Provided by: UC Regents
Date Added: Oct 2013
The authors consider the problem of constructing anonymous credentials for use in a setting where the issuer of credentials is also the verifier, or more generally where the issuer and verifier have a shared key. In this setting they can use Message Authentication Codes (MACs) instead of public key signatures as the basis for the credential system. To this end, they construct two algebraic MACs in prime-order groups, along with efficient protocols for issuing credentials, asserting possession a credential, and proving statements about hidden attributes (e.g., the age of the credential owner).