Anonymous Single-Sign-On for n Designated Services with Traceability

  • Jinguang Han
  • Liqun Chen
  • Steve Schneider
  • Helen Treharne
  • Stephan WesemeyerEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11098)


Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity. This has become more important with the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is that authentication can occur only between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user’s service access information, even if the verifiers for these services collude. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole service access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme’s security model is given together with a security proof, an implementation and a performance evaluation.


Anonymous Single-Sign-On Security Privacy Anonymity 



This work has been supported by the EPSRC Project DICE: “Data to Improve the Customer Experience”, EP/N028295/1. The authors would also like to thank the anonymous reviewers and Dr François Dupressoir for their valuable feedback and comments.


  1. 1.
    Armknecht, F., Löhr, H., Manulis, M., Sadeghi, A.-R., et al.: Secure multi-coupons for federated environments: privacy-preserving and customer-friendly. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 29–44. Springer, Heidelberg (2008). Scholar
  2. 2.
    Au, M.H., Susilo, W., Mu, Y.: Constant-size dynamic k-TAA. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 111–125. Springer, Heidelberg (2006). Scholar
  3. 3.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). Scholar
  4. 4.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). Scholar
  5. 5.
    Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). Scholar
  7. 7.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). Scholar
  8. 8.
    Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong Diffie Hellman assumption revisited. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 1–20. Springer, Cham (2016). Scholar
  9. 9.
    Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic \(n\)-times anonymous authentication. In: ACM CCS 2006, pp. 201–210. ACM (2006)Google Scholar
  10. 10.
    Camenisch, J., Kiayias, A., Yung, M.: On the portability of generalized Schnorr proofs. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 425–442. Springer, Heidelberg (2009). Scholar
  11. 11.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003). Scholar
  12. 12.
    Camenisch, J., Michels, M.: Proving in zero-knowledge that a number is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999). Scholar
  13. 13.
    Camenisch, J., Mödersheim, S., Sommer, D.: A formal model of identity mixer. In: Kowalewski, S., Roveri, M. (eds.) FMICS 2010. LNCS, vol. 6371, pp. 198–214. Springer, Heidelberg (2010). Scholar
  14. 14.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups (extended abstract). In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997). Scholar
  15. 15.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). Scholar
  16. 16.
    De Caro, A., Iovino, V.: JPBC: Java pairing based cryptography. In: ISCC 2011, pp. 850–855. IEEE (2011)Google Scholar
  17. 17.
    DICE Project: Benchmark E-ticketing Systems (BETS) (2017).
  18. 18.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Inf. Theory Soc. 22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Elmufti, K., Weerasinghe, D., Rajarajan, M., Rakocevic, V.: Anonymous authentication for mobile single sign-on to protect user privacy. Int. J. Mob. Commun. 6(6), 760–769 (2008)CrossRefGoogle Scholar
  20. 20.
    European Commission and European Council: Regulation (EU) 2016/679: General Data Protection Regulation (2016).
  21. 21.
    Fan, C.I., Wu, C.N., Chen, W.K., Sun, W.Z.: Attribute-based strong designated-verifier signature scheme. J. Syst. Softw. 85(4), 944–959 (2012)CrossRefGoogle Scholar
  22. 22.
    Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Ghadafi, E., Smart, N.P., Warinschi, B.: Groth–Sahai proofs revisited. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 177–192. Springer, Heidelberg (2010). Scholar
  24. 24.
    Gordon, D.M.: Discrete logarithms in GF(P) using the number field sieve. SIAM J. Discret. Math. 6(1), 124–138 (1993)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Han, J., Chen, L., Schneider, S., Treharne, H., Wesemeyer, S.: Anonymous Single-Sign-On for \(n\) services with traceability (2018).
  26. 26.
    Han, J., Mu, Y., Susilo, W., Yan, J.: A generic construction of dynamic single sign-on with strong security. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICSSITE, vol. 50, pp. 181–198. Springer, Heidelberg (2010). Scholar
  27. 27.
    IBM Research Zürich: Identity mixer (2018).
  28. 28.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996). Scholar
  29. 29.
    Lee, T.F.: Provably secure anonymous single-sign-on authentication mechanisms using extended chebyshev chaotic maps for distributed computer networks. IEEE Syst. J. 12(2), 1499–1505 (2015)CrossRefGoogle Scholar
  30. 30.
    Legion of the Bouncy Castle Inc: Bouncy Castle Crypto APIs.
  31. 31.
    Liu, W., Mu, Y., Yang, G., Yu, Y.: Efficient e-coupon systems with strong user privacy. Telecommun. Syst. 64(4), 695–708 (2017)CrossRefGoogle Scholar
  32. 32.
    Lynn, B.: The pairing-based cryptography (PBC) library (2010).
  33. 33.
    MIT Kerberos: Kerberos: The network authentication protocol (2017).
  34. 34.
    Nguyen, L., Safavi-Naini, R.: Dynamic k-times anonymous authentication. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 318–333. Springer, Heidelberg (2005). Scholar
  35. 35.
    Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: DIM 2006, pp. 11–16. ACM (2006)Google Scholar
  36. 36.
    Schnor, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)zbMATHGoogle Scholar
  37. 37.
    Teranishi, I., Furukawa, J., Sako, K.: k-times anonymous authentication (extended abstract). In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 308–322. Springer, Heidelberg (2004). Scholar
  38. 38.
    Wang, J., Wang, G., Susilo, W.: Anonymous single sign-on schemes transformed from group signatures. In: INCoS 2013, pp. 560–567. IEEE (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Jinguang Han
    • 1
  • Liqun Chen
    • 1
  • Steve Schneider
    • 1
  • Helen Treharne
    • 1
  • Stephan Wesemeyer
    • 1
    Email author
  1. 1.Department of Computer ScienceUniversity of SurreyGuildfordUK

Personalised recommendations