Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
Citations
1,562 citations
924 citations
622 citations
Cites background from "Dynamic Accumulators and Applicatio..."
...Revocation is critical to the security of such systems....
[...]
...To maintain user privacy it is desirable that the signatures not reveal the identity of the chip that issued them....
[...]
510 citations
Cites methods from "Dynamic Accumulators and Applicatio..."
...To hide the social graph construction by the server, apps from the centralised and hybrid categories have introduced additional measures (such as random, independent uploads of contact identifiers/EphIDs, maintaining separate upload and query identifiers, using zero knowledge proofs [37] to store anonymized social graph at the server [38] etc....
[...]
References
1,523 citations
1,373 citations
1,228 citations
1,141 citations
881 citations
"Dynamic Accumulators and Applicatio..." refers background or methods in this paper
...We use notation introduced by Camenisch and Stadler [ 13 ] for the various zero-knowledge proofs of knowledge of discrete logarithms and proofs of the validity of statements about discrete logarithms....
[...]
...This drawback is overcome by schemes where the size of the group’s public key as well as the complexity of proving and verifying membership is independent of the number of members [ 13 ,21,12,1]....
[...]
...However, it is not hard to see how to add revocation for other schemes and systems that use some form of anonymous credentials (e.g., [5,11,12,10, 13 ,21,23])....
[...]