Anonymous Access System with Limited Number of Uses in a Trustless Environment
Abstract
:1. Introduction
2. Literature Review
3. Background
- sends the scope S and their public key to .
- computes the verifiable attribute as follows:
- sends the computed .
- computes their :
- chooses as a factor to blind the values needed to obtain the anonymous credentials and computes :
- also computes a NI-Schnorr ZKP by choosing and obtaining:
- sends the identifier , the anonymous credentials , , , , , and the NI-Schnorr ZKP proof of the private key ().
- verifies that is the blinded value of by computing:
- also verifies the correction of the credentials:
- continues to verify the correction of by computing:
- Finally, verifies that possesses the private key that checks the correctness of the NI-Schnorr ZKP as follows:
4. The Proposal
4.1. General Overview
- 0.
- First and only once, deploys the Smart Contract initialised with the public key of a trusted .
- 1.
- begins the protocol by requesting for a credential for a given scope S.
- 2.
- After user identity and attribute verification, provides with a credential. This credential is valid only for the requested scope S.
- 3.
- stores the credential and computes the cryptography data and proofs required to continue with the protocol.
- 4.
- presents the credentials, proof of possession of the private key, and knowledge of the maximum value of the counter to obtain an access counter from .
- 5.
- calls the Smart Contract that verifies the credentials and the ZKPs, and all of them are valid, it stores a counter on the chain, identified by the hash of credentials, with a starting value of 0, the maximum value n, and the blinded public key of . If verification fails, the protocol is aborted.
- 6.
- provides or refuses the counter.
- 7.
- To use the counter, presents their unique ID and proof of possession of the private key and knowledge of the next value.
- 8.
- calls the Smart Contract that retrieves the actual value, the maximum value, and the blinded public key of . Then, it checks the proof of possession of the private key and the knowledge of the next value. The Smart Contract also checks that the number of iterations is less than the maximum allowed counter value. If the verification holds, it provides the service; otherwise, the service is refused.
- 9.
- provides or refuses the service.
4.2. Protocol Design Rationale
4.3. Credential Issuance Protocol
- sends the scope S and their public key to .
- computes the verifiable attribute as follows:
- stores the computed received from and computes and stores :
4.4. Access Counter Creation Protocol
- currently has , , , , n, and
- chooses as a factor to blind the values needed to obtain the anonymous credentials.
- computes:
- also computes a NI-Schnorr ZKP by choosing and doing:
- sends the identifier , the anonymous credentials , , , , , n, and the NI-Schnorr ZKP proof of the private key () by calling the Create function of who, in turn, calls a Smart Contract with these values.
- The Smart Contract verifies that is the blinded value of by computing:
- The Smart Contract also verifies that the credentials are valid:
- The Smart Contract verifies that is also valid by computing:
- The Smart Contract verifies that possesses the private key checking the correctness of the NI-Schnorr ZKP as follows:
- Finally, the Smart Contract persists on an array indexed by an object containing n, the maximum number of usages, the counter of usages (initialised to 0), and , the blinded public key of the user.
4.5. Access Counter Usage Protocol
- currently has the secret key, , and the .
- Using , , and , computes a NI-Schnorr ZKP by doing:
- sends and to , by calling the Consume service, and calls a Smart Contract with these values.
- The Smart Contract retrieves the object indexed by H() from storage. If it does not exist, it reverts the execution. Otherwise, it checks:
4.6. Pseudo-Code
storage bytes pkAP struct record { integer max_value integer current_value bytes blinded_public_key_user } storage records array of record constructor counter (params) { pkAP = params.pkAP } function Create(params) { assert(not exist records[hash(params.idu)]) assert(TEST13(params)) assert(TEST14(params)) assert(TEST15(params)) assert(TEST16(params)) create record r with: max_value = params.max_value current_value = 0 blinded_public_key_user = params.blinded_public_ ey_user store records[hash(params.idu)] = r } function Consume(params) { assert(exist records[hash(params.idu)]) r = records[hash(params.idu)] assert(TEST18(params, r.blinded_public_key_user)) assert(r.current_value < r.max_value) r.current_value++ store records[hash(params.idu)] = r } } |
Listing 1. Smart Contract pseudo-code. |
5. Security Analysis
5.1. Design Decisions
- The use of an arbitrary where a malicious tries to forge a counter without the authentication creation phase.
