Dynamic Anonymous Credential Systems With Controllable Anonymity and Unlinkability

In the paper we present novel anonymous credential schemes that provide controllable opening and linking capability. In a normal situation, signers are allowed to prove their possession of attributes of credentials anonymously and in a user-controllable way. The proof can demonstrate that certified claims hold with a desired privacy level, such as proving that age is within a certain value or a pre-defined range. However, in case of misbehaviors or for accountability, the identity of a signer can be revealed or signatures can be anonymously linked using opening and linking keys, respectively. The proposed scheme is designed to work for dynamic credential management allowing for the issuance of new credentials and proper revocation. To prove the security of the proposed anonymous credential scheme, we first define a security model to capture basic properties, anonymity, traceability, non-frameability, and controllable unlinkability. We then demonstrate that it satisfies all these properties under the standard assumption, i.e., $q$ -strong Diffie-Hellman assumption in the random oracle model. Finally we provide a performance analysis of our scheme in terms of signature size and basic signing and verifying operations. Additionally, we present empirical results to show that the performance of our scheme is reasonably efficient.