Aisha Tu, Wuhan University; Meng Jia, The Hong Kong Polytechnic University; Kun He, Jing Chen, and Ruiying Du, Wuhan University
Anonymous tokens with private metadata bit convey hidden signals to verifiers when presented by the user and are under discussion in standardization. Existing solutions only allow the token issuer to read the signals, which places a heavy burden on the issuer and makes it challenging to support issuer-hiding because verifiers have to contact the issuer. In this paper, we propose an anonymous token scheme with designated-reader metadata bit, allowing the user to specify an issuer-accepted verifier to read the signal from the token directly. We also extend our scheme to support reader-hiding, which conceals the user's intended verifier from the issuer and other verifiers, and issuer-hiding, which prevents exposure of the token issuer from verifiers. We prove the security of our constructions and report their performance.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
