Nomen Nescio wrote:
It looks like Camenisch & Lysyanskaya are patenting their credential system. This is from the online patent applications database:
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=/ne tahtml/PTO/search-bool.html&r=1&f=G&l=50&co1=AND&d=PG01&s1=camenisch&OS=came nisch&RS=camenisch
Jan Camenisch works for IBM, it's no surprise that the scheme is being patented. The scheme is not very efficient compared to Brands', but I would guess implementable if you don't mind doing allot of computation. It is based on zero-knowledge proofs. The basic idea of using zero-knowledge proofs to create an unlikable anonymous credentials system is actually pretty intuitive and simple, and people have taught about it before Camenisch & Lysyanskay have. You can probably think about it yourself and come up with a similar scheme (not necessarily provably secure however) The novelty in my point of view is simply the choice of the setting in which they work in (group of quadratic residues modulo a composite), so that their scheme can apparently be proven secure under the strong RSA assumptions and the decisional DH assumption. Camenischs work on group signatures and "Proving in zero-knowledge that a number n is the product of two safe primes" seem to have lead to the result. --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com