Towards Attribute-Based Credentials in the Cloud

Abstract

Attribute-based credentials (ABCs, sometimes also anonymous credentials) are a core cryptographic building block of privacy-friendly authentication systems, allowing users to obtain credentials on attributes and prove possession of these credentials in an unlinkable fashion. Thereby, users have full control over which attributes the user wants to reveal to a third party while offering high authenticity guarantees to the receiver. Unfortunately, up to date, all known ABC systems require access to all attributes in the clear at the time of proving possession of a credential to a third party. This makes it hard to offer privacy-preserving identity management systems “as a service,” as the user still needs specific key material and/or dedicated software locally, e.g., on his device.

We address this gap by proposing a new cloud-based ABC system where a dedicated cloud service (“wallet”) can present the users’ credentials to a third-party without accessing the attributes in the clear. This enables new privacy-preserving applications of ABCs “in the cloud.”

This is achieved by carefully integrating proxy re-encryption with structure-preserving signatures and zero-knowledge proofs of knowledge. The user obtains credentials on his attributes (encrypted under his public key) and uploads them to the wallet, together with a specific re-encryption key. To prove a possession, the wallet re-encrypts the ciphertexts to the public key of the receiving third party and proves, in zero-knowledge, that all computations were done honestly. Thereby, the wallet never sees any user attribute in the clear.

We show the practical efficiency of our scheme by giving concrete benchmarks of a prototype implementation.

The project leading to this publication has received funding from the European Unions Horizon 2020 research and innovation programme under grant agreement No 653454 (CREDENTIAL).

A Proof of Theorem 4.3

Proof

We prove the correctness, unforgeability, unlinkability, and wallet-privacy properties of \(\mathsf {EABC}\) in a sequence of claims:

Correctness is easy to verify. By the correctness of \(\mathsf {PRE}\), the re-randomization property of \(\mathsf {PRE}\) ciphertexts, the correctness of \(\mathsf {SIG}\), and correctness of \(\mathsf {ZKP} \), correctness of \(\mathsf {EABC}\) readily follows.

Claim

Under the binding property of \(\mathsf {COM}\), the strong EUF-CMA-security of \(\mathsf {SIG}\), and the soundness of \(\mathsf {ZKP} \), \(\mathsf {EABC}\) is unforgeable. More concretely, for any PPT adversaries \(\mathsf {A},\mathsf {A} ',\mathsf {A} '',\mathsf {A} '''\), we have

$$\begin{aligned} \mathsf {Adv}^{\mathsf {unforge}}_{\mathsf {EABC},\mathsf {A}}(\lambda ) \le q\cdot \mathsf {Adv}^{\mathsf {hiding}}_{\mathsf {COM},\mathsf {A} '}(\lambda )+ \mathsf {Adv}^{\mathsf {s-euf-cma}}_{\mathsf {SIG},\mathsf {A} ''}(\lambda )+ \mathsf {Adv}^{\mathsf {soundness}}_{\mathsf {ZKP},\mathsf {A} '''}(\lambda )+ \mathsf {negl}(\lambda ), \end{aligned}$$

(1)

for any \(\lambda \in \mathbb {N} \) and polynomial \(q=q(\lambda )\).

Proof

We proceed by a sequence of reduction games and argue that subverting the unforgeability of \(\mathsf {EABC}\) implies either that binding of \(\mathsf {COM}\), the strong EUF-CMA-security of \(\mathsf {SIG}\), or the soundness of \(\mathsf {ZKP} \) does not hold. Therefore, let \(S_i\) be the event that \(\mathsf {A} \) wins (i.e., the associated experiment outputs 1) in Game i.

