see also credentica announcement about U-prove (Re: IBM donates new privacy tool to open-source)

Ben Laurie ben at
Thu Feb 15 13:24:11 EST 2007

Adam Back wrote:
> Related to this announcement, (Stefan Brands' company)
> has released "U-Prove", their toolkit & SDK for doing limited-show,
> selective disclosure and other aspects of the Brands credentials.
> (Also on Stefans blog
> I believe Brands credentials are considerably more computationally
> efficient and more general/flexible than Camenisch credentials.

Not sure about more general. Brands does claim they are more efficient,
though - however, Camenisch/Lysyanskya credentials have been improved
since they were first thought of, and are also a lot faster if you don't
insist on academic rigour. I have not yet put them side-by-side, but I
do have a partial implementation of C/L credentials for OpenSSL and am
planning a Brands implementation, too.

> (Re Hal's comment on the patent status of Camenisch credentials, as
> far as I know patents apply to both systems).
> Looks like you can obtain an evaluation copy of U-prove also.
> Adam
> On Sun, Feb 04, 2007 at 10:34:33AM -0800, "Hal Finney" wrote:
>> John Gilmore forwards:
>>> IBM donates new privacy tool to open-source
>>>   By  Joris Evers
>>>   Staff Writer, CNET
>>>   Published: January 25, 2007, 9:00 PM PST
>>> IBM has developed software designed to let people keep personal  
>>> information secret when doing business online and donated it to the  
>>> Higgins open-source project.
>>>   The software, called "Identity Mixer," was developed by IBM  
>>> researchers. The idea is that people provide encrypted digital  
>>> credentials issued by trusted parties like a bank or government agency  
>>> when transacting online, instead of sharing credit card or other  
>>> details in plain text, Anthony Nadalin, IBM's chief security architect,  
>>> said in an interview.
>>> ...
>> I just wanted to note that the idemix software implements what we
>> sometimes call Camenisch credentials.  This is a very advanced credential
>> system based on zero knowledge and group signatures.  The basic idea is
>> that you get a credential on one pseudonym and can show it on another
>> pseudonym, unlinkably.  More advanced formulations also allow for
>> credential revocation.  I don't know the specifics of what this software
>> implements, and I'm also unclear about the patent status of some of the
>> more sophisticated aspects, but I'm looking forward to being able to
>> experiment with this technology.
>> Hal Finney
>> ---------------------------------------------------------------------
>> The Cryptography Mailing List
>> Unsubscribe by sending "unsubscribe cryptography" to majordomo at
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at


"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list