, which guarantees that only the issuer can generate new valid tokens, and unlinkability that guarantees that tokens issued with the same private metadata bit are indistinguishable. Our anonymous tokens scheme builds on the top of blind Schnorr signatures. We analyze its security in the algebraic group model and prove its security under the modified ROS assumption, one-more discrete logarithm, and decisional Diffie-Hellman assumptions.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
cryptographic protocolsanonymity
Contact author(s)
fabrice benhamouda @ gmail com
crypto @ tancre de
marianar @ google com
michele orru @ berkeley edu
History
2022-01-02: revised
2022-01-01: received
See all versions
Short URL
https://ia.cr/2022/004
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/004,
      author = {Fabrice Benhamouda and Tancrède Lepoint and Michele Orrù and Mariana Raykova},
      title = {Publicly verifiable anonymous tokens with private metadata bit},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/004},
      year = {2022},
      url = {https://eprint.iacr.org/2022/004}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.