Verifying Anonymous Credential Systems in Applied Pi Calculus

Authors:
Xiangxi Li;Yu Zhang;Yuxin Deng
Affiliations:
Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China;Laboratory for Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, China;Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China
Venue:
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Year:
2009

Citing 15
Cited 1

Security without identification: transaction systems to make big brother obsolete

Communications of the ACM
The knowledge complexity of interactive proof systems

SIAM Journal on Computing
Entity authentication and key distribution

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
An attack on the Needham-Schroeder public-key authentication protocol

Information Processing Letters
Communicating and mobile systems: the &pgr;-calculus

Communicating and mobile systems: the &pgr;-calculus
Mobile values, new names, and secure communication

POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Analyzing an Electronic Cash Protocol Using Applied Pi Calculus

ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Automatic verification of correspondences for security protocols

Journal of Computer Security
New attacks on PKCS#1 v1.5 encryption

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Computer-assisted verification of a protocol for certified email

SAS'03 Proceedings of the 10th international conference on Static analysis
Analysis of an electronic voting protocol in the applied pi calculus

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems

A formal model of identity mixer

FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anonymous credentials are widely used to certify properties of a credential owner or to support the owner to demand valuable services, while hiding the user's identity at the same time. A credential system (a.k.a. pseudonym system) usually consists of multiple interactive procedures between users and organizations, including generating pseudonyms, issuing credentials and verifying credentials, which are required to meet various security properties. We propose a general symbolic model (based on the applied pi calculus) for anonymous credential systems and give formal definitions of a few important security properties, including pseudonym and credential unforgeability, credential safety, pseudonym untraceability. We specialize the general formalization and apply it to the verification of a concrete anonymous credential system proposed by Camenisch and Lysyanskaya. The analysis is done automatically with the tool ProVerif and several security properties have been verified.