Unforgeable Blinded Credentials
Ben Laurie
ben at algroup.co.uk
Sat Apr 8 15:14:03 EDT 2006
Christian Paquin wrote:
> Adam Back wrote:
>> On Tue, Apr 04, 2006 at 06:15:48AM +0100, Ben Laurie wrote:
>>> Brands actually has a neat solution to this where the credential is
>>> unlinkable for n shows, but on the (n+1)th show reveals some secret
>>> information (n is usually set to 1 but doesn't have to be).
>>
>> I think they shows are linkable, but if you show more than allowed
>> times, all of the attributes are leaked, including the credential
>> secret key and potentially some identifying information like your
>> credit card number, your address etc.
>
> In Brands' system, multiple uses of a n-show credential are not linkable
> to the issuing (i.e. they are untraceable), but they are indeed linkable
> if presented to the same party: the verifier will recognize the
> credential when re-used. This is useful for limited pseudonymous access
> to accounts or resources. If you want showing unlinkability, better get
> n one-show credentials (simpler and more efficient).
That's only true if the credential contains any unblinded unique data,
surely?
Cheers,
Ben.
--
http://www.links.org/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list