How to win the clonewars: efficient periodic n-times anonymous authentication. Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., & Meyerovich, M. 2006.
How to win the clonewars: efficient periodic n-times anonymous authentication [link]Paper  doi  abstract   bibtex   
We create a credential system that lets a user anonymously authenticate at most $n$ times in a single time period. A user withdraws a dispenser of n e-tokens. She shows an e-token to a verifier to authenticate herself; each e-token can be used only once, however, the dispenser automatically refreshes every time period. The only prior solution to this problem, due to Damg ̊ard et al. [29], uses protocols that are a factor of k slower for the user and verifier, where k is the security parameter. Damg ̊ard et al. also only support one authentication per time period, while we support n. Because our construction is based on e-cash, we can use existing techniques to identify a cheating user, trace all of her e-tokens, and revoke her dispensers. We also offer a new anonymity service: glitch protection for basically honest users who (occasionally) reuse e-tokens. The verifier can always recognize a reused e-token; however, we preserve the anonymity of users who do not reuse e-tokens too often.
@conference {clonewars,
	title = {How to win the clonewars: efficient periodic n-times anonymous authentication},
	booktitle = {Proceedings of the 13th ACM conference on Computer and communications security (CCS 2006)},
	year = {2006},
	pages = {201{\textendash}210},
	publisher = {ACM Press},
	organization = {ACM Press},
	address = {New York, NY, USA},
	abstract = {We create a credential system that lets a user anonymously authenticate at most $n$ times in a single time period. A user withdraws a dispenser of n e-tokens. She shows an e-token to a verifier to authenticate herself; each e-token can be used only once, however, the dispenser automatically refreshes every time period. The only prior solution to this problem, due to Damg{\r a}rd et al. [29], uses protocols that are a factor of k slower for the user and verifier, where k is the security parameter. Damg{\r a}rd et al. also only support one authentication per time period, while we support n. Because our construction is based on e-cash, we can use existing techniques to identify a cheating user, trace all of her e-tokens, and revoke her dispensers. We also offer a new anonymity service: glitch protection for basically honest users who (occasionally) reuse e-tokens. The verifier can always recognize a reused e-token; however, we preserve the anonymity of users who do not reuse e-tokens too often.
},
	keywords = {clone detection, credentials, n-anonymous authentication},
	isbn = {1-59593-518-5},
	doi = {10.1145/1180405.1180431},
	url = {http://portal.acm.org/citation.cfm?id=1180431},
	author = {Jan Camenisch and Susan Hohenberger and Markulf Kohlweiss and Anna Lysyanskaya and Mira Meyerovich}
}
Downloads: 0