Yi-Fan Tseng, and Wen-Tsuen Chen. Anonymous Credential Scheme Supporting. Active Revocation. Applied Cryptology Lab. Department of Computer ScienceĀ ...
Anonymous Credential Scheme Supporting Active Revocation
AsiaJCIS 2014
Chun-I Fan, Chien-Nan Wu, Jen-Chun Hsu, Yi-Fan Tseng, and Wen-Tsuen Chen Applied Cryptology Lab. Department of Computer Science and Engineering, NSYSU
Outline Introduction The Proposed Scheme Security Analysis Comparisons Conclusion
2
Introduction - Credential System Issuer Issue and manage credentials
Join
Credential Verify credentials and provide services
Membership Proof User
Service Provider 3
Introduction - Anonymous Credential System Issuer
Join
Membership Proof User
Service Provider 4
Introduction - Anonymous Credential System Issuer
User
How to revoke the credential
Service Provider 5
Introduction - Revocation Ours Time-Based Revocation Passive Revocation Active Revocation
Security Analysis Unforgeability A credential is an ElGamal signature produced by the Issuer. It cannot be generated without the Issuer's private keys.
Unlinkability In the membership proof phase, a user will convert her/his credential into another one by adding some randomness The randomness 4-tuple is hidden from the Issuer and the Service Provider, and will be different every time. From the Issuer's point of view, there will always exist a randomness 4-tuple which satisfies the correctness of the protocol. From the Service Provider's point of view, it cannot link any two users' credential, or distinguish whether any two credentials are converted from the same credential. 12
Property Comparisons Property
Passive Revocation
Active Revocation
Unlinkablility (Issuer)
Validation Management
CL[1](2002)
No
No
No
Yes
Count
AMO[2](2008)
Yes
Yes
No
Yes
Time
EL[3](2010)
Yes
No
Yes
No
CKS[4](2010)
No
No
Yes
Yes
WCDLSW[5] (2011)
Yes
Yes
No
No
EL[6](2012)
Yes
No
Yes
No
Our scheme
Yes
Yes
Yes
Yes
Time
Time
13
Computation Cost Comparisons Join (User)
Join (Issuer)
Membership Proof (User)
Membership Proof (Service Provider)
CL[1](2002)
0
482M
1203M
4089M
AMO[2](2008)
1204M
1203M
9383M
(241r+794)M
CKS[4](2010)
962M
1443M
3128M
7453M
WCDLSW[5] (2011)
0
963M
1443M
(240r+124)M
EL[6](2012)
1684M
1925M
(1920r+6503)M
(1920r+5540)M
Our scheme
1204M
482M
2170M
(280r+2405)M
M: Multiplication computation r: Number of revoked members
14
Conclusions We have proposed a novel anonymous credential scheme. The proposed scheme owns three kinds of revocation: passive, active, time-based revocation. In our scheme, the Issuer or the Service Provider cannot trace users by itself unless the Issuer cooperates with the Service Provider. Future Work: Provide the formal security proof of our scheme.