Anonymous Credentials Light: Foteini Baldimtsi, Brown (BUSec Seminar)

Abstract: Anonymous credential systems allow users to obtain and demonstrate possession of digital credentials in order to authenticate themselves in a privacy-preserving manner. When proving possession of a credential a user reveals only the minimum amount of information (attributes) required while the transactions to obtain and prove credentials are unlinkable to each other. In this talk we propose an efficient and provably secure (in the RO model) anonymous credential scheme called "Anonymous Credentials Light"[BL'13a]. Our scheme is unlinkable under the decisional Diffie-Hellman assumption, and unforgeable under the Discrete-Logarithm assumption for sequential composition. In contrast to prior provably secure anonymous credential schemes that were based on the RSA group or on groups with pairings our construction only requires a few exponentiations in a prime-order group in which the decisional Diffie-Hellman problem is hard and thus, is very efficient even for lightweight devices. The only prior construction with similar efficiency is the one due to Stefan Brands, however, as I will briefly mention, we have shown that Brands scheme cannot be proven unforgeable in the RO model under any intractability assumption [BL13b]. For our scheme, we define a new cryptographic building block, called "blind signatures with attributes", and discuss how it can be used in combination with a commitment scheme to directly get an anonymous credential system. Finally, I will briefly explain how one can construct electronic cash with attributes from our new building block and how it can be used for efficient payments in public transportation. [BL13a] "Anonymous Credentials Light", Foteini Baldimtsi and Anna Lysyanskaya, ACM-CCS 2013. [BL13b] "On the Security of One-Witness Blind Signature Schemes”, Foteini Baldimtsi and Anna Lysyanskaya, ASIACRYPT 2013.