Concepts and languages for privacy-preserving attribute-based authentication

Ref: Jan Camenisch, Maria Dubovitskaya, Anja Lehmann, Gregory Neven, Christian Paquin, and Franz-Stefan Preiss. To appear in Journal of Information Security and Applications. Extended abstract appeared in S. Fischer-Hübner, E. de Leeuw, C. Mitchell, editors, Policies and Research in Identity Management - Third IFIP WG 11.6 Working Conference - IDMAN 2013, pages 34-52. Springer, 2013.

Abstract: Existing cryptographic realizations of privacy-friendly authentication mechanisms such as anonymous credentials, minimal disclosure tokens, self-blindable credentials, and group signatures vary largely in the features they offer and in how these features are realized. Some features such as revocation or de-anonymization even require the combination of several cryptographic protocols. The variety and complexity of the cryptographic protocols hinder the understanding and hence the adoption of these mechanisms in practical applications. They also make it almost impossible to change the underlying cryptographic algorithms once the application has been designed. In this paper, we aim to overcome these issues and simplify both the design and deployment of privacy-friendly authentication mechanisms. We define and unify the concepts and features of privacy-preserving attribute-based credentials (Privacy-ABCs), provide a language framework in XML schema, and present the API of a Privacy-ABC system that supports all the features we describe. Our language framework and API enable application developers to use Privacy-ABCs with all their features without having to consider the specifics of the underlying cryptographic algorithms---similar to as they do today for digital signatures, where they do not need to worry about the particulars of the RSA and DSA algorithms either.