Anonymous Credentials – Will they ever be practical?
Anonymous Credentials: Will they ever be practical?
Tuesday 5J Convener: Francisco Corella & Karen Lewison
Notes-taker(s): Karen Lewison
Tags for the session - technology discussed/ideas considered:
Anonymous credentials, U-Prove, Idemix, unlinkability, Javascript local storage, Javascript service workers, IndexedDB API
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Anonymous credentials, which provide varying degrees of unlinkability, include U-Prove, Idemix, other methods of providing zero-knowledge proofs, blinding techniques, group signatures.
One difficulty with implementing anonymous credentials is storage of the credential, as exemplified by Microsoft’s implementation of U-Prove, which stored the credentials in a Windows native app, making it platform-specific. Now, credentials issued by web apps can be stored in browser local storage accessible through the IndexedDB API. Possession of the credential can be proved by an offline front end of the issuer via a JavaScript service worker, without involvement of the issuer back end, avoiding linkability by timing correlation.
Other problems with anonymous credentials are: complexity of the cryptographic algorithms; revocation, in that a traditional revocation list precludes unlinkability; U-Prove had no solution, Idemix used very short term credentials that are valid for only a few hours; there is the possibility of timing correlation on reissuance, if credentials are “picked up” after a gap of several issuance cycles; instead, IBM is now implementing dynamic accumulators. Last is the prevention of credential sharing, which is a difficult human engineering problem.