We analyse security of the scheme proposed in the paper “Accumulators and U-Prove Revocation” from the Financial Cryptography 2013 proceedings. Its authors propose an extension for the U-Prove, the credential system developed by Microsoft. This extension allows to revoke tokens (containers for credentials) using a new cryptographic accumulator scheme.We show that, under certain conditions, there exists a weakness that allows a user to pass the verification while using a revoked U-Prove token. It follows that the proposed solution fails to fulfil the primary goal of revocation schemes. Recently, a closely related system has been published by Microsoft Research in “U-Prove Designated-Verifier AccumulatorRevocation Extension, Draft 1 Revision”. Our attack does not work for this scheme, but the draft lacks formal justification and we cannot exclude problems of this kind.
CITATION STYLE
Hanzlik, L., Kluczniak, K., & Kutyłowski, M. (2014). Attack on u-prove revocation scheme from FC’13 - Passing verification by revoked users. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8437, pp. 283–290). Springer Verlag. https://doi.org/10.1007/978-3-662-45472-5_18
Mendeley helps you to discover research relevant for your work.