Digital credentials are the digital equivalent of paper-based credentials. Just as a paper-based credential could be a passport, a driver's license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket or a public transport ticket, a digital credential is a proof of qualification, competence, or clearance that is attached to a person. Also, digital credentials prove something about their owner. Both types of credentials may contain personal information such as the person's name, birthplace, birthdate, and/or biometric information such as a picture or a finger print.
Because of the still evolving, and sometimes conflicting, terminologies used in the fields of computer science, computer security, and cryptography, the term "digital credential" is used quite confusingly in these fields. Sometimes passwords or other means of authentication are referred to as credentials. In operating system design, credentials are the properties of a process (such as its effective UID) that is used for determining its access rights. On other occasions, certificates and associated key material such as those stored in PKCS#12 and PKCS#15 are referred to as credentials.
Digital badges are a form of digital credential that indicate an accomplishment, skill, quality or interest. Digital badges can be earned in a variety of learning environments. [1]
Money, in general, is not regarded as a form of qualification that is inherently linked to a specific individual, as the value of token money is perceived to reside independently. However, the emergence of digital assets, such as digital cash, has introduced a new set of challenges due to their susceptibility to replication. Consequently, digital cash protocols have been developed with additional measures to mitigate the issue of double spending, wherein a coin is used for multiple transactions.
Credentials, on the other hand, serve as tangible evidence of an individual's qualifications or attributes, acting as a validation of their capabilities. One notable example is the concept of E-Coins, which are exclusively assigned to individuals and are not transferable to others. These E-Coins can only be utilised in transactions with authorised merchants. Anonymity is maintained for individuals as long as they ensure that a coin is spent only once. However, if an individual attempts to spend the same coin multiple times, their identity can be established, enabling the bank or relevant authority to take appropriate actions. [2]
The shared characteristic of being tied to an individual forms the basis for the numerous similarities between digital cash and digital credentials. This commonality explains why these two concepts often exhibit overlapping features. In fact, it is worth noting that a significant majority of implementations of anonymous digital credentials also incorporate elements of digital cash systems. [2]
The concept of anonymous digital credentials centres around the provision of cryptographic tokens to users, enabling them to demonstrate specific statements about themselves and their associations with public and private organizations while maintaining anonymity. This approach is viewed as a privacy-conscious alternative to the storage and utilization of extensive centralized user records, which can be linked together. Anonymous digital credentials are thus related to privacy and anonymity. [3]
Analogous to the physical world, personalised or non-anonymous credentials include documents like passports, driving licenses, credit cards, health insurance cards, and club membership cards. These credentials bear the owner's name and possess certain validating features, such as signatures, PINs, or photographs, to prevent unauthorised usage. In contrast, anonymous credentials in the physical realm can be exemplified by forms of currency, bus and train tickets, and game-arcade tokens. These items lack personally identifiable information, allowing for their transfer between users without the issuers or relying parties being aware of such transactions. Organizations responsible for issuing credentials verify the authenticity of the information contained within them, which can be provided to verifying entities upon request. [4]
To explore the specific privacy-related characteristics of credentials, it is instructive to examine two types of credentials: physical money and credit cards. Both facilitate payment transactions effectively, although the extent and quality of information disclosed differ significantly. Money is safeguarded against counterfeiting through its physical properties. Furthermore, it reveals minimal information, with coins featuring an inherent value and year of minting, while banknotes incorporate a unique serial number to comply with traceability requirements for law enforcement purposes. [5]
In contrast, the usage of credit cards, despite sharing a fundamental purpose with money, allows for the generation of detailed records pertaining to the cardholder. Consequently, credit cards are not considered protective of privacy. The primary advantage of money, in terms of privacy, is that its users can preserve their anonymity. However, real-world cash also possesses additional security and usability features that contribute to its widespread acceptance. [6]
Credentials utilised within a national identification system are particularly relevant to privacy considerations. Such identification documents, including passports, driver's licenses, or other types of cards, typically contain essential personal information. In certain scenarios, it may be advantageous to selectively disclose only specific portions of the information contained within the identification document. For example, it might be desirable to reveal only the minimum age of an individual or the fact that they are qualified to drive a car. [7]
The original system of anonymous credentials, initially proposed by David Chaum [8] is sometimes referred to as a pseudonym system. [9] This nomenclature arises from the nature of the credentials within this system, which are acquired and presented to organizations under distinct pseudonyms that cannot be linked together.
The introduction of pseudonyms [8] is a useful extension to anonymity. Pseudonyms represent a valuable expansion of anonymity. They afford users the ability to adopt different names when interacting with each organization. While pseudonyms enable organizations to establish associations with user accounts, they are unable to ascertain the true identities of their customers. Nonetheless, through the utilisation of an anonymous credential, specific assertions concerning a user's relationship with one organization, under a pseudonym, can be verified by another organization that only recognizes the user under a different pseudonym.
Anonymous credential systems have a close connection to the concept of untraceable or anonymous payments. [10] David Chaum made significant contributions to this field by introducing blind signature protocols as a novel cryptographic primitive. In such protocols, the signer remains oblivious to the message being signed, while the recipient obtains a signature without any knowledge of the signed message. Blind signatures serve as a crucial building block for various privacy-sensitive applications, including anonymous payments, voting systems, and credentials. The original notion of an anonymous credential system [8] was derived from the concept of blind signatures but relied on a trusted party for the transfer of credentials, involving the translation from one pseudonym to another. Chaum's blind signature scheme, based on RSA signatures and the discrete logarithm problem, enabled the construction of anonymous credential systems.
Stefan Brands further advanced digital credentials by introducing secret-key certificate-based credentials, enhancing Chaum's basic blind-signature system in both the discrete logarithm and strong RSA assumption settings. Brands credentials offer efficient algorithms and unconditional commercial security in terms of privacy, [11] along with additional features like a proof of non-membership blacklist. [12]
Another form of credentials that adds a new feature to anonymous credentials is multi-show unlinkability, which is realized through group signature related credentials of Camenisch et al. The introduction of Group signatures possibilities for multi-show unlinkable showing protocols. WWhile blind signatures are highly relevant for electronic cash and single-show credentials, the cryptographic primitive known as group signature introduced new avenues for constructing privacy-enhancing protocols. [13] Group signatures share similarities with Chaum's concept of credential systems. [8]
In a group signature scheme, members of a group can sign a message using their respective secret keys. The resulting signature can be verified by anyone possessing the common public key, without revealing any information about the signer other than their group membership. Typically, a group manager entity exists, capable of disclosing the actual identity of the signer and managing the addition or removal of users from the group, often through the issuance or revocation of group membership certificates. The anonymity, unlinkability, and anonymity revocation features provided by group signatures make them suitable for various privacy-sensitive applications, such as voting, bidding, anonymous payments, and anonymous credentials.
Efficient constructions for group signatures were presented by Ateniese, Camenisch, Joye, and Tsudik [14] while the most efficient multi-show unlinkable anonymous credential systems [15] ]—with the latter being a streamlined version of idemix[ [16] ]—are based on similar principles. [17] This is particularly true for credential systems that provide efficient means for implementing anonymous multi-show credentials with credential revocation. [18]
Both schemes are based on techniques for doing proofs of knowledge. [19] [20] Proofs of knowledge based on the discrete logarithm problem for groups of known order and the special RSA problem for groups of hidden order form the foundation for most modern group signature and anonymous credential systems. [12] [14] [15] [21] Moreover, the direct anonymous attestation, a protocol for authenticating trusted platform modules, is also based on the same techniques.
Direct anonymous attestation can be considered the first commercial application of multi-show anonymous digital credentials, although in this case, the credentials are associated with chips and computer platforms rather than individuals.
From an application perspective, the main advantage of Camenisch et al.'s multi-show unlinkable credentials over the more efficient Brands credentials is the property of multi-show unlinkability. However, this property is primarily relevant in offline settings. Brands credentials offer a mechanism that provides analogous functionality without sacrificing performance: an efficient batch issuing protocol capable of simultaneously issuing multiple unlinkable credentials. This mechanism can be combined with a privacy-preserving certificate refresh process, which generates a fresh unlinkable credential with the same attributes as a previously spent credential.
Online credentials for learning are digital credentials that are offered in place of traditional paper credentials for a skill or educational achievement. Directly linked to the accelerated development of internet communication technologies, the development of digital badges, electronic passports and massive open online courses [22] (MOOCs) have a very direct bearing on our understanding of learning, recognition and levels as they pose a direct challenge to the status quo. It is useful to distinguish between three forms of online credentials: Test-based credentials, online badges, and online certificates. [23]
This article incorporates text from a free content work. Licensed under CC-BY-SA IGO 3.0( license statement/permission ). Text taken from Level-setting and recognition of learning outcomes: The use of level descriptors in the twenty-first century , 129-131, Keevey, James; Chakroun, Borhene, UNESCO. UNESCO.
A pseudonym or alias is a fictitious name that a person or group assumes for a particular purpose, which differs from their original or true name (orthonym). This also differs from a new name that entirely or legally replaces an individual's own. Many pseudonym holders use pseudonyms because they wish to remain anonymous, but anonymity is difficult to achieve and often fraught with legal issues.
Articles related to cryptography include:
David Lee Chaum is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertation "Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups" is the first known proposal for a blockchain protocol. Complete with the code to implement the protocol, Chaum's dissertation proposed all but one element of the blockchain later detailed in the Bitcoin whitepaper. He has been referred to as "the father of online anonymity", and "the godfather of cryptocurrency".
GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports and various basic peer-to-peer algorithms for routing, multicast and network size estimation.
Ecash was conceived by David Chaum as an anonymous cryptographic electronic money or electronic cash system in 1982. It was realized through his corporation Digicash and used as micropayment system at one US bank from 1995 to 1998.
ID-based encryption, or identity-based encryption (IBE), is an important primitive of ID-based cryptography. As such it is a type of public-key encryption in which the public key of a user is some unique information about the identity of the user. This means that a sender who has access to the public parameters of the system can encrypt a message using e.g. the text-value of the receiver's name or email address as a key. The receiver obtains its decryption key from a central authority, which needs to be trusted as it generates secret keys for every user.
In cryptography a blind signature, as introduced by David Chaum, is a form of digital signature in which the content of a message is disguised (blinded) before it is signed. The resulting blind signature can be publicly verified against the original, unblinded message in the manner of a regular digital signature. Blind signatures are typically employed in privacy-related protocols where the signer and message author are different parties. Examples include cryptographic election systems and digital cash schemes.
An undeniable signature is a digital signature scheme which allows the signer to be selective to whom they allow to verify signatures. The scheme adds explicit signature repudiation, preventing a signer later refusing to verify a signature by omission; a situation that would devalue the signature in the eyes of the verifier. It was invented by David Chaum and Hans van Antwerpen in 1989.
A group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group. The concept was first introduced by David Chaum and Eugene van Heyst in 1991. For example, a group signature scheme could be used by an employee of a large company where it is sufficient for a verifier to know a message was signed by an employee, but not which particular employee signed it. Another application is for keycard access to restricted areas where it is inappropriate to track individual employee's movements, but necessary to secure areas to only employees in the group.
In cryptography, a ring signature is a type of digital signature that can be performed by any member of a set of users that each have keys. Therefore, a message signed with a ring signature is endorsed by someone in a particular set of people. One of the security properties of a ring signature is that it should be computationally infeasible to determine which of the set's members' keys was used to produce the signature. Ring signatures are similar to group signatures but differ in two key ways: first, there is no way to revoke the anonymity of an individual signature; and second, any set of users can be used as a signing set without additional setup.
DigiCash Inc. was an electronic money corporation founded by David Chaum in 1989. DigiCash transactions were unique in that they were anonymous due to a number of cryptographic protocols developed by its founder. DigiCash declared bankruptcy in 1998 and subsequently sold its assets to eCash Technologies, another digital currency company, which was acquired by InfoSpace on Feb. 19, 2002.
Moni Naor is an Israeli computer scientist, currently a professor at the Weizmann Institute of Science. Naor received his Ph.D. in 1989 at the University of California, Berkeley. His advisor was Manuel Blum.
Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow online users to protect the privacy of their personally identifiable information (PII), which is often provided to and handled by services or applications. PETs use techniques to minimize an information system's possession of personal data without losing functionality. Generally speaking, PETs can be categorized as hard and soft privacy technologies.
In cryptography, the dining cryptographers problem studies how to perform a secure multi-party computation of the boolean-XOR function. David Chaum first proposed this problem in the early 1980s and used it as an illustrative example to show that it was possible to send anonymous messages with unconditional sender and recipient untraceability. Anonymous communication networks based on this problem are often referred to as DC-nets.
Direct Anonymous Attestation (DAA) is a cryptographic primitive which enables remote authentication of a trusted computer whilst preserving privacy of the platform's user. The protocol has been adopted by the Trusted Computing Group (TCG) in the latest version of its Trusted Platform Module (TPM) specification to address privacy concerns. ISO/IEC 20008 specifies DAA, as well, and Intel's Enhanced Privacy ID (EPID) 2.0 implementation for microprocessors is available for licensing RAND-Z along with an open source SDK.
In cryptography, the Fiat–Shamir heuristic is a technique for taking an interactive proof of knowledge and creating a digital signature based on it. This way, some fact can be publicly proven without revealing underlying information. The technique is due to Amos Fiat and Adi Shamir (1986). For the method to work, the original interactive proof must have the property of being public-coin, i.e. verifier's random coins are made public throughout the proof protocol.
Signatures with efficient protocols are a form of digital signature invented by Jan Camenisch and Anna Lysyanskaya in 2001. In addition to being secure digital signatures, they need to allow for the efficient implementation of two protocols:
In cryptography, an accumulator is a one way membership hash function. It allows users to certify that potential candidates are a member of a certain set without revealing the individual members of the set. This concept was formally introduced by Josh Benaloh and Michael de Mare in 1993.
Anna A. Lysyanskaya is an American cryptographer known for her research on digital signatures and anonymous digital credentials. She is a professor of computer science at Brown University.
Proof of personhood (PoP) is a means of resisting malicious attacks on peer to peer networks, particularly, attacks that utilize multiple fake identities, otherwise known as a Sybil attack. Decentralized online platforms are particularly vulnerable to such attacks by their very nature, as notionally democratic and responsive to large voting blocks. PoP is a resistance method for permissionless consensus, in which each unique human participant obtains one equal unit of voting power and associated rewards. In contrast with proof of work, proof of stake, and other approaches that confer voting power and rewards in a blockchain or cryptocurrency proportionately to a participant's investment in some activity or resource, proof of personhood aims to guarantee each unique human participant an equal amount of voting power and rewards, independent of economic investment.