One Time Anonymous Certificate: X.509 Supporting Anonymity

• Published in: Cryptology and Network Security pp. 334 - 353
• Main Authors: Abed, Aymen, Canard, Sébastien
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg 2010
• Series: Lecture Notes in Computer Science
• Subjects: Direct Anonymous Attestation; Group Signature; Random Oracle Model; Signature Scheme; Validity Period
• ISBN: 9783642176180; 3642176186
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-642-17619-7_23

It is widely admitted that group signatures are today one of the most important cryptographic tool regarding privacy enhancing technologies. As evidence, the ISO organization has began a subject on authentication mechanisms supporting anonymity, in which group signatures are largely studied. However, it seems difficult to embed group signatures into other standards designed for classical authentication and signature mechanisms, such as the PKI X.509 certification. In fact, X.509 public key certificates are today widely used but not designed to support anonymity. One attempt has been done by Benjumea et al. but with the drawback that (i) the solution loses the principle of one certification per signer, (ii) revocation cannot be performed efficiently and (iii) the proposed architecture can not be applied to anonymous credentials, a concept close to group signature and today implemented by IBM or Microsoft. This paper presents a new approach which permits to use the X.509 standard to group signature schemes and anonymous credentials in a more standard and efficient way than related work.