Forward-looking consistency in Attribute-Based Credentials

Abstract

Authentication mechanisms play an important role in everyday digital interactions and allow users to prove their identity to others. Privacy-preserving Attribute-Based Credential Systems (PABCSs) allow users to authenticate by presenting their credential attributes, while multiple presentations remain unlinkable and untraceable. A revocation mechanism allows the credential issuer to revoke a credential, for example when the attributes of a user change. Verifiers can in turn determine the revocation status of the presented credential. This thesis considers situations in which a verifier needs to determine the revocation status of a credential after the presentation. This stronger revocation level, also described as forward-looking consistency, has not been researched before in PABCSs. To address this gap, we present the PABC-FLC design, a PABCS with forward-looking consistency. Our design allows users to remain offline after presentation, without compromising on the privacy properties. To avoid an impossibility result, we introduce a new participant called the Non-Revocation Prover (NRP). The NRP facilitates a verifier in determining the revocation status of a credential, even though neither the verifier nor the issuer have to trust the NRP. We show that our PABC-FLC design has a comparable experimental runtime to a credential system without revocation mechanism. This experiment shows our design has a runtime overhead of +20 ms (+32%) during presentation and +20 ms (+34%) during verification. Concluding that our PABC-FLC design is a feasible PABCS with forward-looking consistency, while remaining unlinkable and untraceable.