Jan Camenisch, Maria Dubovitskaya, Anja Lehmann, Gregory Neven, Christian Paquin, and Franz-Stefan Preiss
20 April 2012
Existing cryptographic realizations of privacy-friendly authentication mechanisms such as anonymous credentials, minimal disclosure tokens, self-blindable credentials, and group signatures vary largely in the features they offer and in how these features are realized. Some features such as revocation or deanonymization even require the combination of several cryptographic protocols. These differences and the complexity of the cryptographic protocols hinder the deployment of these mechanisms for practical applications and also make it almost impossible to switch the underlying cryptographic algorithms once the application has been designed. In this paper, we aim to bridge this gap and simplify the design and deployment of privacy-friendly authentication mechanisms. We unify the different concepts and features and define privacy-preserving attribute-based credentials (Privacy-ABCs), provide a language framework in XML schema, and give a semantics to describe the effect of the different transactions in a privacy-friendly authentication system using Privacy-ABCs. Our language framework enables application developers to use Privacy-ABCs with their different features without having to consider the specific cryptographic algorithms under the hood, similarly as they do today for digital signatures, where they do not need to worry about the particulars of the RSA and DSA algorithms either.
Available from http://domino.watson.ibm.com/library/cyberdig.nsf/Home