Paper 2024/1024

Attribute-Based Threshold Issuance Anonymous Counting Tokens and Its Application to Sybil-Resistant Self-Sovereign Identity

Reyhaneh Rabaninejad, Tampere University
Behzad Abdolmaleki, University of Sheffield
Sebastian Ramacher, AIT Austrian Institute of Technology
Daniel Slamanig, Research Institute CODE, Universität der Bundeswehr München
Antonis Michalas, Tampere University, Research Institute of Sweden (RISE)

Self-sovereign identity (SSI) systems empower users to (anonymously) establish and verify their identity when accessing both digital and real-world resources, emerging as a promising privacy-preserving solution for user-centric identity management. Recent work by Maram et al. proposes the privacy-preserving Sybil-resistant decentralized SSI system CanDID (IEEE S&P 2021). While this is an important step, notable shortcomings undermine its efficacy. The two most significant among them being the following: First, unlinkability breaks in the presence of a single malicious issuer. Second, it introduces interactiveness, as the users are required to communicate each time with issuers to collect credentials intended for use in interactions with applications. This contradicts the goal of SSI, whose aim is to give users full control over their identities. This paper first introduces the concept of publicly verifiable attribute-based threshold anonymous counting tokens (tACT). Unlike recent approaches confined to centralized settings (Benhamouda et al., ASIACRYPT 2023), tACT operates in a distributed-trust environment. Accompanied by a formal security model and a provably secure instantiation, tACT introduces a novel dimension to token issuance, which, we believe, holds independent interest. Next, the paper leverages the proposed tACT scheme to construct an efficient Sybil-resistant SSI system. This system supports various functionalities, including threshold issuance, unlinkable multi-show selective disclosure, and non-interactive, non-transferable credentials that offer constant-size credentials. Finally, our benchmark results show an efficiency improvement in our construction when compared to CanDID all while accommodating a greater number of issuers and additionally reducing to a one-round protocol that can be run in parallel with all issuers.

Available format(s)
Cryptographic protocols
Publication info
Anonymous counting tokensthreshold issuanceself-sovereign identitySybil-resistanceunlinkability
Contact author(s)
reyhaneh rabbaninejad @ tuni fi
behzad abdolmaleki @ sheffield ac uk
sebastian ramacher @ ait ac at
daniel slamanig @ unibw de
antonios michalas @ tuni fi
2024-06-28: approved
2024-06-25: received
See all versions
Short URL
Creative Commons Attribution


      author = {Reyhaneh Rabaninejad and Behzad Abdolmaleki and Sebastian Ramacher and Daniel Slamanig and Antonis Michalas},
      title = {Attribute-Based Threshold Issuance Anonymous Counting Tokens and Its Application to Sybil-Resistant Self-Sovereign Identity},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1024},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.