A Short Paper on How to Improve U-Prove Using Self-Blindable Certificates

“…Secondly, lack of randomization may be a problem. To guarantee nontraceability in U-prove, one needs several credentials [12]. In our schema, the triple (h, R, c) can become (h, R ′ , c ′ ) where (R ′ , c ′ ) is a random version of (R, c) without invalidating the signature.…”

“…Some of them are based on ECC without pairing (U-prove for instance) but do not fully take into account some fundamental features relative to privacy preserving. Indeed, Lucjan et al [12] showed that unlinkability feature is not fully taken into account by U-prove. With reference to RSA based cryptosytems, the major problem remains keys' size which will necessarily rise problem of storage, performance in computing time and bandwidth usage.…”

“…The U-prove scheme, by its generality, can be implemented either on the basis of subgroup or using ECC. However, as shown by Lucjan et al [12], unlinkability feature is not fully taken into account. Indeed, if a token is presented twice to a verifier, then the later knows that it is the same token.…”

I2PA: An Efficient ABC for IoT

“…Secondly, lack of randomization may be a problem. To guarantee nontraceability in U-prove, one needs several credentials [12]. In our schema, the triple (h, R, c) can become (h, R ′ , c ′ ) where (R ′ , c ′ ) is a random version of (R, c) without invalidating the signature.…”

“…Some of them are based on ECC without pairing (U-prove for instance) but do not fully take into account some fundamental features relative to privacy preserving. Indeed, Lucjan et al [12] showed that unlinkability feature is not fully taken into account by U-prove. With reference to RSA based cryptosytems, the major problem remains keys' size which will necessarily rise problem of storage, performance in computing time and bandwidth usage.…”

“…The U-prove scheme, by its generality, can be implemented either on the basis of subgroup or using ECC. However, as shown by Lucjan et al [12], unlinkability feature is not fully taken into account. Indeed, if a token is presented twice to a verifier, then the later knows that it is the same token.…”

I2PA: An Efficient ABC for IoT

“…However, this scheme offers no multi-show unlinkability. In an attempt to fix this, L. Hanzlik and K. Kluczniak proposed in [9], and presented at Financial Crypto 2014, a new scheme that is based on U-Prove but uses a different signature scheme. This signature scheme is based on the self-blindable construction by Verheul [11], and allows a credential to be blinded; i.e., modified into a new valid credential over the same attributes.…”

“…

Recently an unlinkable version of the U-Prove attributebased credential scheme was proposed at Financial Crypto'14 [9]. Unfortunately, the new scheme is forgeable: if sufficiently many users work together then they can construct new credentials, containing any set of attributes of their choice, without any involvement of the issuer.

…”

The Self-blindable U-Prove Scheme from FC’14 Is Forgeable (Short Paper)

An Efficient Self-blindable Attribute-Based Credential Scheme