Efficient Implementations of Attribute-based Credentials on Smart Cards

Pim Vullers

Promotor: prof.dr. B.P.F. Jacobs (RU)
Radboud Universiteit Nijmegen
Date: 28 November 2014, 10:30


In a world where computers are involved in most aspects of our lives, it becomes more and more important to digitally identify entities. Many existing systems use unique identifiers to achieve this goal, which is a simple solution, but also easily allows for privacy infringements. A more privacy-preserving alternative is to use attribute-based credentials as a basis for authentication and authorization. Such credentials serve as a (certified) cryptographic container for attributes, that is, properties of the user. With these attributes the user can be authenticated solely on the properties that are relevant to access a resource or receive a service.

In this thesis we describe the three attribute-based credential technologies for which we have developed efficient smart card implementations. These technologies are:

  • Self-blindable credentials, by Verheul, which are based on elliptic curve cryptography with bilinear pairings. In this technology the computational burden is shifted to the terminal which makes a very compact smart card implementation possible. Unfortunately the elliptic curve support on smart cards is limited to standard algorithms which made it hard to develop other variants of this technology, which results in a few features compared to the other technologies.
  • U-Prove, by Brands and Microsoft, is based on Schnorr’s blind signature scheme for credential issuance and zero-knowledge proofs for attribute verification. This technology offers the fastest implementation, but has one important drawback: it does not provide multi-show unlinkability, which means that multiple attribute verifications using the same credential can be linked to each other.
  • Identity Mixer, by IBM, is based on the Camenisch-Lysyanskaya signature scheme which provides a blind signature protocol for credential issuance and zero-knowledge proofs for attribute verification. While it’s performance is less that U-Prove, due to the cryptographic primitives involved, it does offer multi-show unlinkability which makes it possible to use a credential multiple times without becoming traceable.

The goal of the research presented in this thesis has been to

develop efficient smart card implementations of attribute-based credentials


compare various cryptographic systems for attribute-based credentials.

This has resulted in a detailed description and discussion of the technologies listed above and the efficient smart card implementations for each of these technologies.

Furthermore, the successful development of these implementations laid the foundation for the IRMA project. This is an on-going research and development project focusing on attribute-based credentials and their use in practice. For more information concerning the IRMA project, please visit https://www.irmacard.org/.