DkvSSO: Delegatable keyed-verification credentials for efficient anonymous single sign-on
Publication Type
Journal Article
Publication Date
4-2025
Abstract
Anonymous single sign-on (ASSO) is an anonymous multi-service authentication method for end users. However, existing ASSO schemes suffer from heavy ticket requesting and verifying overheads, limiting their applications in large-scale settings. To address this problem, we propose a novel concept called keyed-verification anonymous credentials with disposable delegation (KVAC-DD) in the multi-verifier setting. Next, we extend KVAC-DD to build an efficient ASSO system, dubbed DkvSSO. The construction of DkvSSO can be instantiated in efficient prime-order groups, avoiding costly operations required in previous ASSO systems. We formally prove the security of our proposed constructions. Extensive experiments show that DkvSSO is significantly more efficient than existing ASSO schemes, making it suitable to be deployed in large-scale settings.
Keywords
Single sign-on, efficient multi-verifier authentication, keyed-verification credential, anonymous token, zero-knowledge proof
Discipline
Information Security
Research Areas
Information Systems and Management
Publication
IEEE Transactions on Information Forensics and Security
Volume
20
Issue
1
First Page
4196
Last Page
4211
ISSN
1556-6013
Identifier
10.1109/TIFS.2025.3555196
Publisher
Institute of Electrical and Electronics Engineers
Citation
XUE, Wenyi; YANG, Yang; HUANG, Minming; LI, Yingjiu; PANG, Hwee Hwa; and DENG, Robert H..
DkvSSO: Delegatable keyed-verification credentials for efficient anonymous single sign-on. (2025). IEEE Transactions on Information Forensics and Security. 20, (1), 4196-4211.
Available at: https://ink.library.smu.edu.sg/sis_research/10449
Additional URL
https://doi.org/10.1109/TIFS.2025.3555196