Skip to main content
SpringerLink
Log in

Efficient Implementation of AND, OR and NOT Operators for ABCs

  • Conference paper
  • First Online:
Trusted Systems (INTRUST 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9565))

Included in the following conference series:

  • 377 Accesses

Abstract

In the last few years several practitioners have proposed different strategies for implementing Attribute-based credentials (ABCs) on smart cards. ABCs allow citizens to prove certain properties about themselves without necessarily revealing their full identity. The Idemix ABC is the most versatile ABC system proposed in the literature, supporting peudonyms, equality proofs of representation, verifiable encryption of attributes and proving properties of attributes via AND, NOT and OR operators. Recently, Vullers et al. and De La Piedra et al. addressed the implementation of the selective disclosure operations, pseudonyms and multi-credential proofs such as equality proofs of representation. In this manuscript, we present implementation strategies for proving properties of user attributes via these operators and show how to combine them via external and internal commitment reordering.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.irmacard.org.

  2. 2.

    Our performance figures have been extracted relying on a MULTOS ML3-R3-80K smart card using the SCM Microsystems SCL011 reader in a Intel Core i5-3230M CPU clocked at 2.60 GHz running Debian Linux 3.13.6-1, python 2.7.6, python-pyscard 1.6.12.1-4 and CHARM 0.43 [2].

  3. 3.

    In the first stage, the prover sends to the verifier a commitment message t or t_value. In the second move, the verifier sends to the prover a random challenge message c. Finally, the last message sent by the prover includes a response value or s_value.

  4. 4.

    For instance, an empty proof of possession over a set of attributes \((m_0, ..., m_5)\) is represented using the Camenisch-Staedler notation [11] as: NIZK \(:\{(\varepsilon ', \nu ', \alpha _0,...,\alpha _5): Z \equiv \pm R_0^{\alpha _0}R_1^{\alpha _1}R_2^{\alpha _2} R_3^{\alpha _3}R_4^{\alpha _4}R_5^{\alpha _5}A^{\varepsilon '}S^{\nu '} ~\mathrm {mod}~n \}\) being the Greek letters \((\varepsilon ', \nu ')\) and \((\alpha _0,...,\alpha _5)\) the values of the signature and the set of attributes proved in zero knowledge and not revealed.

  5. 5.

    As described in [18], the attributes are represented as \(l_m = 256\) bits. The rest of parameters are set as \(l'_{e} = 120\) (size of the interval where the e values are selected), (security parameter of the statistical ZKP), \(l_H = 256\) (domain of the hash function in the Fiat-Shamir heuristic), \(l_e = 504\) (size of e), \(l_n = 1,024\) (size of the RSA modulus) and \(l_v = 1,604\) bits (size of v).

  6. 6.

    http://www.infineon.com/dgdl/SPO_SLE+78CX1280P_2012-07.pdf?folderId=db3a304325afd6e00126508d47f72f66&fileId=db3a30433fcce646013fe3d672214ab8 (Accessed 27 February 2015).

  7. 7.

    Thus, for one possibility per attribute, we prove the non-existence of one attribute in \(m_i\). In this case, \(m_i = 3\) and \(m_t = 5\cdot 7\cdot 11\cdot 13\) (case 1). We consider 10 possibilities per attribute (50 primes). We prove the non-existence of one attribute in \(m_i\). For \(m_i = 3\), \(m_t = 179\cdot 181\cdot 191\cdot 193\) (case 2). We consider 1,000 possibilities per attribute (i.e. 5,000 primes) and we prove the non-existence of two attributes in \(m_t\) for \(m_i = 1,999\cdot 2,161\) and \(m_t = 3,323\cdot 3,253\cdot 2,897\cdot 2,999\) (case 3). Finally, we consider 10,000 possibilities per attribute (50,000 primes) and we proof the non-existence of two primes \(m_i = 91,387\cdot 91,393\) in \(m_t = 102,461\cdot 102,481\cdot 102,497\cdot 102,499\) (case 4).

  8. 8.

