Skip directly to content

Minimize RSR Award Detail

Research Spending & Results

Award Detail

Doing Business As Name:Brown University
  • Anna A Lysyanskaya
  • (401) 863-7600
Award Date:08/01/2014
Estimated Total Award Amount: $ 499,980
Funds Obligated to Date: $ 499,980
  • FY 2014=$499,980
Start Date:10/01/2014
End Date:09/30/2017
Transaction Type:Grant
Awarding Agency Code:4900
Funding Agency Code:4900
CFDA Number:47.070
Primary Program Source:040100 NSF RESEARCH & RELATED ACTIVIT
Award Title or Description:TWC: Small: Empowering Anonymity
Federal Award ID Number:1422361
DUNS ID:001785542
Parent DUNS ID:001785542
Program:Secure &Trustworthy Cyberspace

Awardee Location

Street:BOX 1929
Awardee Cong. District:01

Primary Place of Performance

Organization Name:Brown University

Abstract at Time of Award

An anonymous credential system allows a user to prove that he/she is authorized without revealing his/her identity, and, further, to obtain additional credentials without revealing additional information. In a traditional anonymous credential system, when demonstrating possession of a credential, it is necessary to reveal its issuer. This can be a problem: putting together the information about where the user lives (based on who issued, say, his/her driver's license) together with who his/her employer is (based on who authorized him/her to, say, park in a particular garage) together with his/her age (which might be revealed in the context of a particular transaction) may lead to the identification of this particular user, even though he/she is using anonymous credentials! A delegatable anonymous credential system eliminates this problem. It allows users to delegate their anonymous credentials; for example, a company employee can use his/her employee credential to issue a guest pass to a company visitor, who can in turn issue a credential to a taxi service that comes to pick him/her up; the various participants (the employee, his/her guest, and his/her driver) need not reveal any persistent identifiers - or in fact anything - about themselves. This project aims to demonstrate the following thesis: Everything that can be done with non-anonymous credentials can also be done with delegatable anonymous credentials. That includes useful additional features such as credential attributes (such as expiration dates), attribute and identity escrow, conditional anonymity (so that violating terms of service leads to identification) and revocation of credentials.

Publications Produced as a Result of this Research

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Apoorvaa Deshpande, Venkata Koppula, Brent Waters "Constrained Pseudorandom Functions for Unconstrained Inputs" Eurocrypt, v., 2016, p.. doi:10.1007/978-3-662-49896-5_5 

Foteini Baldimtsi, Jan Camenisch, Maria Dubovitskaya, Anna Lysyanskaya, Leonid Reyzin, Kai Samelin, Sophia Yakoubov "Accumulators with Applications to Anonymity-Preserving Revocation" EURO S&P, v., 2017, p.301. doi:978-1-5090-5762-7 

Project Outcomes Report


This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

In everyday life, we often need to prove that we are authorized.  Online, that corresponds to demonstrating possession of digital credentials.  For example, in order to access an online library, a user, Alice, needs to prove that she is an authorized subscriber.  In an anonymous credential system, users can prove possession of such credentials without revealing any other information; they can also obtain credentials in a privacy-preserving fashion.  In a delegatable anonymous credential system, credentials can be anonymously delegated.  Delegatable credentials are a useful extension of anonymous credentials because the mere identity of the credential-granting organizations might already reveal a user's identity.  

Prior to this project, cryptpgraphic algorithms for delegatable anonymous credentials existed, but were not efficient enough to be more than a proof of concept.  Over the course of this project, we gave a simple and direct construction of delegatable anonymous credentials together with its security proof.  Of independent interest, we identified an interesting building block that makes our construction possible: namely, a mercurial signature scheme.  In such a signature scheme, a signature on a message, can be transformed into a signature on an equivalent (yet unlinkable) message under an equivalent (yet unlinkable) public key.  In essence, such a signature scheme allows one to transform one's certification chain into an equivalent (yet unlinkable) chain.

We have also made contributions to the study of revocation of anonymous credentials, and anonymous channels.

The intellectual merit of this work is in discovering the new construction of delegatable anonymous credentials, and placing their study on firmer definitional foundations.

The broader impacts is three-fold: (1) the study of privacy by design rather than as an after-thought; this is increasingly relevant in view of international privacy law developments such as the GDPR; (2) curriculum development aimed at executives and managers, ecompassing cryptographic algorithmssuch as anonymous credentials; (3) by supporting women Ph.D. students, this project contributed to correcting gender imbalance in Computer Science.

Last Modified: 06/11/2018
Modified by: Anna A Lysyanskaya

For specific questions or comments about this information including the NSF Project Outcomes Report, contact us.