An anonymous credential system allows a user to prove that he/she is authorized without revealing his/her identity, and, further, to obtain additional credentials without revealing additional information. In a traditional anonymous credential system, when demonstrating possession of a credential, it is necessary to reveal its issuer. This can be a problem: putting together the information about where the user lives (based on who issued, say, his/her driver's license) together with who his/her employer is (based on who authorized him/her to, say, park in a particular garage) together with his/her age (which might be revealed in the context of a particular transaction) may lead to the identification of this particular user, even though he/she is using anonymous credentials!
A delegatable anonymous credential system eliminates this problem. It allows users to delegate their anonymous credentials; for example, a company employee can use his/her employee credential to issue a guest pass to a company visitor, who can in turn issue a credential to a taxi service that comes to pick him/her up; the various participants (the employee, his/her guest, and his/her driver) need not reveal any persistent identifiers - or in fact anything - about themselves.
This project aims to demonstrate the following thesis: Everything that can be done with non-anonymous credentials can also be done with delegatable anonymous credentials. That includes useful additional features such as credential attributes (such as expiration dates), attribute and identity escrow, conditional anonymity (so that violating terms of service leads to identification) and revocation of credentials.
|