Game 1. Game 1 is the EABC unforgeability experiment with \(\mathsf {A} \) and, hence, we have \(\Pr \left[ {S_1}\right] =\mathsf {Adv}^{\mathsf {unforge}}_{\mathsf {EABC},\mathsf {A}}(\lambda ).\)

Game 2. Game 2 is identical to Game 1, except that the event F occurs where we have \(\mathsf {Open} ( pk _{\mathsf{U},\mathsf {PRE}},com,w_0)=\mathsf {Open} ( pk '_{\mathsf{U},\mathsf {PRE}},com,w_1)\) with \( pk _{\mathsf{U},\mathsf {PRE}}\ne pk '_{\mathsf{U},\mathsf {PRE}}\), for some \((com,w_0)=\mathsf {Com} ( pp _\mathsf {COM}, pk _{\mathsf{U},\mathsf {PRE}})\), \((com,w_1)=\mathsf {Com} ( pp _\mathsf {COM}, pk '_{\mathsf{U},\mathsf {PRE}})\), i.e., as computation within the issuer or user-credential oracle on input of \(\mathsf {A} \). We argue that \(\Pr \left[ {F}\right] \le q_O\cdot \mathsf {Adv}^{\mathsf {hiding}}_{\mathsf {COM},\mathsf {A}}(\lambda )\) as the occurring of F directly yields a successful PPT adversary on the binding property of \(\mathsf {COM}\), where q is the total number of \(\mathsf {A}\)-queries to the oracles. Essentially, in a reduction between the binding experiment of \(\mathsf {COM}\) and unforgeability of \(\mathsf {EABC} \), once F occurs with \(\mathsf {A}\), the experiment (which has received \( pp \) from the binding experiment at the beginning and forwarded \( pp \) as part of the public system parameter to \(\mathsf {A}\)), forwards \((com, pk _{\mathsf{U},\mathsf {PRE}},w_0, pk '_{\mathsf{U},\mathsf {PRE}},w_1)\) to the binding experiment which yields a successful PPT adversary \(\mathsf {A} '\). Hence, we have \(|\Pr \left[ {S_2}\right] -\Pr \left[ {S_1}\right] |\le \Pr \left[ {F}\right] \le q\cdot \mathsf {Adv}^{\mathsf {hiding}}_{\mathsf {COM},\mathsf {A} '}(\lambda ).\)

Game 3. Game 3 is identical to Game 2, except that the event \(F'\) occurs where we have \(\mathsf {Ver} (\text {pk}_\mathsf{I},((c_i)_i,com),\sigma ^*)=1\), for \(((c_i)_i,com)\) not previously occurred for some potentially already occurred \(\sigma ^*\), i.e., as extracted signature from the \(\mathsf {A}\)-presentation \(p^*\) at the end of the experiment. We argue that \(\Pr \left[ {F'}\right] \le q_O\cdot \mathsf {Adv}^{\mathsf {s-euf-cma}}_{\mathsf {SIG},\mathsf {A}}(\lambda )\) as the occurring of \(F'\) directly yields a successful PPT adversary on the strong EUF-CMA property of \(\mathsf {SIG}\). Essentially, in a reduction between strong EUF-CMA of \(\mathsf {SIG}\) and unforgeability of \(\mathsf {EABC} \), once \(F'\) occurs with \(\mathsf {A}\), the experiment (which has received \(\text {pk}_\mathsf{I}\) from the strong EUF-CMA experiment at the beginning and is able to query signatures under \(\text {pk}_\mathsf{I}\)), forwards \((((c_i)_i,com),\sigma ^*)\), extracted from the presentation \(p^*\) to the strong EUF-CMA experiment which yields a successful PPT adversary \(\mathsf {A} ''\). Hence, we have \(|\Pr \left[ {S_3}\right] -\Pr \left[ {S_2}\right] |\le \Pr \left[ {F'}\right] \le \mathsf {Adv}^{\mathsf {s-euf-cma}}_{\mathsf {SIG},\mathsf {A} ''}(\lambda ).\)

