International Association for Cryptologic Research

International Association
for Cryptologic Research


Thomas Gross


MoniPoly---An Expressive $q$-SDH-Based Anonymous Attribute-Based Credential System 📺
Syh-Yuan Tan Thomas Gross
Modern attribute-based anonymous credential (ABC) systems benefit from special encodings that yield expressive and highly efficient show proofs on logical statements. The technique was first proposed by Camenisch and Gro{\ss}, who constructed an SRSA-based ABC system with prime-encoded attributes that offers efficient \textsf{AND}, \textsf{OR} and \textsf{NOT} proofs. While other ABC frameworks have adopted constructions in the same vein, the Camenisch-Gro{\ss} ABC has been the most expressive and asymptotically most efficient proof system to date, even if it was constrained by the requirement of a trusted message-space setup and an inherent restriction to finite-set attributes encoded as primes. In this paper, combining a new set commitment scheme and an SDH-based signature scheme, we present a provably secure ABC system that supports show proofs for complex statements. This construction is not only more expressive than existing approaches, but it is also highly efficient under unrestricted attribute space due to its ECC protocols only requiring a constant number of bilinear pairings by the verifier; none by the prover. Furthermore, we introduce strong security models for impersonation and unlinkability under adaptive active and concurrent attacks to allow for the expressiveness of our ABC as well as for a systematic comparison to existing schemes. Given this foundation, we are the first to comprehensively formally prove the security of an ABC with expressive show proofs. Specifically, we prove the security against impersonation under the $q$-(co-)SDH assumption with a tight reduction. Besides the set commitment scheme, which may be of independent interest, our security models can serve as a foundation for the design of future ABC systems.


Thomas Gross (1)
Syh-Yuan Tan (1)