Vulnerabilities in Anonymous Credential Systems

We show the following:(i)In existing anonymous credential revocation systems, the revocation authority can link the transactions of any user in a subset T of users in O(log|T|) fake failed sessions. (ii)A concern about the DLREP-I anonymous credentials system described in [Stefan Brands: Rethinking public key infrastructure and Digital Certificates; The MIT Press, Cambridge Massachusetts, London England. ISBN 0-262-02491-8] and [Stefan Brands: A Technical Overview of Digital Credentials; February 2002 (was a white paper in credentica.com)].

[1]  Amit Sahai,et al.  Pseudonym Systems (Extended Abstract) , 2000 .

[2]  Bart De Decker,et al.  A Practical System for Globally Revoking the Unlinkable Pseudonyms of Unknown Users , 2007, ACISP.

[3]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[4]  Stefan A. Brands,et al.  A Technical Overview of Digital Credentials , 2002 .

[5]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[6]  Lidong Chen Access with Pseudonyms , 1995, Cryptography: Policy and Algorithms.

[7]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[8]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[9]  Ed Dawson,et al.  Cryptography: Policy and Algorithms , 1996, Lecture Notes in Computer Science.

[10]  David Chaum,et al.  A Secure and Privacy-protecting Protocol for Transmitting Personal Information Between Organizations , 1986, CRYPTO.

[11]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[12]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[13]  Ivan Damgård,et al.  Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals , 1988, CRYPTO.

[14]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.