AsCred: An anonymous credential system based on batch partial blind signature and polymath

Abstract

Anonymous credentials are a vital tool for privacy-preserving authentication. However, existing signature-based schemes suffer from two limitations: (1) An issuer can only generate a single signature for an entire attribute set during a credential issuance stage, which makes it inflexible for a user to append new attributes to an existing valid credential; (2) During a selective disclosure phase, a user must compute a commitment for attributes that do not need to be disclosed to prove the authenticity of a selective disclosed attribute, which leads to extra computational overhead. In this paper, a novel anonymous credential system based on batch partial blind signature and Polymath (a zk-SNARK) is proposed, and it is called AsCred. The core ideas of AsCred are that an issuer can batch-sign each attribute within an attribute set in one-round interaction with a user during a credential issuance stage, which enables a user to flexibly append new attributes to an existing valid credential. Moreover, a user can generate a proof using only the attributes that are required to be disclosed and their corresponding signatures, which avoids using unnecessary attributes to calculate a commitment, and the signature information is not revealed by leveraging Polymath. We analyze our novel solution in a scenario where only a single attribute needs to be disclosed. Experimental results demonstrate that proof generation, verification time, and proof size in blind BBS+ signature-based and blind CL-based signature schemes exhibit linear overhead growth with the attribute set size. However, AsCred maintains constant-level performance across all metrics. Specifically, in AsCred, a single proof generation and verification time are 9 ms and 3.9 ms respectively, and the proof size is 342 bytes.