    We use the following notation in Tables 4, 5 and 6: PRE means precomputation, EUC 1-3 is related to the cases presented in Table 3, RA means Reveal all the Attributes with the exception of the master secret and HA to hide every attribute in the credential.

  9. 9.

    In this manuscript we only address the first version of this NIZK described in [7] and leave the second one beyond the scope of this work due the computation limitations of our target device.

References

  1. Akhavi, A., Vallée, B.: Average Bit-Complexity of Euclidean Algorithms. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 373–387. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  2. Akinyele, J.A., Garman, C., Miers, I., Pagano, M.W., Rushanan, M., Green, M., Rubin, A.D.: Charm: a framework for rapidly prototyping cryptosystems. J. Crypt. Eng. 3(2), 111–128 (2013)

    Article  Google Scholar 

  3. Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java Card. In: ACM Conference on Computer and Communications Security, pp. 600–610 (2009)

    Google Scholar 

  4. Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)

    Google Scholar 

  5. Camenisch, J., Dubovitskaya, M., Enderlein, R.R., Lehmann, A., Neven, G., Paquin, C., Preiss, F.-S.: Concepts and languages for privacy-preserving attribute-based authentication. J. Inf. Sec. Appl. 19(1), 25–44 (2014)

    Google Scholar 

  6. Camenisch, J., Dubovitskaya, M., Lehmann, A., Neven, G., Paquin, C., Preiss, F.-S.: Concepts and languages for privacy-preserving attribute-based authentication. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 34–52. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  7. Camenisch, J., Groß, T.: Efficient attributes for anonymous credentials (extended version). IACR Cryptol. ePrint Arch. 2010, 496 (2010)

    Google Scholar 

  8. Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: ACM Conference on Computer and Communications Security, pp. 21–30 (2002)

    Google Scholar 

  9. Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 93. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Camenisch, J.L., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Camenisch, J.L., Stadler, M.A.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  12. Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  13. Damgård, I.B.: Commitment schemes and zero-knowledge protocols. In: Damgård, I.B. (ed.) EEF School 1998. LNCS, vol. 1561, p. 63. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  14. Damgård, I.B.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418–430. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  15. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)

    Google Scholar 

  16. Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  17. Knuth, D.E.: The Art of Computer Programming, Volume II: Seminumerical Algorithms, vol. 2, 2nd edn. Addison-Wesley, Boston (1981)

    MATH  Google Scholar 

  18. de la Piedra, A., Hoepman, J.-H., Vullers, P.: Towards a full-featured implementation of attribute based credentials on smart cards. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 270–289. Springer, Heidelberg (2014)

    Google Scholar 

  19. Sterckx, M., Gierlichs, B., Preneel, B., Verbauwhede, I.: Efficient implementation of anonymous credentials on java card smart cards. In: 1st IEEE International Workshop on Information Forensics and Security (WIFS), pp. 106–110. IEEE, London, UK, 2009 (2009)

    Google Scholar 

  20. Vullers, P., Alpár, G.: Efficient selective disclosure on smart cards using idemix. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 53–67. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ICIS DS, Radboud University Nijmegen, Nijmegen, The Netherlands

    Antonio de la Piedra

Authors
  1. Antonio de la Piedra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Antonio de la Piedra .

Editor information

Editors and Affiliations

  1. Computer Science, Columbia University, New York, New York, USA

    Moti Yung

  2. Key Laboratory of Trusted Computing, Beijing University of Technology, Beijing, China

    Jianbiao Zhang

  3. Key Laboratory of Trusted Computing, Beijing University of Technology, Beijing, China

    Zhen Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

de la Piedra, A. (2016). Efficient Implementation of AND, OR and NOT Operators for ABCs. In: Yung, M., Zhang, J., Yang, Z. (eds) Trusted Systems. INTRUST 2015. Lecture Notes in Computer Science(), vol 9565. Springer, Cham. https://doi.org/10.1007/978-3-319-31550-8_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31550-8_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31549-2

  • Online ISBN: 978-3-319-31550-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation