Skip to main content
Springer Nature Link
Log in

Delegatable Anonymous Credentials from Mercurial Signatures with Stronger Privacy

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2024 (ASIACRYPT 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15485))

  • 302 Accesses

Abstract

Delegatable anonymous credentials (DACs) enable a root issuer to delegate credential-issuing power, allowing a delegatee to take a delegator role. To preserve privacy, credential recipients and verifiers should not learn anything about intermediate issuers in the delegation chain. One particularly efficient approach to constructing DACs is due to Crites and Lysyanskaya (CT-RSA ’19). In contrast to previous approaches, it is based on mercurial signatures (a type of equivalence-class signature), offering a conceptually simple design that does not require extensive use of zero-knowledge proofs. Unfortunately, current constructions of “CL-type” DACs only offer a weak form of privacy-preserving delegation: if an adversarial issuer (even an honest-but-curious one) is part of a user’s delegation chain, they can detect when the user shows its credential. This is because the underlying mercurial signature schemes allows a signer to identify his public key in a delegation chain.

We propose CL-type DACs that overcome the above limitation based on a new mercurial signature scheme that provides adversarial public key class hiding which ensures that adversarial signers who participate in a user’s delegation chain cannot exploit that fact to trace users. We achieve this introducing structured public parameters for each delegation level. Since the related setup produces critical trapdoors, we discuss techniques from updatable structured reference strings in zero-knowledge proof systems (Groth et al. CRYPTO’18) to guarantee the required privacy needs. In addition, we propose a simple way to realize revocation for CL-type DACs via the concept of revocation tokens. While we showcase this approach to revocation using our DAC scheme, it is generic and can be applied to any CL-type DAC system. Revocation is a vital feature that is largely unexplored and notoriously hard to achieve for DACs, thus providing it can help to make DAC schemes more attractive in practical applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/ethereum/kzg-ceremony-specs.

  2. 2.

    Note that as already discussed in practice this can be done by multiple parties in a sequential way by using ides from updatable common reference strings and only a single party among the set of all parties needs to be trusted.

References

  1. Acar, T., Nguyen, L.: Revocation for delegatable anonymous credentials. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 423–440. Springer, Berlin, Heidelberg (Mar 2011). https://doi.org/10.1007/978-3-642-19379-8_26

  2. Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Berlin, Heidelberg (Aug 2009).https://doi.org/10.1007/978-3-642-03356-8_7

  3. Ben-Sasson, E., Chiesa, A., Green, M., Tromer, E., Virza, M.: Secure sampling of public parameters for succinct zero knowledge proofs. In: 2015 IEEE Symposium on Security and Privacy. pp. 287–304. IEEE Computer Society Press (May 2015).https://doi.org/10.1109/SP.2015.25

  4. Blömer, J., Bobolz, J.: Delegatable attribute-based anonymous credentials from dynamically malleable signatures. In: Preneel, B., Vercauteren, F. (eds.) ACNS 18International Conference on Applied Cryptography and Network Security. LNCS, vol. 10892, pp. 221–239. Springer, Cham (Jul 2018). https://doi.org/10.1007/978-3-319-93387-0_12

  5. Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: Atluri, V., Pfitzmann, B., McDaniel, P. (eds.) ACM CCS 2004. pp. 168–177. ACM Press (Oct 2004).https://doi.org/10.1145/1030083.1030106

  6. Bowe, S., Gabizon, A., Green, M.D.: A multi-party protocol for constructing the public parameters of the pinocchio zk-SNARK. In: Zohar, A., Eyal, I., Teague, V., Clark, J., Bracciali, A., Pintore, F., Sala, M. (eds.) FC 2018 Workshops. LNCS, vol. 10958, pp. 64–77. Springer, Berlin, Heidelberg (Mar 2019). https://doi.org/10.1007/978-3-662-58820-8_5

  7. Brorsson, J., David, B., Gentile, L., Pagnin, E., Wagner, P.S.: PAPR: Publicly auditable privacy revocation for anonymous credentials. In: Rosulek, M. (ed.) CT-RSA 2023. LNCS, vol. 13871, pp. 163–190. Springer, Cham (Apr 2023).https://doi.org/10.1007/978-3-031-30872-7_7

