A Language Framework for Privacy-Preserving Attribute-Based Authentication

Existing cryptographic realizations of privacy-friendly authentication mechanisms such as anonymous credentials, minimal disclosure tokens, self-blindable credentials, and group signatures vary largely in the features they offer and in how these features are realized. Some features such as revocation or deanonymization even require the combination of several cryptographic protocols. These differences and the complexity of the cryptographic protocols hinder the deployment of these mechanisms for practical applications and also make it almost impossible to switch the underlying cryptographic algorithms once the application has been designed. In this paper, we aim to bridge this gap and simplify the design and deployment of privacy-friendly authentication mechanisms. We unify the different concepts and features and define privacy-preserving attribute-based credentials (Privacy-ABCs), provide a language framework in XML schema, and give a semantics to describe the effect of the different transactions in a privacy-friendly authentication system using Privacy-ABCs. Our language framework enables application developers to use Privacy-ABCs with their different features without having to consider the specific cryptographic algorithms under the hood, similarly as they do today for digital signatures, where they do not need to worry about the particulars of the RSA and DSA algorithms either.

A shortened version of this paper entitled "Concepts and Languages for Privacy-Preserving Attributed-Based Authentication" has appeared in "Policies and Research in Identity Managment", Proc. 3rd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management "IDMAN," London, United Kingdom, IFIP Advances in Information and Communication Technology, vol. 396 (2013) pp. 34-52.

By: Jan Camenisch, Maria Dubovitskaya, Anja Lehmann, Gregory Neven, Christian Paquin, and Franz-Stefan Preiss

Published in: RZ3818 in 2012


This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.


Questions about this service can be mailed to reports@us.ibm.com .