- A misbehaviour of in the counter creation phase that attempts to create a counter with an incorrect maximum usage value.
- A replay attack performed by .
- A misbehaviour of trying to forge an invalid .
5.2. Use of Arbitrary without Creation
5.3. A Misbehaviour of in the Counter Creation Phase
5.4. A Replay Attack
5.5. A Misbehaviour of
6. Use Case in Detail
- generates their keys and that could always be the same or that could be changed every month. This does not affect the protocol.
- In January, obtains (using Formula (1)) the unique identifier for the scope S equal to “U0123”.
- refers then to and identifies themselves, proving that in the previous month, it had income below the minimum wage, and obtains the for the scope "U0123" that entitles them to thirty underground trips in January. obtains using Formula (2), binding the attribute to .
- The attribute is known by that can associate it with a user to control whether it has already been given to them or not.
- Before usage, blinds and performs the calculations in Formula (2) to obtain the anonymous credentials from the scope “M0103” which entitles them to thirty underground trips during January 2023. These anonymous credentials are: , , , , and .
- To begin using trips, should obtain a counter. To do so, presents its anonymous credentials calculated in the previous step, , and the proof of possession of their own private key. This proof is and is calculated using Formula (8) with i equal to the number of trips, that is, . This proof can be checked with Formula (9) given the anonymous credentials and . These checks are implemented in the Create method of the Smart Contract.
- With this data, calls the Create function of the Smart Contract to create a counter valid for thirty accesses, no more, no less.
- Only can use this counter, using each time, where i is the number of uses stored in the Smart Contract, along with and their public key. If keeps this s secret, only they can consume the ticket each time. This prevents anyone who does not know the private key from incrementing the counter.
- Once the ticket has been created, must calculate the that corresponds to the current value of the counter and send it to along with its to be able to use it. Checks of these values are implemented in the Consume method of the Smart Contract, and the counter should be less than or equal to the maximum number.
- When receives a request to consume a counter, it only needs to call the Consume method of the Smart Contract with the parameters of the request. If the execution is successful, it grants access to the underground service; otherwise, it should deny access to the service and revert the transaction. The problem could be:
- being incorrect
- an attempted fraud
- the ticket is sold out
7. Conclusions and Future Work
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Vagle, J.L.; Bellovin, S.; Douglas, E.; Gandlur, S.; Hogan, K.; Listokin, S.; Ormerod, P.; Richards, N.; Seeman, J.; Tessono, C.; et al. Privacy’s Commodification and the Limits of Antitrust. Ark. Law Rev. 2024, 77, 51. [Google Scholar]
- Camenisch, J.; Camenisch, J.; Around, C.; Camenisch, J.; Marit, P. Preserving Attribute-Based Credentials. Concepts Around Privacy-Preserving Attribute-Based Credentials to Cite This Version: HAL Id: hal-01276046 Concepts around Privacy-Preserving Attribute-Based Credentials. 2016. Available online: https://hal.science/hal-01276046 (accessed on 1 July 2024).
- Camenisch, J.; Dubovitskaya, M.; Enderlein, R.R.; Lehmann, A.; Neven, G.; Paquin, C.; Preiss, F.S. Concepts and languages for privacy-preserving attribute-based authentication. In Proceedings of the 3rd IFIP WG 11.6 Working Conference of the Policies and Research in Identity Management (IDMAN 2013), London, UK, 8–9 April 2013. [Google Scholar] [CrossRef]
- Garcia-Grau, F.; Herrera-Joancomartí, J.; Dorca Josa, A. Attribute Based Pseudonyms: Anonymous and Linkable Scoped Credentials. Mathematics 2022, 10, 2548. [Google Scholar] [CrossRef]
- Wood, G. Ethereum: A Secure Decentralised Generalised Transaction Ledger. Ethereum Proj. Yellow Pap. 2014, 151, 1–32. [Google Scholar]
- Camenisch, J.; Lysyanskaya, A. An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In Proceedings of the Advances in Cryptology (EUROCRYPT 2001), Innsbruck, Austria, 6–10 May 2001; Pfitzmann, B., Ed.; Springer: Berlin/Heidelberg, Germany, 2001; pp. 93–118. [Google Scholar]
- Bogatov, D.; Caro, A.D.; Elkhiyaoui, K.; Tackmann, B. Anonymous Transactions with Revocation and Auditing in Hyperledger Fabric; Cryptology ePrint Archive, Report 2019/1097. 2019. Available online: https://eprint.iacr.org/2019/1097 (accessed on 1 July 2024).
