Investigating anonymity in group based anonymous authentication

Abstract

In this paper we discuss anonymity in context of group based anonymous authentication (GBAA). Methods for GBAA provide mechanisms such that a user is able to prove membership in a group Uʹ ⊆ U of authorized users U to a verifier, whereas the verifier does not obtain any information on the actual identity of the authenticating user. They can be used in addition to anonymous communication channels in order to enhance user’s privacy if access to services is limited to authorized users, e.g. subscription-based services. We especially focus on attacks against the anonymity of authenticating users which can be mounted by an external adversary or a passive verifier when GBAA is treated as a black box. In particular, we investigate what an adversary can learn by solely observing anonymity sets Uʹ used for GBAA and how users can choose their anonymity sets in case of Uʹ ⊂ U. Based on the information which can be obtained by adversaries we show that the probability of user identification can be improved.