Game 4. Game 4 is identical to Game 3, except that the event \(F''\) occurs where we have a valid \(\mathsf {A}\)-presentation \(p^*\) at the end of the experiment, but the \(p^*\) contains values that are not in the language used in the ZKP system. We argue that \(\Pr \left[ {F''}\right] \le \mathsf {Adv}^{\mathsf {soundness}}_{\mathsf {ZKP},\mathsf {A}}(\lambda )\) as the occurring of the event directly yields a successful adversary on the soundness property of \(\mathsf {ZKP} \). Essentially, in a reduction between the soundness property of \(\mathsf {ZKP} \) and strong EUF-CMA-security of \(\mathsf {EABC} \), once \(F''\) occurs with \(\mathsf {A}\), the experiment forwards the values not in the language together with the proof from \(p^*\) to the soundness experiment of \(\mathsf {ZKP} \) which yields a successful PPT adversary \(\mathsf {A} '''\). Hence, we have \(|\Pr \left[ {S_4}\right] -\Pr \left[ {S_3}\right] |\le \Pr \left[ {F''}\right] \le \mathsf {Adv}^{\mathsf {soundness}}_{\mathsf {SIG},\mathsf {A} '''}(\lambda ).\)

Game 5. Game 5 is identical to Game 4 and we argue that now the adversary has at most negligible advantage (by the perfect correctness of the underlying primitives). Hence, \(\Pr \left[ {S_4}\right] =\Pr \left[ {S_5}\right] \le \mathsf {negl}(\lambda )\).

Hence, we conclude that Eq. (1) holds.    \(\square \)

Claim

Assuming the anonymous property of \(\mathsf {PRE}\), \(\mathsf {EABC}\) is unlinkable. More concretely, for any PPT adversaries \(\mathsf {A},\mathsf {A} ',\mathsf {A} ''\), we have

$$\begin{aligned} \mathsf {Adv}^{\mathsf {unlink}}_{\mathsf {EABC},\mathsf {A}}(\lambda ) \le q\cdot \mathsf {Adv}^{\mathsf {pre-anon}}_{\mathsf {PRE},\mathsf {A} '}(\lambda )+ \mathsf {negl}(\lambda ), \end{aligned}$$

(2)

for any \(\lambda \in \mathbb {N} \) and polynomial \(q=q(\lambda )\).

Proof

We proceed by a sequence of reduction games and argue that subverting the unlinkability of \(\mathsf {EABC}\) implies either that the anonymity property of \(\mathsf {PRE}\) or the soundness property of \(\mathsf {ZKP} \) does not hold. Therefore, let \(S_i\) be the event that \(\mathsf {A} \) wins (i.e., the associated experiment outputs 1) in Game i.

Game 1. Game 1 is the EABC unlinkability experiment with \(\mathsf {A} \) and, hence, we have \(\Pr \left[ {S_1}\right] =\mathsf {Adv}^{\mathsf {unlink}}_{\mathsf {EABC},\mathsf {A}}(\lambda ).\)

Game 2. Game 2 is identical to Game 1, except that change the way credentials are generated for \(\mathsf {A}\). In this game, we do not need the \(\mathsf {ZKP} \) witness (and, hence, the target-user secret keys) anymore and rely on the zero-knowledge property of \(\mathsf {ZKP} \). (That is that we can use a simulator in the sense of \(\mathsf {ZKP} \) to generate proofs.) This change is purely syntactical. Hence, we have \(\Pr \left[ {S_2}\right] =\Pr \left[ {S_1}\right] .\)

