Attack on a U-Prove Revocation Scheme 
                        
                        L. Hanzlik, K. Kluczniak, M. Kutylowski
                           Wroclaw University of Technology 
                   
                   
We analyse security of the scheme proposed in the paper ``Accumulators and U-Prove Revocation", 
published in the Financial Cryptography 2013  proceedings.  As the title says, the authors propose 
an extension for U-Prove, the credential system developed by Microsoft. This extension allows 
to revoke tokens (containers for credentials) using a new cryptographic accumulator scheme. 
We show that, under certain conditions, there exists an attack that allows a user to pass 
the verification while using a revoked U-Prove token. It follows that the proposed solution fails 
to fulfil the primary goal of revocation schemes. 

Recently, a  closely related system has been published by Microsoft Research in 
``U-Prove Designated-Verifier Accumulator Revocation Extension, Draf 1 Revision".  
Our attack does not work for this version of revocation. 

                   
                   
                   
Accepted for Financial Cryptography 2014