Skip to main content
SpringerLink
Log in

Attack on U-Prove Revocation Scheme from FC’13 - Passing Verification by Revoked Users

  • Conference paper
  • First Online:
Book cover Financial Cryptography and Data Security (FC 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8437))

Included in the following conference series:

  • 5612 Accesses

Abstract

We analyse security of the scheme proposed in the paper “Accumulators and U-Prove Revocation” from the Financial Cryptography 2013 proceedings. Its authors propose an extension for the U-Prove, the credential system developed by Microsoft. This extension allows to revoke tokens (containers for credentials) using a new cryptographic accumulator scheme. We show that, under certain conditions, there exists a weakness that allows a user to pass the verification while using a revoked U-Prove token. It follows that the proposed solution fails to fulfil the primary goal of revocation schemes.

Recently, a closely related system has been published by Microsoft Research in “U-Prove Designated-Verifier Accumulator Revocation Extension, Draft 1 Revision”. Our attack does not work for this scheme, but the draft lacks formal justification and we cannot exclude problems of this kind.

This paper was partially supported by grant S30028/I-18 from the Institute of Mathematics and Computer Science of the Wroclaw University of Technology. Part of the work was done by the first author within project 2012-9/4 of the Ventures programme of Foundation for Polish Science, cofinanced from European Union, Regional Development Fund.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Microsoft: U-Prove. Webpage of the project (2013). http://research.microsoft.com/en-us/projects/u-prove/

  2. Brands, S.: Untraceable off-line cash in wallets with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994)

    Google Scholar 

  3. Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy, 1st edn. MIT Press, Cambridge/London (2000). http://www.credentica.com/the_mit_pressbook.html

  4. Acar, T., Chow, S.S.M., Nguyen, L.: Accumulators and U-Prove revocation. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 189–196. Springer, Heidelberg (2013)

    Google Scholar 

  5. Lan Nguyen, C.P.: U-Prove designated-verifier accumulator revocation extension. Technical report Draft Revision 1, Microsoft Research (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Fundamental Problems of Technology, Wrocław University of Technology, Wrocław, Poland

    Lucjan Hanzlik, Kamil Kluczniak & Mirosław Kutyłowski

Authors
  1. Lucjan Hanzlik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kamil Kluczniak
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mirosław Kutyłowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lucjan Hanzlik .

Editor information

Editors and Affiliations

  1. Carnegie Mellon University, Pittsburgh, Pennsylvania, USA

    Nicolas Christin

  2. University of Calgary, Calgary, Alberta, Canada

    Reihaneh Safavi-Naini

Rights and permissions

Reprints and permissions

Copyright information

© 2014 International Financial Cryptography Association

About this paper

Cite this paper

Hanzlik, L., Kluczniak, K., Kutyłowski, M. (2014). Attack on U-Prove Revocation Scheme from FC’13 - Passing Verification by Revoked Users. In: Christin, N., Safavi-Naini, R. (eds) Financial Cryptography and Data Security. FC 2014. Lecture Notes in Computer Science(), vol 8437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45472-5_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-45472-5_18

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-45471-8

  • Online ISBN: 978-3-662-45472-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation