On Tue, Apr 04, 2006 at 06:15:48AM +0100, Ben Laurie wrote: > > This illustrates a problem with multi-show credentials, that the holder > > could share his credential freely, and in some cases even publish it, > > and this would allow non-authorized parties to use it. To avoid this, > > more complicated techniques are needed that provide for the ability > > to revoke a credential or blacklist a credential holder, even in an > > environment of unlinkability. Camenisch and Lysyanskaya have done quite > > a bit of work along these lines, for example in > > http://www.zurich.ibm.com/%7Ejca/papers/camlys02b.pdf . > > So, for the record, has Brands. > > I agree that, in general, this is a problem with multi-show credentials > (though I have to say that using a completely different system to > illustrate it seems to me to be cheating somewhat). > > Brands actually has a neat solution to this where the credential is > unlinkable for n shows, but on the (n+1)th show reveals some secret > information (n is usually set to 1 but doesn't have to be).
I think they shows are linkable, but if you show more than allowed times, all of the attributes are leaked, including the credential secret key and potentially some identifying information like your credit card number, your address etc. The main use I think is to have 1-show, where if you show more than 1 time your identity is leaked -- for offline electronic cash with fraud tracing. But as you say the mechanism generalizes to multiple show. > This obviously gives a disincentive against sharing if the secret > information is well chosen (such as "here's where to go to arrest > the guy"). Well the other kind of disincentive was a credit card number. My suggestion was to use a large denomination ecash coin to have anonymous disincentives :) ie you get fined, but you are not identified. Adam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
