Our key publications
We argue that electronic authentication require privacy-protecting credentials, not only to protect privacy but also to achieve security. The following paper also provides a brief introduction to anonymous credentials and how they are used.
- Electronic Identities Need Private Credentials
Jan Camenisch, Anja Lehmann, Gregory Neven,
IEEE Security & Privacy 10(1): 80-83 (2012).
DOI
To make the use of IBM Identity Mixer easier, we have defined a number of concepts for privacy protecting authentication and authorization such as pseudonyms, presentation tokens, revocation, and inspection. These concepts are realized by a number of cryptographic algorithms that are dynamically orchestrated based on the information a verifier requests from a user for authentication and authorization. The latter is specified by a policy language we have designed.
- Concepts and Languages for Privacy-Preserving Attribute-Based Authentication
Jan Camenisch, Maria Dubovitskaya, Anja Lehmann, Gregory Neven, Christian Paquin, Franz-Stefan Preiss,
IDMAN 2013: 34-52.
DOI - D2.1 Architecture for Attribute-based Credential Technologies
Jan Camenisch, Ioannis Krontiris, Anja Lehmann, Gregory Neven, Christian Paquin, Kai Rannenberg, Harald Zwingelberg,
PDF
The basic cryptographic algorithms to issue and present credentials were invented by Camenisch and Lysyanskaya at the turn of the century and have been well scrutinized since. The algorithms rely on the so-called strong RSA assumption (which is a variation of the assumption underlying the famous RSA signature scheme) and form the core of the cryptography of IBM Identity Mixer (the currently implemented algorithms differ slightly).
- An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation
Jan Camenisch, Anna Lysyanskaya,
EUROCRYPT 2001: 93-118.
DOI - A Signature Scheme with Efficient Protocols
Jan Camenisch, Anna Lysyanskaya,
SCN 2003: 268-289.
DOI
One way to realize revocation of private attribute-based credentials is based so-called cryptographic accumulator. The security of this mechanism is also based on the strong RSA assumption and it is implemented in Identity Mixer.
- Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
Jan Camenisch, Anna Lysyanskaya,
CRYPTO 2002: 61-76.
DOI
This paper proposes an alternative signature scheme to issue credentials that is based on a variation of the discrete logarithm problem. It is not yet implemented in Identity Mixer.
- Signature Schemes and Anonymous Credentials from Bilinear Maps
Jan Camenisch, Anna Lysyanskaya,
CRYPTO 2004: 56-72.
DOI
To support selective disclosure of attributes, each attribute needs to be treated as a separate message in a credential. Now, if the attribute values are from a small domain, the message space is not used efficiently. This can be overcome by mapping attribute values to primes and then treat the product of the respective primes as message.
- Efficient Attributes for Anonymous Credentials
Jan Camenisch, Thomas Groß,
ACM Trans. Inf. Syst. Secur. 15(1): 4 (2012)
DOI
An encryption scheme with efficient zero-knowledge proofs, which forms the main ingredient for inspection (i.e., lifting the anonymity of presentations).
- Practical Verifiable Encryption and Decryption of Discrete Logarithms
Jan Camenisch, Victor Shoup,
CRYPTO 2003: 126-144.
DOI