Efficient U-Prove Implementation for Anonymous Credentials on Smart Cards

In this paper we discuss an efficient implementation of anonymous credentials on smart cards. In general, privacy-preserving protocols are computationally intensive and require the use of advanced cryptography. Implementing such protocols for smart cards involves a trade-off between the requirements of the protocol and the capabilities of the smart card. In this context we concentrate on the implementation of Microsoft’s U-Prove technology on the MULTOS smart card platform. Our implementation aims at making the smart card independent of any other resources, either computational or storage. In contrast, Microsoft suggests an alternative approach based on device-protected tokens which only uses the smart card as a security add-on. Given our very good performance results we argue that our approach should be considered in favour of Microsoft’s one. Furthermore we provide a brief comparison between Java Card and MULTOS which illustrates our choice to implement this technology on the latter more flexible and low-level platform rather than the former.

[1]  Bart Jacobs,et al.  Performance Issues of Selective Disclosure and Blinded Issuing Protocols on Java Card , 2009, WISTP.

[2]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[3]  Z. Chen Java Card Technology for Smart Cards: Architecture and Programmer''s Guide. The Java Series. Addis , 2000 .

[4]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[5]  Christian Paquin,et al.  U-Prove Cryptographic Specification V1.1 (Revision 3) , 2013 .

[6]  Ingrid Verbauwhede,et al.  Efficient implementation of anonymous credentials on Java Card smart cards , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).

[7]  Anna Lysyanskaya,et al.  Signature schemes and applications to cryptographic protocol design , 2002 .

[8]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[9]  Marian Margraf,et al.  Privacy-friendly revocation management without unique chip identifiers for the German national ID card , 2010 .

[10]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[11]  Jan Camenisch,et al.  Anonymous credentials on a standard java card , 2009, CCS.

[12]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[13]  Bart Jacobs,et al.  Developing Efficient Blinded Attribute Certificates on Smart Cards via Pairings , 2010, CARDIS.

[14]  Jan Camenisch,et al.  Design and implementation of theidemixanonymous credential system , 2002, CCS 2002.

[15]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[16]  Christian Paquin,et al.  U-Prove Technology Overview V1.1 (Revision 2) , 2013 .

[17]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[18]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[19]  Christian Paquin U-Prove Cryptographic Test Vectors V1.1 (Revision 3) , 2013 .

[20]  Eric R. Verheul,et al.  Self-Blindable Credential Certificates from the Weil Pairing , 2001, ASIACRYPT.

[21]  Bart Jacobs,et al.  Privacy and Security Issues in e-Ticketing: Optimisation of Smart Card-based Attribute-proving , 2010 .