Paper 2024/711

Non-Transferable Anonymous Tokens by Secret Binding

F. Betül Durak, Microsoft Research
Laurane Marco, École Polytechnique Fédérale de Lausanne
Abdullah Talayhan, École Polytechnique Fédérale de Lausanne
Serge Vaudenay, École Polytechnique Fédérale de Lausanne

Non-transferability (NT) is a security notion which ensures that credentials are only used by their intended owners. Despite its importance, it has not been formally treated in the context of anonymous tokens (AT) which are lightweight anonymous credentials. In this work, we consider a client who "buys" access tokens which are forbidden to be transferred although anonymously redeemed. We extensively study the trade-offs between privacy (obtained through anonymity) and security in AT through the notion of non-transferability. We formalise new security notions, design a suite of protocols with various flavors of NT, prove their security, and implement the protocols to assess their efficiency. Finally, we study the existing anonymous credentials which offer NT, and show that they cannot automatically be used as AT without security and complexity implications.

Available format(s)
Cryptographic protocols
Publication info
Anonymous tokens
Contact author(s)
betuldurak @ microsoft com
laurane marco @ epfl ch
abdullah talayhan @ epfl ch
serge vaudenay @ epfl ch
2024-05-10: revised
2024-05-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {F. Betül Durak and Laurane Marco and Abdullah Talayhan and Serge Vaudenay},
      title = {Non-Transferable Anonymous Tokens by Secret Binding},
      howpublished = {Cryptology ePrint Archive, Paper 2024/711},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.