Authentication Without Identification using Anonymous Credential System (0908.0979v1)

Abstract: Privacy and security are often intertwined. For example, identity theft is rampant because we have become accustomed to authentication by identification. To obtain some service, we provide enough information about our identity for an unscrupulous person to steal it (for example, we give our credit card number to Amazon.com). One of the consequences is that many people avoid e-commerce entirely due to privacy and security concerns. The solution is to perform authentication without identification. In fact, all on-line actions should be as anonymous as possible, for this is the only way to guarantee security for the overall system. A credential system is a system in which users can obtain credentials from organizations and demonstrate possession of these credentials. Such a system is anonymous when transactions carried out by the same user cannot be linked. An anonymous credential system is of significant practical relevance because it is the best means of providing privacy for users.