Multi-Issuer Anonymous Credentials Without a Root Authority

The rise of blockchain technology has boosted interest in privacy-enhancing technologies, in particular, anonymous transaction authentication. Permissionless blockchains realize transaction anonymity through one-time pseudonyms, whereas permissioned blockchains leverage anonymous credentials. Earlier solutions of anonymous credentials assume a single issuer; as a result, these solutions hide the identity of users but still reveal the identity of the issuer. A countermeasure is delegatable credentials, which supports multiple issuers as long as a root authority exists. Assuming a root authority however, is unsuitable for blockchain technology and decentralized applications. This paper introduces a solution for anonymous credentials that guarantees user anonymity, even without a root authority. The proposed solution is secure in the universal composability framework and allows users to produce anonymous signatures that are logarithmic in the number of issuers and constant in the number of user attributes.

[1]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[2]  Jens Groth,et al.  Short Accountable Ring Signatures Based on DDH , 2015, ESORICS.

[3]  Jan Camenisch,et al.  Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain , 2017, CCS.

[4]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[5]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[6]  Markulf Kohlweiss,et al.  P-signatures and Noninteractive Anonymous Credentials , 2008, TCC.

[7]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[8]  Jens Groth,et al.  Efficient Fully Structure-Preserving Signatures for Large Messages , 2015, IACR Cryptol. ePrint Arch..

[9]  Markulf Kohlweiss,et al.  One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin , 2015, EUROCRYPT.

[10]  Georg Fuchsbauer,et al.  Batch Groth-Sahai , 2010, ACNS.

[11]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[12]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[13]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[14]  George Danezis,et al.  Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers , 2018, NDSS.

[15]  Anna Lysyanskaya,et al.  Delegatable Anonymous Credentials from Mercurial Signatures , 2019, IACR Cryptol. ePrint Arch..

[16]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[17]  Matthew Green,et al.  Decentralized Anonymous Credentials , 2014, NDSS.

[18]  Jens Groth,et al.  Fine-Tuning Groth-Sahai Proofs , 2014, IACR Cryptol. ePrint Arch..

[19]  Lan Nguyen,et al.  Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[20]  David Pointcheval,et al.  Short Randomizable Signatures , 2016, CT-RSA.

[21]  Jan Camenisch,et al.  Efficient Attributes for Anonymous Credentials , 2012, TSEC.

[22]  Claudio Soriente,et al.  An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials , 2009, IACR Cryptol. ePrint Arch..

[23]  Olivier Sanders,et al.  Efficient Redactable Signature and Application to Anonymous Credentials , 2020, IACR Cryptol. ePrint Arch..

[24]  Bogdan Warinschi,et al.  Groth-Sahai proofs revisited , 2010, IACR Cryptol. ePrint Arch..