  8. Camenisch, J., Drijvers, M., Dubovitskaya, M.: Practical UC-secure delegatable credentials with attributes and their application to blockchain. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017. pp. 683–699. ACM Press (Oct / Nov 2017).https://doi.org/10.1145/3133956.3134025

  9. Camenisch, J., Kohlweiss, M., Soriente, C.: An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 481–500. Springer, Berlin, Heidelberg (Mar 2009). https://doi.org/10.1007/978-3-642-00468-1_27

  10. Camenisch, J., Kohlweiss, M., Soriente, C.: Solving revocation with efficient update of anonymous credentials. In: Garay, J.A., Prisco, R.D. (eds.) SCN 10. LNCS, vol. 6280, pp. 454–471. Springer, Berlin, Heidelberg (Sep 2010). https://doi.org/10.1007/978-3-642-15317-4_28

  11. Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G.L., Neven, G., Pedersen, M.Ø.: Formal treatment of privacy-enhancing credential systems. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 3–24. Springer, Cham (Aug 2016).https://doi.org/10.1007/978-3-319-31301-6_1

  12. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Berlin, Heidelberg (May 2001).https://doi.org/10.1007/3-540-44987-6_7

  13. Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Berlin, Heidelberg (Aug 2002).https://doi.org/10.1007/3-540-45708-9_5

  14. Chase, M., Lysyanskaya, A.: On signatures of knowledge. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 78–96. Springer, Berlin, Heidelberg (Aug 2006).https://doi.org/10.1007/11818175_5

  15. Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (oct 1985). https://doi.org/10.1145/4372.4373

  16. Connolly, A., Lafourcade, P., Perez-Kempner, O.: Improved constructions of anonymous credentials from structure-preserving signatures on equivalence classes. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022, Part I. LNCS, vol. 13177, pp. 409–438. Springer, Cham (Mar 2022). https://doi.org/10.1007/978-3-030-97121-2_15

  17. Crites, E.C., Lysyanskaya, A.: Delegatable anonymous credentials from mercurial signatures. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 535–555. Springer, Cham (Mar 2019).https://doi.org/10.1007/978-3-030-12612-4_27

  18. Crites, E.C., Lysyanskaya, A.: Mercurial signatures for variable-length messages. PoPETs 2021(4), 441–463 (2021). https://doi.org/10.2478/popets-2021-0079

  19. Derler, D., Hanser, C., Slamanig, D.: A new approach to efficient revocable attribute-based anonymous credentials. In: Groth, J. (ed.) 15th IMA International Conference on Cryptography and Coding. LNCS, vol. 9496, pp. 57–74. Springer, Cham (Dec 2015). https://doi.org/10.1007/978-3-319-27239-9_4

  20. Fuchsbauer, G., Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and constant-size anonymous credentials. Journal of Cryptology 32(2), 498–546 (Apr 2019). https://doi.org/10.1007/s00145-018-9281-4

  21. Griffy, S., Lysyanskaya, A.: PACIFIC. IACR Communications in Cryptology 1(2) (2024). https://doi.org/10.62056/ay11fhbmo

  22. Griffy, S., Lysyanskaya, A., Mir, O., Kempner, O.P., Slamanig, D.: Delegatable anonymous credentials from mercurial signatures with stronger privacy. Cryptology ePrint Archive, Report 2024/1216 (2024), https://eprint.iacr.org/2024/1216

  23. Groth, J., Kohlweiss, M., Maller, M., Meiklejohn, S., Miers, I.: Updatable and universal common reference strings with applications to zk-SNARKs. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10993, pp. 698–728. Springer, Cham (Aug 2018). https://doi.org/10.1007/978-3-319-96878-0_24

  24. Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Berlin, Heidelberg (Apr 2008). https://doi.org/10.1007/978-3-540-78967-3_24

  25. Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 491–511. Springer, Berlin, Heidelberg (Dec 2014).https://doi.org/10.1007/978-3-662-45611-8_26

  26. Hanzlik, L., Slamanig, D.: With a little help from my friends: Constructing practical anonymous credentials. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021. pp. 2004–2023. ACM Press (Nov 2021).https://doi.org/10.1145/3460120.3484582

