How to securely delegate and revoke partial authorization credentials

Publication Type

Journal Article

Publication Date

3-2025

Abstract

An attribute-based credential (ABC) system allows a user, obtaining a credential on a set of attributes from an issuer, to anonymously prove a subset of attributes to a service provider. Nowadays, delegation is an important requirement of ABC, which allows a user to delegate his credentials to other users. However, traditional delegatable ABC systems only support delegating a credential with all attributes. In many scenarios, an appropriate delegation is a user can delegate his credential on parts of attributes to others. Another requirement is revocation of credentials in case of unexpected events. In this article, we propose a delegatable and revocable attribute-based credential, which simultaneously achieves: (1) a user can delegate a credential on parts of attributes to other entities (devices/users); (2) a user can efficiently revoke his credentials or those delegated by him; (3) a user can selectively disclose some attributes and also can prove that the non-disclosed attributes satisfy some relations. To achieve our delegatable and revocable attribute-based credential, we introduce a new primitive, called purgeable signature (PS). We formally define the security model of PS. We then give an efficient construction with a constant-size signature and present the security proofs of PS. Finally, the experimental results show the efficiency of our system.

Keywords

Attribute-based credentials, anonymous credentials, delegation, revocation

Discipline

Information Security

Research Areas

Information Systems and Management

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

22

Issue

2

First Page

979

Last Page

996

ISSN

1545-5971

Identifier

10.1109/TDSC.2024.3424520

Publisher

Institute of Electrical and Electronics Engineers

Additional URL

https://doi.org/10.1109/TDSC.2024.3424520

This document is currently not available here.

Share

COinS