Research And Implementation Of Attributes Proof Protocols Based On CL Anonymous Credential System

We use an anonymous and unlinkable fashion to show a user’s electronic identity credential in an anonymous credential system, and can prove a series of attributes relations. Unfortunately, traditional attributes proof protocols usually suffer from linear computational complexity related to the number of user attributes. For this problem, we have studied the computational complexity of the attributes proofs, and proposed a serial of efficient attributes proof protocols. The core idea is issuing an anonymous credential for a single one attribute and proving relations over attributes by selectively aggregating individual signatures.The main work and achievement of this thesisi are as follows:(1) We studied the CL signature scheme which was proposed by Camenish and Lysyanskaya in 2004, and present a selective aggregate CL-signature scheme along with the aggregate signature technology. It has constant complexity in verification of multiple signatures. At the same time, we prove that the selective aggregate CL-signature scheme is correct and existentially unforgeable against adaptively chosen-message attack under CL signature scheme. Then, we show the protocol on how to issue anonymous credential to users, and prove the security of the protocol formally. (2) We describe a serial of attributes proof protocols based on the proposed anonymous credential system. According to the attribute-based policy, users can select which attributes and the corresponding individual credentials are involved in the proof. They can prove the possession of the required attributes either on AND and OR relations or comparison relations, i.e. inequality to a given value, and belonging to a given interval. We describe these attributes proof protocols in the thesis and prove the security formally. (3) We present the implementation of these attribute proof protocols using the IatePair package under Java language. There are three entities involved in these protocols:user, signer and verifier. Firstly, we design the entity classes, including user, signer and verifier classes, and the ECC classes. Then, we give the implementation of core functions which consists of algorithms of the selective aggregate CL-signature scheme, issuance of the anonymous credential system and the attributes proof protocols. Finally, we give the computational complexity analysis of the efficient attributes proof protocols, and shows that the resulting protocols have advantages in computation cost:the AND and OR relation proofs are outperforms the convetional CL anonnymous credential system and the accumulator-based system as the number of certified attributes is no larger than 14; there are no interval and inequality proofs presented in the other two systems, we give the supplement in this thesis.