Abstract
In the last few years several practitioners have proposed different strategies for implementing Attribute-based credentials (ABCs) on smart cards. ABCs allow citizens to prove certain properties about themselves without necessarily revealing their full identity. The Idemix ABC is the most versatile ABC system proposed in the literature, supporting peudonyms, equality proofs of representation, verifiable encryption of attributes and proving properties of attributes via AND, NOT and OR operators. Recently, Vullers et al. and De La Piedra et al. addressed the implementation of the selective disclosure operations, pseudonyms and multi-credential proofs such as equality proofs of representation. In this manuscript, we present implementation strategies for proving properties of user attributes via these operators and show how to combine them via external and internal commitment reordering.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
Our performance figures have been extracted relying on a MULTOS ML3-R3-80K smart card using the SCM Microsystems SCL011 reader in a Intel Core i5-3230M CPU clocked at 2.60 GHz running Debian Linux 3.13.6-1, python 2.7.6, python-pyscard 1.6.12.1-4 and CHARM 0.43 [2].
- 3.
In the first stage, the prover sends to the verifier a commitment message t or t_value. In the second move, the verifier sends to the prover a random challenge message c. Finally, the last message sent by the prover includes a response value or s_value.
- 4.
For instance, an empty proof of possession over a set of attributes \((m_0, ..., m_5)\) is represented using the Camenisch-Staedler notation [11] as: NIZK \(:\{(\varepsilon ', \nu ', \alpha _0,...,\alpha _5): Z \equiv \pm R_0^{\alpha _0}R_1^{\alpha _1}R_2^{\alpha _2} R_3^{\alpha _3}R_4^{\alpha _4}R_5^{\alpha _5}A^{\varepsilon '}S^{\nu '} ~\mathrm {mod}~n \}\) being the Greek letters \((\varepsilon ', \nu ')\) and \((\alpha _0,...,\alpha _5)\) the values of the signature and the set of attributes proved in zero knowledge and not revealed.
- 5.
As described in [18], the attributes are represented as \(l_m = 256\) bits. The rest of parameters are set as \(l'_{e} = 120\) (size of the interval where the e values are selected),
(security parameter of the statistical ZKP), \(l_H = 256\) (domain of the hash function in the Fiat-Shamir heuristic), \(l_e = 504\) (size of e), \(l_n = 1,024\) (size of the RSA modulus) and \(l_v = 1,604\) bits (size of v). - 6.
- 7.
Thus, for one possibility per attribute, we prove the non-existence of one attribute in \(m_i\). In this case, \(m_i = 3\) and \(m_t = 5\cdot 7\cdot 11\cdot 13\) (case 1). We consider 10 possibilities per attribute (50 primes). We prove the non-existence of one attribute in \(m_i\). For \(m_i = 3\), \(m_t = 179\cdot 181\cdot 191\cdot 193\) (case 2). We consider 1,000 possibilities per attribute (i.e. 5,000 primes) and we prove the non-existence of two attributes in \(m_t\) for \(m_i = 1,999\cdot 2,161\) and \(m_t = 3,323\cdot 3,253\cdot 2,897\cdot 2,999\) (case 3). Finally, we consider 10,000 possibilities per attribute (50,000 primes) and we proof the non-existence of two primes \(m_i = 91,387\cdot 91,393\) in \(m_t = 102,461\cdot 102,481\cdot 102,497\cdot 102,499\) (case 4).
- 8.
- 9.
In this manuscript we only address the first version of this NIZK described in [7] and leave the second one beyond the scope of this work due the computation limitations of our target device.
(security parameter of the statistical ZKP), References
Akhavi, A., Vallée, B.: Average Bit-Complexity of Euclidean Algorithms. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 373–387. Springer, Heidelberg (2000)
Akinyele, J.A., Garman, C., Miers, I., Pagano, M.W., Rushanan, M., Green, M., Rubin, A.D.: Charm: a framework for rapidly prototyping cryptosystems. J. Crypt. Eng. 3(2), 111–128 (2013)
Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java Card. In: ACM Conference on Computer and Communications Security, pp. 600–610 (2009)
Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)
Camenisch, J., Dubovitskaya, M., Enderlein, R.R., Lehmann, A., Neven, G., Paquin, C., Preiss, F.-S.: Concepts and languages for privacy-preserving attribute-based authentication. J. Inf. Sec. Appl. 19(1), 25–44 (2014)
Camenisch, J., Dubovitskaya, M., Lehmann, A., Neven, G., Paquin, C., Preiss, F.-S.: Concepts and languages for privacy-preserving attribute-based authentication. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 34–52. Springer, Heidelberg (2013)
Camenisch, J., Groß, T.: Efficient attributes for anonymous credentials (extended version). IACR Cryptol. ePrint Arch. 2010, 496 (2010)
Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: ACM Conference on Computer and Communications Security, pp. 21–30 (2002)
Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 93. Springer, Heidelberg (2001)
Camenisch, J.L., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)
Camenisch, J.L., Stadler, M.A.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)
Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)
Damgård, I.B.: Commitment schemes and zero-knowledge protocols. In: Damgård, I.B. (ed.) EEF School 1998. LNCS, vol. 1561, p. 63. Springer, Heidelberg (1999)
Damgård, I.B.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418–430. Springer, Heidelberg (2000)
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)
Knuth, D.E.: The Art of Computer Programming, Volume II: Seminumerical Algorithms, vol. 2, 2nd edn. Addison-Wesley, Boston (1981)
de la Piedra, A., Hoepman, J.-H., Vullers, P.: Towards a full-featured implementation of attribute based credentials on smart cards. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 270–289. Springer, Heidelberg (2014)
Sterckx, M., Gierlichs, B., Preneel, B., Verbauwhede, I.: Efficient implementation of anonymous credentials on java card smart cards. In: 1st IEEE International Workshop on Information Forensics and Security (WIFS), pp. 106–110. IEEE, London, UK, 2009 (2009)
Vullers, P., Alpár, G.: Efficient selective disclosure on smart cards using idemix. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 53–67. Springer, Heidelberg (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
de la Piedra, A. (2016). Efficient Implementation of AND, OR and NOT Operators for ABCs. In: Yung, M., Zhang, J., Yang, Z. (eds) Trusted Systems. INTRUST 2015. Lecture Notes in Computer Science(), vol 9565. Springer, Cham. https://doi.org/10.1007/978-3-319-31550-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-31550-8_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31549-2
Online ISBN: 978-3-319-31550-8
eBook Packages: Computer ScienceComputer Science (R0)