- Verheul, E.R. Self-Blindable Credential Certificates from the Weil Pairing. In Proceedings of the Advances in Cryptology (EUROCRYPT 2001), Innsbruck, Austria, 6–10 May 2001; Boyd, C., Ed.; Springer: Berlin/Heidelberg, Germany, 2001; pp. 533–551. [Google Scholar]
- Zhang, F.; Safavi-Naini, R.; Susilo, W. An Efficient Signature Scheme from Bilinear Pairings and Its Applications. In Proceedings of the Public Key Cryptography (PKC 2004), Singapore, 1–4 March 2004; Bao, F., Deng, R., Zhou, J., Eds.; Springer: Berlin/Heidelberg, Germany, 2004; pp. 277–290. [Google Scholar]
- Buterin, V.; Reitwiessner, C. EIP-196: EIP-196: Precompiled Contracts for Addition and Scalar Multiplication on the Elliptic Curve alt_bn128. Ethereum Improvement Proposals, no. 196. February 2017. Available online: https://eips.ethereum.org/EIPS/eip-196 (accessed on 1 July 2024).
- Buterin, V.; Reitwiessner, C. EIP-197: Precompiled Contracts for Optimal ate Pairing Check on the Elliptic curve alt_bn128. Ethereum Improvement Proposals, no. 197. February 2017. Available online: https://eips.ethereum.org/EIPS/eip-197 (accessed on 1 July 2024).
- Granger, R.; Hess, F.; Oyono, R.; Thériault, N.; Vercauteren, F. Ate pairing on hyperelliptic curves. In Proceedings of the 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques—Advances in Cryptology (EUROCRYPT 2007), Barcelona, Spain, 20–24 May 2007; Proceedings 26. Springer: Cham, Switzerland, 2007; pp. 430–447. [Google Scholar]
- Li, X.; Niu, J.; Gao, J.; Han, Y. Secure electronic ticketing system based on consortium blockchain. KSII Trans. Internet Inf. Syst. (TIIS) 2019, 13, 5219–5243. [Google Scholar]
- Jie, T.H.; Alduais, N.A.M.; dan Teknologi Maklumat, F.S.K. Development of IoT-Based E-ticket Selling and Management System with QR code Scanner (Tickets.now). Appl. Inf. Technol. Comput. Sci. 2023, 4, 1907–1926. [Google Scholar]
- Verslype, K.; Decker, B.D.; Naessens, V.; Nigusse, G.; Lapon, J.; Verhaeghe, P. A privacy-preserving ticketing system. Lect. Notes Comput. Sci. 2008, 5094, 97–112. [Google Scholar] [CrossRef]
- Feulner, S.; Sedlmeir, J.; Schlatt, V.; Urbach, N. Exploring the use of self-sovereign identity for event ticketing systems. Electron. Mark. 2022, 32, 1759–1777. [Google Scholar] [CrossRef] [PubMed]
- Sedlmeir, J.; Smethurst, R.; Rieger, A.; Fridgen, G. Digital identities and verifiable credentials. Bus. Inf. Syst. Eng. 2021, 63, 603–613. [Google Scholar] [CrossRef]
- Preece, J.D.; Easton, J.M. Blockchain Technology as a Mechanism for Digital Railway Ticketing. IEEE 2019, 12, 3599–3606. [Google Scholar] [CrossRef]
- Borges, R.; Sebe, F. A Construction for Providing Reusability to Mobile Phone-Based e-Tickets. IEEE Access 2020, 8, 101386–101397. [Google Scholar] [CrossRef]
- Quercia, D.; Hailes, S. MOTET: Mobile Transactions using Electronic Tickets. In Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM’05), Athens, Greece, 5–9 September 2005; pp. 374–383. [Google Scholar] [CrossRef]
- Vives-Guasch, A.; Payeras-Capellà, M.M.; Mut-Puigserver, M.; Castella-Roca, J.; Ferrer-Gomila, J.L. A secure e-ticketing scheme for mobile devices with near field communication (NFC) that includes exculpability and reusability. IEICE Trans. Inf. Syst. 2012, 95, 78–93. [Google Scholar] [CrossRef]
