Anonymous Self-Credentials and their Application to Single-Sign-On

Jayamine Alupotha; Mariarosaria Barbaraci; Ioannis Kaklamanis; Abhimanyu Rawat; Christian Cachin; Fan Zhang

Paper 2025/618

Anonymous Self-Credentials and their Application to Single-Sign-On

Jayamine Alupotha, University of Bern

Mariarosaria Barbaraci, University of Bern

Ioannis Kaklamanis, Yale University

Abhimanyu Rawat, Universitat Pompeu Fabra

Christian Cachin, University of Bern

Fan Zhang, Yale University

Abstract

Modern life makes having a digital identity no longer optional, whether one needs to manage a bank account or subscribe to a newspaper. As the number of online services increases, it is fundamental to safeguard user privacy and equip service providers (SP) with mechanisms enforcing Sybil resistance, i.e., preventing a single entity from showing as many. Current approaches, such as anonymous credentials and self-sovereign identities, typically rely on identity providers or identity registries trusted not to track users' activities. However, this assumption of trust is no longer appropriate in a world where user data is considered a valuable asset. To address this challenge, we introduce a new cryptographic notion, Anonymous Self-Credentials (ASC) along with two implementations. This approach enables users to maintain their privacy within an anonymity set while allowing SPs to obtain Sybil resistance. Then, we present a User-issued Unlinkable Single Sign-On (U2SSO) implemented from ASC that solely relies on an identity registry to immutably store identities. A U2SSO solution allows users to generate unlinkable child credentials for each SP using only one set of master credentials. We demonstrate the practicality and efficiency of our U2SSO solution by providing a complete proof-of-concept.

Metadata

Available format(s): PDF
Category: Applications
Publication info: Preprint.
Keywords: anonymity unlinkability Single Sign-On digital identities user-centric privacy
Contact author(s): jayamine alupotha @ unibe ch
mariarosaria barbaraci @ unibe ch
giannis kaklamanis @ yale edu
Work abhimanyu @ gmail com
christian cachin @ unibe ch
f zhang @ yale edu
History: 2025-04-11: approved; 2025-04-04: received; See all versions
Short URL: https://ia.cr/2025/618
License: CC BY

BibTeX

@misc{cryptoeprint:2025/618,
      author = {Jayamine Alupotha and Mariarosaria Barbaraci and Ioannis Kaklamanis and Abhimanyu Rawat and Christian Cachin and Fan Zhang},
      title = {Anonymous Self-Credentials and their Application to Single-Sign-On},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/618},
      year = {2025},
      url = {https://eprint.iacr.org/2025/618}
}