[21987] in cryptography@c2.net mail archive
Re: Unforgeable Blinded Credentials
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sat Apr 8 16:32:51 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 08 Apr 2006 20:14:03 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Christian Paquin <paquin@credentica.com>
Cc: Adam Back <adam@cypherspace.org>, cryptography@metzdowd.com
In-Reply-To: <4433F90A.7030905@credentica.com>
Christian Paquin wrote:
> Adam Back wrote:
>> On Tue, Apr 04, 2006 at 06:15:48AM +0100, Ben Laurie wrote:
>>> Brands actually has a neat solution to this where the credential is
>>> unlinkable for n shows, but on the (n+1)th show reveals some secret
>>> information (n is usually set to 1 but doesn't have to be).
>>
>> I think they shows are linkable, but if you show more than allowed
>> times, all of the attributes are leaked, including the credential
>> secret key and potentially some identifying information like your
>> credit card number, your address etc.
>
> In Brands' system, multiple uses of a n-show credential are not linkable
> to the issuing (i.e. they are untraceable), but they are indeed linkable
> if presented to the same party: the verifier will recognize the
> credential when re-used. This is useful for limited pseudonymous access
> to accounts or resources. If you want showing unlinkability, better get
> n one-show credentials (simpler and more efficient).
That's only true if the credential contains any unblinded unique data,
surely?
Cheers,
Ben.
--
http://www.links.org/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