Game 3. Game 3 is identical to Game 2, except that we change that the ciphertext in the issuance are generated under an independent and an honestly sampled user public key different to the target-user ciphertext. Hence, \(\mathsf {A}\) only receives credentials under a different user public key compared to the target public keys. We argue that if \(\mathsf {A}\) can distinguish under which public keys the ciphertexts are generated, we can directly use \(\mathsf {A}\) to break the anonymity of the underlying \(\mathsf {PRE}\). Essentially, in a reduction between anonymity of \(\mathsf {PRE}\) and unlinkability of \(\mathsf {EABC} \), the experiment (which has received \( pk _0, pk _1\) from the anonymous experiment at the beginning, forwards \(\mathsf {A}\) ’s guess to its own challenger which yields a successful PPT adversary \(\mathsf {A} '\) with probability 1 / q, for q \(\mathsf {A}\)-queries to \(\mathsf {Cred}\). Hence, we have \(|\Pr \left[ {S_3}\right] -\Pr \left[ {S_2}\right] |\le q\cdot \mathsf {Adv}^{\mathsf {pre-anon}}_{\mathsf {PRE},\mathsf {A} '}(\lambda ).\)

Game 4. Game 4 is identical to Game 3 and we argue that now the adversary has at most negligible advantage in guessing b. Hence, \(\Pr \left[ {S_4}\right] =\Pr \left[ {S_3}\right] \le \mathsf {negl}(\lambda )\).

Hence, we conclude that Eq. (2) holds.    \(\square \)

Claim

Under the IND-CPA security of \(\mathsf {PRE}\), \(\mathsf {EABC}\) is wallet-private. More concretely, for any PPT adversaries \(\mathsf {A},\mathsf {A} '\), we have

$$\begin{aligned} \mathsf {Adv}^{\mathsf {wallet-privacy}}_{\mathsf {EABC},\mathsf {A}}(\lambda ) \le \ell \cdot \mathsf {Adv}^{\mathsf {pre-ind-cpa}}_{\mathsf {PRE},\mathsf {A} '}(\lambda )+ \mathsf {negl}(\lambda ), \end{aligned}$$

(3)

for any \(\lambda \in \mathbb {N} \) and polynomial \(\ell =\ell (\lambda )\).

Proof

We proceed by a sequence of reduction games and argue that subverting the unlinkability of \(\mathsf {EABC}\) implies that the IND-CPA property of \(\mathsf {PRE}\) does not hold. Therefore, let \(S_i\) be the event that \(\mathsf {A} \) wins (i.e., the associated experiment outputs 1) in Game i.

Game 1. Game 1 is the EABC unforgeability experiment with \(\mathsf {A} \) and, hence, we have \(\Pr \left[ {S_1}\right] =\mathsf {Adv}^{\mathsf {wallet-privacy}}_{\mathsf {EABC},\mathsf {A}}(\lambda ).\)

Game 2. Game 2 is identical to Game 1, except that we now do not know the target secret key \( sk ^*\). However, \( sk ^*\) is solely used for the ZKP system within the issuance and, hence, we can use the ZKP zero-knowledge property to provide valid proofs without the witness (where \( sk ^*\) is part of) using a simulator. This change is purely syntactical. Hence, we have \(\Pr \left[ {S_3}\right] =\Pr \left[ {S_2}\right] .\)

Game 3. Game 3 is identical to Game 2, except that we now exchange all ciphertexts with ciphertexts of “0"s. In a reduction between the IND-CPA-security property of \(\mathsf {PRE} \) and wallet-privacy of \(\mathsf {EABC} \), the experiment forwards the answer from \(\mathsf {A}\) as its own guess to the PRE IND-CPA-security experiment (given the public key from the IND-CPA experiment as target public key for the wallet-privacy adversary). Hence, we have \(|\Pr \left[ {S_3}\right] -\Pr \left[ {S_2}\right] |\le \ell \cdot \mathsf {Adv}^{\mathsf {pre-ind-cpa}}_{\mathsf {PRE},\mathsf {A} '}(\lambda ).\)

Game 4. Game 4 is identical to Game 3 and we argue that now the adversary has at most negligible advantage (by the perfect correctness of the underlying primitives), otherwise, some event occurred which would yield another game. Hence, \(\Pr \left[ {S_3}\right] =\Pr \left[ {S_4}\right] \le \mathsf {negl}(\lambda )\).

Hence, we conclude that Eq. (3) holds.    \(\square \)

Taken all claims together, this yields the proof.    \(\square \)