Threshold Delegatable Anonymous Credentials With Controlled and Fine-Grained Delegation

Anonymous credential systems allow users to obtain a credential on multiple attributes from an organization and then present it to verifiers in a way that no information beyond what attributes are required to be shown is revealed. Moreover, multiple uses of the credential cannot be linked. Thus they represent an attractive tool to realize fine-grained privacy-friendly authentication and access control. In order to avoid a single point of trust and failure, decentralized AC systems have been proposed. They eliminate the need for a trusted credential issuer, e.g., by relying on a set of credential issuers that issue credentials in a threshold manner (e.g., <inline-formula><tex-math notation="LaTeX">$t$</tex-math><alternatives><mml:math><mml:mi>t</mml:mi></mml:math><inline-graphic xlink:href="slamanig-ieq1-3303834.gif"/></alternatives></inline-formula> out of <inline-formula><tex-math notation="LaTeX">$n$</tex-math><alternatives><mml:math><mml:mi>n</mml:mi></mml:math><inline-graphic xlink:href="slamanig-ieq2-3303834.gif"/></alternatives></inline-formula>f). In this article, we present a novel AC system with such a threshold issuance that additionally provides credential delegation. It represents the first decentralized and delegatable AC system. We provide a rigorous formal framework for such threshold delegatable anonymous credentials (<inline-formula><tex-math notation="LaTeX">$\mathsf {TDAC}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">TDAC</mml:mi></mml:math><inline-graphic xlink:href="slamanig-ieq3-3303834.gif"/></alternatives></inline-formula>’s). Our concrete approach departs from previous delegatable ACs and is inspired by the concept of functional credentials. More precisely, we propose a threshold delegatable subset predicate encryption (<inline-formula><tex-math notation="LaTeX">$\mathsf {TDSPE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">TDSPE</mml:mi></mml:math><inline-graphic xlink:href="slamanig-ieq4-3303834.gif"/></alternatives></inline-formula>) scheme and use <inline-formula><tex-math notation="LaTeX">$\mathsf {TDSPE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">TDSPE</mml:mi></mml:math><inline-graphic xlink:href="slamanig-ieq5-3303834.gif"/></alternatives></inline-formula> to construct a <inline-formula><tex-math notation="LaTeX">$\mathsf {TDAC}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">TDAC</mml:mi></mml:math><inline-graphic xlink:href="slamanig-ieq6-3303834.gif"/></alternatives></inline-formula> scheme and present a comparison with previous work and performance benchmarks based on a prototype implementation.