Paper 2023/853

How to Bind Anonymous Credentials to Humans

Julia Hesse, IBM Research Europe - Zurich
Nitin Singh, IBM Research India - Bangalore
Alessandro Sorniotti, IBM Research Europe - Zurich
Abstract

Digital and paper-based authentication are the two predominant mechanisms that have been deployed in the real world to authenticate end-users. When verification of a digital credential is performed in person (e.g. the authentication that was often required to access facilities at the peak of the COVID global pandemic), the two mechanisms are often deployed together: the verifier checks government-issued ID to match the picture on the ID to the individual holding it, and then checks the digital credential to see that the personal details on it match those on the ID, and to discover additional attributes of the holder. This pattern is extremely common and very likely to remain in place for the foreseeable future. However, it poses an interesting problem: if the digital credential is privacy-preserving (e.g. based on BBS+ on CL signatures), but the holder is still forced to show an ID card or a passport to verify that the presented credential was indeed issued to the holder, what is the point of deploying privacy-preserving digital credential? In this paper we address this problem by redefining what an ID card should show, and force a minimal but mandatory involvement of the card in the digital interaction. Our approach permits verifiers to successfully authenticate holders and to determine that they are the rightful owners of the digital credential. At the same time, optimal privacy guarantees are preserved. We design our scheme, formally define and analyse its security in the Universal Composability (UC) framework, and implement the card component, showing the running time to be below 200ms irrespective of the number of certified attributes.

Note: Added acknowledgements

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. USENIX Security 2023
Keywords
Anonymous credentialsBBS+Universal Composability
Contact author(s)
juliahesse2 @ gmail com
nitisin1 @ in ibm com
aso @ zurich ibm com
History
2023-06-08: revised
2023-06-06: received
See all versions
Short URL
https://ia.cr/2023/853
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/853,
      author = {Julia Hesse and Nitin Singh and Alessandro Sorniotti},
      title = {How to Bind Anonymous Credentials to Humans},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/853},
      year = {2023},
      url = {https://eprint.iacr.org/2023/853}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.