- Heydt-Benjamin, T.S.; Chae, H.J.; Defend, B.; Fu, K. Privacy for public transportation. In Proceedings of the International Workshop on Privacy Enhancing Technologies, Cambridge, UK, 28–30 June 2006; Springer: Cham, Switzerland; pp. 1–19. [Google Scholar]
- Stockburger, L.; Kokosioulis, G.; Mukkamala, A.; Mukkamala, R.R.; Avital, M. Blockchain-enabled decentralized identity management: The case of self-sovereign identity in public transportation. Blockchain Res. Appl. 2021, 2, 100014. [Google Scholar] [CrossRef]
- Zhan, Y.; Yuan, F.; Shi, R.; Shi, G.; Dong, C. PriTKT: A Blockchain-Enhanced Privacy-Preserving Electronic Ticket System for IoT Devices. Sensors 2024, 24, 496. [Google Scholar] [CrossRef] [PubMed]
- Chien, J.; Ho, L.; Lin, C.Y. An Anonymous On-Street Parking Authentication Scheme via Zero-Knowledge Set Membership Proof. arXiv 2021, arXiv:2108.03629. [Google Scholar]
- Sung, H.M.; Chen, T.; Tseng, H.C.; Prayogo, B.; Lin, J.Y.; Hung, Y.P. akaTick: Hybrid Mobile E-Ticketing System Based on Non-Fungible Tokens. In Proceedings of the 2023 IEEE International Conference on Metaverse Computing, Networking and Applications (MetaCom), Kyoto, Japan, 26–28 June 2023; pp. 686–687. [Google Scholar] [CrossRef]
- Vlasov, A.; Olson, K.; Stokes, A.; Sanso, A. EIP-2537: Precompile for BLS12-381 Curve Operations [DRAFT]. Ethereum Improvement Proposals, no. 2537. February 2020. Available online: https://eips.ethereum.org/EIPS/eip-2537 (accessed on 1 July 2024).
- Menezes, A.; Sarkar, P.; Singh, S. Challenges with assessing the impact of NFS advances on the security of pairing-based cryptography. In Proceedings of the International Conference on Cryptolog, Kuala Lumpur, Malaysia, 1–2 December 2016; Springer: Cham, Switzerland, 2016; pp. 83–108. [Google Scholar]
Notation | Meaning |
---|---|
Attribute Provider | |
Service Provider | |
User identifier | |
User identifier for scope | |
User secret key | |
Fake User secret key | |
Attribute Provider secret key | |
Service Provider secret key | |
Signature of Attribute Provider | |
P | Generator of the cyclic group |
Blinded User secret key | |
Blinded signature | |
n | Maximum number of authentications |
Pairing function | |
User | |
Adversary | |
S | Scope (arbitrary string) |
Fake User identifier | |
User public key | |
Fake User public key | |
Attribute Provider public key | |
Service Provider public key | |
Hash of scope | |
b | Random blind factor |
Blinded User public key | |
Modified NI-Schnorr ZKP | |
i | Auth counter in [0, ⋯, n] |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Garcia-Grau, F.; Herrera-Joancomartí, J.; Dorca Josa, A. Anonymous Access System with Limited Number of Uses in a Trustless Environment. Appl. Sci. 2024, 14, 8581. https://doi.org/10.3390/app14198581
Garcia-Grau F, Herrera-Joancomartí J, Dorca Josa A. Anonymous Access System with Limited Number of Uses in a Trustless Environment. Applied Sciences. 2024; 14(19):8581. https://doi.org/10.3390/app14198581
Chicago/Turabian StyleGarcia-Grau, Francesc, Jordi Herrera-Joancomartí, and Aleix Dorca Josa. 2024. "Anonymous Access System with Limited Number of Uses in a Trustless Environment" Applied Sciences 14, no. 19: 8581. https://doi.org/10.3390/app14198581
APA StyleGarcia-Grau, F., Herrera-Joancomartí, J., & Dorca Josa, A. (2024). Anonymous Access System with Limited Number of Uses in a Trustless Environment. Applied Sciences, 14(19), 8581. https://doi.org/10.3390/app14198581