Algebraic MACs and Keyed-Verification Anonymous Credentials

Provided by: UC Regents
Topic: Security
Format: PDF
The authors consider the problem of constructing anonymous credentials for use in a setting where the issuer of credentials is also the verifier, or more generally where the issuer and verifier have a shared key. In this setting they can use Message Authentication Codes (MACs) instead of public key signatures as the basis for the credential system. To this end, they construct two algebraic MACs in prime-order groups, along with efficient protocols for issuing credentials, asserting possession a credential, and proving statements about hidden attributes (e.g., the age of the credential owner).

Find By Topic