Anonymous Credentials  Secure to Ephemeral Leakage
             
          Lukasz Krzywiecki,  Marta Wszola,  Miroslaw Kutylowski
	Wroclaw University of Science and Technology, Wroclaw, Poland
	
\maketitle

We propose an extension to Camenisch-Lysyanskaya's pairing-based anonymous credential system 
immune to attacks on ephemeral values used by the holder of a credential.
In particular, this concerns  the situation where either the output of the random number
generator might be guessed by the adversary, or the protocol is not implemented completely 
on a  tamper  resistant cryptographic device. 

We present a strong security model allowing an adversary to read and modify the random ephemeral values
created by a user during credential issuance and verification. We say that a scheme is secure, 
if in such a setting the adversary cannot successfully execute the verification protocol unless he  holds 
valid credentials and the corresponding private keys. 

Our extension follows the principle of ``minimal modifications'' -- we achieve our goal 
with slight changes of the protocol -- thus allowing to reuse most of the work that 
 has to be done on the way from a theoretical concept to a practical deployment. 

keywords:  anonymous credential, Camenisch-Lysyanskaya signature, bilinear pairing, ephemeral value, leakage,
  impersonation

  
presented at:  Cyber Security Cryptography and Machine Learning 
published in: LNCS 10332 (Springer-Verlag, 2017), pp. 96-98