Authentication Without Identification using Anonymous Credential System

Privacy and security are often intertwined. For example, identity theft is rampant because we have become accustomed to authentication by identification. To obtain some service, we provide enough information about our identity for an unscrupulous person to steal it (for example, we give our credit card number to Amazon.com). One of the consequences is that many people avoid e-commerce entirely due to privacy and security concerns. The solution is to perform authentication without identification. In fact, all on-line actions should be as anonymous as possible, for this is the only way to guarantee security for the overall system. A credential system is a system in which users can obtain credentials from organizations and demonstrate possession of these credentials. Such a system is anonymous when transactions carried out by the same user cannot be linked. An anonymous credential system is of significant practical relevance because it is the best means of providing privacy for users.

💡 Research Summary

The paper “Authentication Without Identification Using Anonymous Credential System” argues that the prevailing model of online authentication—where users must reveal personal identifiers to obtain services—creates a serious privacy and security problem. Identity theft, driven by the routine exposure of credit‑card numbers, driver’s‑license data, and other personally identifying information (PII), discourages many users from participating in e‑commerce. The authors propose a paradigm shift: authentication should be possible without revealing a user’s identity, and the most privacy‑preserving approach is to make online actions as anonymous as possible.

An anonymous credential (AC) system is defined as a framework in which users obtain credentials from organizations and later prove possession of those credentials without linking the transactions to a single identity. The system relies on pseudonyms: each organization knows a user only through a pseudonym, and different pseudonyms used with different organizations cannot be correlated. Credentials may be “one‑show” (single‑use) or “multi‑show” (reusable). The paper outlines the essential security properties that such a system must satisfy:

1. Selective Disclosure – Users should be able to reveal only the attributes required for a particular transaction, keeping all other personal data hidden.
2. Unforgeability – Credentials must be cryptographically hard to forge, typically relying on strong assumptions such as the Strong RSA or Diffie‑Hellman problems.
3. Unlinkability – Multiple presentations of the same credential must not be linkable, protecting the user’s transaction history.
4. Revocability – There must be a mechanism to invalidate credentials, either partially (some attributes) or totally (the whole credential).

Additional desiderata include non‑transferability (a credential cannot be handed off to another user), optional anonymity revocation (a trusted authority can reveal a user’s identity in case of illegal activity), and double‑spending protection for one‑show credentials.

The system model introduces five principal entities:

• Users – Hold credentials and interact with services.
• Organizations (Issuers) – Issue and verify credentials; each organization may define a unique credential type.
• Verifiers – Rely on organizations to check the validity of presented credentials.
• Certification Authority (CA) – Ensures that users possess a legitimate public/secret key pair, thereby enforcing non‑transferability.
• Anonymity Revocation Manager – A trusted party that can de‑anonymize a pseudonym under a legally authorized request, and maintain revocation lists (partial or total).

The paper surveys prior work. David Chaum’s early “security without identification” concepts introduced the idea of pseudonymous transactions but required a semi‑trusted third party. Subsequent schemes by Damgård, Chen, and Brands employed blind signatures or minimal disclosure certificates but suffered from inefficiencies, reliance on multiple signatures for multi‑use credentials, or inability to prevent collusion among users. Lysyanskaya, Rivest, Sahai, and Wolf presented a generic pseudonym system based on one‑way functions and zero‑knowledge proofs, yet their constructions were impractical for real‑world deployment. The most notable practical advancement is the Camenisch‑Lysyanskaya (1997) protocol, which uses the Strong RSA and Diffie‑Hellman assumptions to achieve unlinkable multi‑show credentials with optional revocation, representing the first feasible solution that meets most of the listed properties.

Despite these advances, the authors conclude that any practical anonymous credential system inevitably involves a trade‑off between absolute anonymity and the level of trust placed in revocation authorities or issuers. Full anonymity precludes any legal recourse against illicit behavior, while strong revocation capabilities can erode privacy if misused. Consequently, system designers must carefully balance cryptographic strength, operational trust models, and regulatory requirements.

In summary, the paper positions anonymous credential systems as a promising avenue for reconciling privacy with authentication needs. It outlines the essential security properties, architectural components, and the state of the art, while highlighting that achieving both efficiency and robust privacy guarantees remains an open research challenge.