Research On Design Theory And Key Techniques For Attribute-Based Anonymous Credential

With the constant development of Internet and cloud services and the continuous diversifications of application areas,identity authentication,as a necessary part of access authorization services,has gradually become a core technology of the global information infrastructure.Generally,users must provide their real identity and some sensitive information to service providers for authentication.This allows the service provider to retrieve the user’s private information,significantly harming the user’s privacy and raising the user’s concerns.Therefore,protecting the user’s private information from disclosure while achieving fine-grained identity authentication has become a challenge.Attribute-based anonymous credential acts as a secure,flexible,and privacypreserving identity authentication mechanism to solve this problem perfectly.Compared with traditional public key infrastructure-based certificate systems,anonymous credentials can protect user privacy while providing fine-grained access control and are one of the most important cryptographic tools for secure access to digital services.This dissertation proceeds from the problem of anonymous authentication in privacy preservation and is oriented toward the design theory of anonymous credentials and the security requirements of practical applications.The main objective is to solve the problems faced by the existing anonymous credential schemes,including credential issuer identity disclosure,and credential issuance and user tracing of the distributed systems.Simultaneously,the research will be conducted in three aspects of anonymous credentials:lightweight design application,fine-grained access control application,and efficient privacy-preserving application.The purpose of this dissertation is to propose new anonymous credential design techniques based on current security requirements,promote the integration of anonymous credentials and other cryptographic tools,and provide a theoretical foundation and technical support for addressing practical application problems.The main research results of this dissertation are as follows:(1)To address the problem that the existing anonymous credentials cannot hide the credential issuer from both users and verifiers,the concept and model of double issuer-hiding attribute-based credentials(DIHAC)is proposed.First,a tag-based aggregatable mercurial signature(TAM-Sign)is introduced,and a concrete construction of TAM-Sign is designed by utilizing the aggregatable attribute-based signatures on equivalence classes(AAEQ),mercurial signature and updatable public key scheme.Then,the formal definition and security model of the DIHAC scheme is given,and the generic construction and concrete construction of the DIHAC are designed using the TAM-Sign and the structure-preserving signature on equivalence class(SPS-EQ).Finally,the security of the TAM-Sign and the DIHAC scheme is proved formally,and the practicability of the scheme is demonstrated through performance comparison and experimental analysis on personal computers and smartphones.(2)To address the problem that existing anonymous credential schemes cannot be deployed in distributed systems,a threshold attribute-based credential(TABC)based on unlinkable redactable signature(URS)is proposed by integrating Shamir threshold secret sharing,ElGamal encryption,and signature of knowledge.The TABC scheme supports threshold credential issuance and threshold identity tracing,so that when the anonymous credential scheme is deployed in a distributed environment,it can also achieve stable credential issuance and reliable auditing.The security and practicality of the scheme is demonstrated through security analysis,performance evaluation,and investigation of two application scenarios in the anonymous reporting system and the permissioned token system.(3)To address the problems that existing electronic ticketing schemes are not well suited for resource-constrained devices and cannot prevent ticket sharing between unauthorized devices,a privacy-preserving attribute ticketing scheme based on mobile terminals with smart cards is proposed using PointchevalSanders signatures,aggregatable signatures with randomizable tags(ART-Sign),and anonymous ephemeral identity.The PriRPT scheme is designed for lightweight targets while taking advantage of ubiquitous smart cards and mobile devices for secure separation of the computing unit on the user side.The security of the PriRPT scheme is proven,and the efficiency of the scheme is demonstrated through performance evaluation and comparison on personal computers,smart cards,and smartphones.(4)To address the problems that the existing anonymous single sign-on system does not support fine-grained access control,cannot guarantee the privacy of sign-on requests,and cannot realize stable designated verification services in complex cloud environments,a privacy-preserving single sign-on system with token-hiding and fine-grained access control for cloud environments(PriSign)is proposed.First,the attribute-based credential with traceability(ABCT),attribute-based credential with blindness(ABCB),and threshold innerproduct function encryption(TIPFE)are constructed.Then,the formal definition and security model of the PriSign are given,and concrete construction of the PriSign is designed based on ABCT,ABCB,and TIPFE.Finally,the security of the ABCT,ABCB,TIPFE,and PriSign is proved,and the practicality of the system is demonstrated through the experimental evaluation on a personal computer.(5)To address the problems of disclosure of whistleblower identity and tampering of reported messages in the online reporting system,a privacypreserving reporting system with rewards(PriRPT)is designed using the keyedverification anonymous credential(KVAC),structure-preserving signature on equivalence class(SPS-EQ),and smart contract.The PriRPT is proven to achieve the integrity of reporting messages and the anonymity of the reporting and rewarding procedures,and the practicality of the system is demonstrated through experimental evaluation on an open blockchain platform and a personal computer.