What is an anonymous credential system?
An anonymous credential a system consists of users and
organizations. Organizations know the users only by pseudonyms. Different
pseudonyms of the same user cannot be linked. Yet, an organization can issue
a credential to a pseudonym, and the corresponding user can prove possession
of this credential to another organization (who knows her by a different
pseudonym), without revealing anything more than the fact that she owns such a
credential.
In the above scenario, the organizations are the motorvehicle administration,
an insurance company, and a sports cars rental agency. Alice on the left wants
to rent a car. To do so, she needs to show the car rental agency her driver's
license and an insurance police. Conventionally, Alice would just send such
documents to the rental agency who would then check them for valitidy.
However, thereby Alice has to reveal the rental agency all kinds of unnecessary
information such as her name, her address, the details of her insurance
policy. Idemix allows Alice to convince the rental agency that she owns
a driver's license and an insurance policy without actually sending them and
thus the car rental agency does not get to know only the information
required but nothing more.
Apart from these privacy features, idemix offers the following ones:
- consistency of credentials: different users cannot pool their
credentials
- optional anonymity revocation: upon showing a credential, the
user and the verifier can agree on a trusted third party who will
later be able to revoke the user's anonymity
- encoding of attributes: the issuer can encode attributes into
a credential. When a user shows such an credential, the user
can choose which attributes she wants to reveal to the verifier.
- revocation of credential: idemix provides an efficient mechanisms
that allows the issuer to revoke credentials.
- one-show credentials: an issuer can issue two kinds of credentials,
those that can be shown an unlimited number of times and those that
can be used only one. The latter ones allow one for instance to
implement e-cash.