  27. Mir, O., Bauer, B., Griffy, S., Lysyanskaya, A., Slamanig, D.: Aggregate signatures with versatile randomization and issuer-hiding multi-authority anonymous credentials. In: Meng, W., Jensen, C.D., Cremers, C., Kirda, E. (eds.) ACM CCS 2023. pp. 30–44. ACM Press (Nov 2023). https://doi.org/10.1145/3576915.3623203

  28. Mir, O., Slamanig, D., Bauer, B., Mayrhofer, R.: Practical delegatable anonymous credentials from equivalence class signatures. Proc. Priv. Enhancing Technol. 2023(3), 488–513 (2023). https://doi.org/10.56553/POPETS-2023-0093

  29. Abe, M., Nanri, M., Perez Kempner, O., Tibouchi, M.: Interactive threshold mercurial signatures and applications. Cryptology ePrint Archive, Paper 2024/625 (2024). https://doi.org/10.1007/978-981-96-0891-1_3, https://eprint.iacr.org/2024/625

  30. Nikolaenko, V., Ragsdale, S., Bonneau, J., Boneh, D.: Powers-of-tau to the people: Decentralizing setup ceremonies. In: Pöpper, C., Batina, L. (eds.) Applied Cryptography and Network Security - 22nd International Conference, ACNS 2024, Abu Dhabi, United Arab Emirates, March 5-8, 2024, Proceedings, Part III. Lecture Notes in Computer Science, vol. 14585, pp. 105–134. Springer (2024). https://doi.org/10.1007/978-3-031-54776-8_5

  31. Putman, C., Martin, K.M.: Selective delegation of attributes in mercurial signature credentials. Cryptology ePrint Archive, Report 2023/1896 (2023), https://eprint.iacr.org/2023/1896

  32. Putman, C., Martin, K.M.: Selective delegation of attributes in mercurial signature credentials. In: Quaglia, E.A. (ed.) Cryptography and Coding. pp. 181–196. Springer Nature Switzerland, Cham (2024)

    Google Scholar 

  33. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Proceedings of the 16th Annual International Conference on Theory and Application of Cryptographic Techniques. p. 256–266. EUROCRYPT’97, Springer-Verlag, Berlin, Heidelberg (1997)

    Google Scholar 

Download references

Acknowledgments

We are very grateful to the anonymous reviewers for their many helpful comments and suggestions. Omid Mir was supported by the European Union’s Horizon Europe project SUNRISE (project no. 101073821), and by PREPARED, a project funded by the Austrian security research programme KIRAS of the Federal Ministry of Finance (BMF). Scott Griffy and Anna Lysysanskaya were supported by NSF grants 2247305, 2154170, and 2312241 as well as the Ethereum Foundation.

Author information

Authors and Affiliations

  1. Brown University, Providence RI, USA

    Scott Griffy & Anna Lysyanskaya

  2. AIT Austrian Institute of Technology, Vienna, Austria

    Omid Mir

  3. NTT Social Informatics Laboratories, Tokyo, Japan

    Octavio Perez Kempner

  4. Universität der Bundeswehr München, Munich, Germany

    Daniel Slamanig

Authors
  1. Scott Griffy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anna Lysyanskaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Omid Mir
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Octavio Perez Kempner
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Daniel Slamanig
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Scott Griffy .

Editor information

Editors and Affiliations

  1. Academia Sinica, Taipei, Taiwan

    Kai-Min Chung

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Yu Sasaki

Rights and permissions

Reprints and permissions

Copyright information

© 2025 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Griffy, S., Lysyanskaya, A., Mir, O., Perez Kempner, O., Slamanig, D. (2025). Delegatable Anonymous Credentials from Mercurial Signatures with Stronger Privacy. In: Chung, KM., Sasaki, Y. (eds) Advances in Cryptology – ASIACRYPT 2024. ASIACRYPT 2024. Lecture Notes in Computer Science, vol 15485. Springer, Singapore. https://doi.org/10.1007/978-981-96-0888-1_10

Download citation

  • DOI: https://doi.org/10.1007/978-981-96-0888-1_10

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-96-0887-4

  • Online ISBN: 978-981-96-0888-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy