论文信息 - Attack on U-Prove Revocation Scheme from FC'13 - Passing Verification by Revoked Users

Attack on U-Prove Revocation Scheme from FC'13 - Passing Verification by Revoked Users

We analyse security of the scheme proposed in the paper “Accumulators and U-Prove Revocation” from the Financial Cryptography 2013 proceedings. Its authors propose an extension for the U-Prove, the credential system developed by Microsoft. This extension allows to revoke tokens (containers for credentials) using a new cryptographic accumulator scheme. We show that, under certain conditions, there exists a weakness that allows a user to pass the verification while using a revoked U-Prove token. It follows that the proposed solution fails to fulfil the primary goal of revocation schemes.

Miroslaw Kutylowski | Lucjan Hanzlik | Kamil Kluczniak

[1] Stefan A. Brands,et al. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[2] Tolga Acar,et al. Accumulators and U-Prove Revocation , 2013, Financial Cryptography.

[3] Christian Paquin,et al. U-Prove Designated-Verifier Accumulator Revocation Extension , 2013 .

[4] Joseph Bonneau,et al. What's in a Name? , 2020, Financial Cryptography.

[5] Stefan A. Brands,et al. Untraceable Off-line Cash in Wallet with Observers , 2002 .

[6] Douglas R. Stinson,et al. Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.