Keyed-verification anonymous credentials are widely recognized as some of the most efficient tools for anonymous authentication.

In this work, we revisit two prominent credential systems: the scheme by Chase et al. (CCS 2014), commonly referred to as CMZ or PS MAC, and the scheme by Barki et al. (SAC 2016), known as BBDT or BBS MAC. We show how to make CMZ perfectly anonymous and BBS MAC more efficient and compatible with the BBS RFC draft. We provide a comprehensive security analysis for anonymous tokens, showing strong(er) unforgeability and blindness properties, which we call extractability and anonymity. These properties allow them to be composed with extensions that users can select freely. We build rate-limiting and pseudonym systems as examples.

For keyed-verification anonymous credentials, designated-verifier proofs suffice since the verifier is known in advance. To enable faster proofs for complex presentations, we present a compiler that transforms an interactive oracle proof and a designated-verifier polynomial commitment into a designated-verifier non-interactive zero-knowledge proof (NIZK). This allows for building fully-succinct designated-verifier SNARKs without pairings. We explore potential extensions that could benefit from this approach.

Michele Orrù is a chargé de recherche (Assistant Professor) at the French National Centre for Scientific Research (CNRS). He conducts research in cryptography and security, with a focus on zero-knowledge proofs, anonymous credential systems, and confidential transactions. He is a developer of a popular zk-SNARK library (arkworks) and a co-author of an anonymous whistleblowing platform, Globaleaks. In the past, he contributed to Python, Debian, and Tor.

L’ePrint paper https://eprint.iacr.org/2024/1552.pdf