Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
نویسندگان
چکیده
We introduce the notion of a dynamic accumulator. An accumulator scheme allows one to hash a large set of inputs into one short value, such that there is a short proof that a given input was incorporated into this value. A dynamic accumulator allows one to dynamically add and delete a value, such that the cost of an add or delete is independent of the number of accumulated values. We provide a construction of a dynamic accumulator and an efficient zero-knowledge proof of knowledge of an accumulated value. We prove their security under the strong RSA assumption. We then show that our construction of dynamic accumulators enables efficient revocation of anonymous credentials, and membership revocation for recent group signature and identity escrow schemes.
منابع مشابه
Efficient Revocation of Anonymous Group Membership Certificates and Anonymous Credentials
An accumulator scheme, introduced be Benaloh and de Mare [BdM94] and further studied by Barić and Pfitzmann [BP97], is an algorithm that allows to hash a large set of inputs into one short value, called the accumulator, such that there is a short witness that a given input was incorporated into the accumulator. We put forward the notion of dynamic accumulators, i.e., a method that allows to dyn...
متن کاملAn Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials
The success of electronic authentication systems, be it eID card systems or Internet authentication systems such as CardSpace, highly depends on the provided level of user-privacy. Thereby, an important requirement is an efficient means for revocation of the authentication credentials. In this paper we consider the problem of revocation for certificate-based privacy-protecting authentication sy...
متن کاملReview on Credential Systems in Anonymizing Networks
A credential system is a system in which users can obtain credentials from organizations and reveal possession of these credentials. This system is called anonymous when transactions carried out by the same user cannot be linked. In this paper we are describing few such credential systems. Nymble is a credential system in which servers themselves can blacklist misbehaving users, and thus blocks...
متن کاملAccumulators and U-Prove Revocation
This work introduces the most efficient universal accumulator known today. For the first time, we have an accumulator which does not depend on hidden order groups, does not require any exponentiations in the target group associated with the pairing function, and only requires two pairings to verify a proof-of-knowledge of a witness. We present implementations of our accumulator and another rece...
متن کاملPerformance Analysis of Accumulator-Based Revocation Mechanisms
Anonymous credentials are discussed as a privacy friendlier replacement for public key certificates. While such a transition would help to protect the privacy of digital citizens in the emerging information society, the wide scale deployment of anonymous credentials still poses many challenges. One of the open technical issues is the efficient revocation of anonymous credentials. Currently, acc...
متن کامل