Abstract
PDF (217 K)
E-mail Article
Add to my Quick Links
Cited By in Scopus (0)
Purchase PDF (383 K)
doi:10.1016/j.entcs.2007.12.023 
Copyright © 2008 Elsevier B.V. All rights reserved.
Vulnerabilities in Anonymous Credential Systems
R. Bhaskar1, 
, K. Chandrasekaran2, , S.V. Lokam,P.L. Montgomery, R. Venkatesan and Y. Yacobi
Available online 20 February 2008.
Abstract
We show the following:
- (i) In existing anonymous credential revocation systems, the revocation authority can link the transactions of any user in a subset T of users in O(log|T|) fake failed sessions.
(ii) A concern about the DLREP-I anonymous credentials system described in [Stefan Brands: Rethinking public key infrastructure and Digital Certificates; The MIT Press, Cambridge Massachusetts, London England. ISBN 0-262-02491-8] and [Stefan Brands: A Technical Overview of Digital Credentials; February 2002 (was a white paper in credentica.com)].
Keywords: Anonymous credential system; trust certification; DLREP-I
References
Stefan Brands: Rethinking public key infrastructure and Digital Certificates; The MIT Press, Cambridge Massachusetts, London England. ISBN 0-262-02491-8.
Stefan Brands: A Technical Overview of Digital Credentials; February 2002 (was a white paper in credentica.com).
Stefan Brands: Non Intrusive Identity management; in 3rd Annual PKI R&D Workshop (Keynote Address), http://middleware.internet2.edu/pki04/proceedings/cross_domain_identity.pdf.
Stefan Brands, Liesje Demuynck and Bart De Decker, A Practical System for Globally Revoking the Unlinkable Pseudonyms of Unknown Users 12th Australasian Conference on Information Security and Privacy http://www.idcorner.org/wp-content/ACISP2007.pdf.
Ernie Brickell, Jan Camenisch and Liqun Chen, Direct Anonymous Attestation, CCS'04 http://eprint.iacr.org/2004/205/.
Jan Camenisch and Anna Lysyanskaya, An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: B. Pfitzmann, Editor EUROCRYPT 2001, LNCS 2045 (2001), pp. 93–118.
Jan Camenisch and Anna Lysyanskaya: Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In CRYPTO '02: Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, 2002, pages 61–76, Springer-Verlag.
David Chaum: Blind Signatures for Untraceable Payments, Advances in Cryptology, Proceedings of Crypto 82, D. Chaum, R.L. Rivest, and A.T. Sherman (Eds.), Plenum, pp. 199–203.
David Chaum, Security Without Identification: Transaction Systems to Make Big Brother Obsolete (invited), Communications of the ACM 28 (10) (October 1985), pp. 1030–1044.
David Chaum, Jan-Hendrik Evertse: A Secure and Privacy-Protecting Protocol for Transmitting Personal Information Between Organizations, Advances in Cryptology: CRYPTO '86, A.M. Odlyzko (Ed.), Springer-Verlag, pp. 118–167.
Lidong Chen, Access with Pseudonyms, Cryptography: Policy and Algorithms (1995), pp. 232–243.
Ivan Damgård, Payment Systems and Credential Mechanisms with Provable Security against Abuse by Individuals, Advances in Cryptology, Proceedings CRYPTO '88, LNCS Vol 403 (1990), pp. 328–335.
Anna Lysyanskaya, Ronald L. Rivest, Amit Sahai and Stefan Wolf, Pseudonym Systems, Proceedings of the Sixth Annual Workshop on Selected Areas in Cryptography (SAC '99), LNCS Vol 1758 (1999).
