Skip to main content
SpringerLink
Log in

Security Analysis and Fix of an Anonymous Credential System

  • Conference paper
Information Security and Privacy (ACISP 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3574))

Included in the following conference series:

  • 1320 Accesses

Abstract

Anonymous credentials are an important privacy-enhancing technique that allows users to convince a service provider of their legitimacy for service accesses in an anonymous manner. Among others, a fundamental feature of anonymous credentials is unlinkability, that is, multiple showings of the same credential should not be linked by the service providers, the issuing organization, or the coalition of the two. Recently, Persiano et. al. proposed an interesting anonymous credential system, which was claimed to be unlinkable. In this paper, we prove that their unlinkability claim is false. In particular, we show that the issuing organization can easily relate two showings of the same credential, point out the flaw in their original security proof and present a fix to avoid our attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Brands, S.: Rapid Demonstration of Linear Relations Connected by Boolean Operators. In: Pelillo, M., Hancock, E.R. (eds.) EMMCVPR 1997. LNCS, vol. 1223, pp. 318–333. Springer, Heidelberg (1997)

    Google Scholar 

  2. Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privay. MIT Press, Cambridge (2000)

    Google Scholar 

  3. Bressoud, D., Wagon, S.: A Course in Computational Number Theory. Key College Publishing (1999)

    Google Scholar 

  4. Chaum, D.: Security Without Identification: Transaction Systems to Make Big Brother Obsolete. Communications of the ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  5. Chaum, D., Evertse, J.H.: A Secure and Privacy-protection Protocol for Transmitting Personal Information Between Organizations. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 118–167. Springer, Heidelberg (1987)

    Google Scholar 

  6. Chen, L.: Acess with Pseudonyms. In: Dawson, E.P., Golić, J.D. (eds.) Cryptography: Policy and Algorithms 1995. LNCS, vol. 1029, pp. 232–243. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  7. Camenisch, J., Lysyanskaya, A.: An Efficient Non-Transferable Anonymous Multi-Show Credential System with Optional Anonymity Revocation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 93–118. Springer, Heidelberg (2003)

    Google Scholar 

  8. Camenisch, J., Michels, M.: Proving in Zero-knowledge that a Number is the Product of Two Safe Primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999)

    Google Scholar 

  9. Damgard, I.B.: Payment Systems and Credential Mechanism with Provable Security Against Abuse by Individuals. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 328–335. Springer, Heidelberg (1990)

    Google Scholar 

  10. Damgard, I., Fujisaki, E.: A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Lysyanskaya, A., Rivest, R., Sahai, A., Wolf, S.: Pseudonym Systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  12. Pedersen, T.P.: Non-interactive and Information-Theoretic Secre Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)

    Google Scholar 

  13. Persiano, P., Visconti, I.: An Anonymous Credential System and A Privacy-Aware PKI. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 27–38. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  14. Schneier, B.: Applied Cryptography, 2nd edn. John Wiley & Sons, Chichester (1996)

    Google Scholar 

  15. de Santis, A., di Grescenzo, G., Persiano, P.: Communication Efficient Anonymous Group Identification. In: Proc. ACM Conference on Computer and Communications Security, pp. 73-82 (1998)

    Google Scholar 

  16. de Santis, A., di Grescenzo, G., Persiano, G., Yung, M.: On Monotone Formula Closure of SZK. In: Proc. Foundations of Computer Science, FOCS 1994, pp. 454–465 (1994)

    Google Scholar 

  17. Verheul, E.: Self-Blindable Credential Certificates from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 533–551. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Infocomm Research, 21 Heng Mui Keng Terrace, Singapore, 119613

    Yanjiang Yang & Feng Bao

  2. School of Information Systems, Singapore Management University, Singapore, 259756

    Yanjiang Yang & Robert H. Deng

Authors
  1. Yanjiang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feng Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robert H. Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Security Institute, Queensland University of Technology, GPO Box 2434, Qld 4001, Brisbane, Australia

    Colin Boyd

  2. Information Security Institute, Queensland University of Technology, GPO Box 2434, QLD 4001, Brisbane, Australia

    Juan Manuel González Nieto

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yang, Y., Bao, F., Deng, R.H. (2005). Security Analysis and Fix of an Anonymous Credential System. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_45

Download citation

  • DOI: https://doi.org/10.1007/11506157_45

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-26547-4

  • Online ISBN: 978-3-540-31684-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation