Privacy ABCs: Now Ready for Your Wallets!

The paper deals with privacy-enhanced electronic access control technologies, in particular cryptographic schemes that allow verification of users' personal attributes without their identification, so-called anonymous attribute-based credential schemes (ABCs). We present the last bit necessary for making ABCs practical for large-scale applications that are using smart cards as users' devices for storing credentials: a novel cryptographic scheme that combines fast credential verification protocols with efficient offline revocation protocols. Using proven building blocks, namely weak Boneh-Boyen (wBB) signatures, keyed-verification credentials and $k$ -times anonymous proofs, we construct a practical scheme for proving personal attributes anonymously, unlinkably, untraceably and, most importantly, with the verifier-local revocation (VLR) functionality that is running on standard existing smart cards. To prove the practicality of the design, we implemented all the proposed protocols using an off-the-shelf card, benchmarked the proving protocol, compared to existing solutions and put all the source codes on the GitHub as an open source. The cryptographic design and our implementation are efficient enough to be immediately used for the privacy enhancement of existing large-scale applications, such as electronic ID cards (e-IDs), public transportation cards, apps for citizen tracing during pandemic situations or secure authentication of IoT devices.