Cryptographic privacy protection in TCPA
Anton Stiglic
astiglic at okiok.com
Wed Sep 4 11:55:39 EDT 2002
> Nomen Nescio wrote:
> > It looks like Camenisch & Lysyanskaya are patenting their credential
> > system. This is from the online patent applications database:
> >
> >
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=/ne
tahtml/PTO/search-bool.html&r=1&f=G&l=50&co1=AND&d=PG01&s1=camenisch&OS=came
nisch&RS=camenisch
Jan Camenisch works for IBM, it's no surprise that the scheme is being
patented.
The scheme is not very efficient compared to Brands', but I would guess
implementable
if you don't mind doing allot of computation.
It is based on zero-knowledge proofs. The basic idea of using
zero-knowledge proofs
to create an unlikable anonymous credentials system is actually pretty
intuitive and simple, and
people have taught about it before Camenisch & Lysyanskay have. You can
probably think
about it yourself and come up with a similar scheme (not necessarily
provably secure however)
The novelty in my point of view is simply the choice of the setting in which
they work in (group of
quadratic residues modulo a composite), so that their scheme can apparently
be proven secure
under the strong RSA assumptions and the decisional DH assumption.
Camenischs work on group signatures and "Proving in zero-knowledge that a
number n is
the product of two safe primes" seem to have lead to the result.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list