Blacklistable anonymous credentials: Blocking misbehaving users without ttps

Patrick P. Tsang, Man Ho Allen Au, Apu Kapadia, Sean W. Smith

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

89 Citations (Scopus)


Several credential systems have been proposed in which users can authenticate to services anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a complaint to a trusted third party (TTP). The ability of the TTP to revoke a user's privacy at any time, however, is too strong a punishment for misbehavior. To limit the scope of deanonymization, systems such as "e-cash" have been proposed in which users are deanonymized under only certain types of well-defined misbehavior such as "double spending." While useful in some applications, it is not possible to generalize such techniques to more subjective definitions of misbehavior. We present the first anonymous credential system in which services can "blacklist" misbehaving users without contacting a TTP. Since blacklisted users remain anonymous, misbehaviors can be judged subjectively without users fearing arbitrary deanonymization by a TTP.
Original languageEnglish
Title of host publicationCCS'07 - Proceedings of the 14th ACM Conference on Computer and Communications Security
Number of pages10
Publication statusPublished - 1 Dec 2007
Externally publishedYes
Event14th ACM Conference on Computer and Communications Security, CCS'07 - Alexandria, VA, United States
Duration: 29 Oct 20072 Nov 2007


Conference14th ACM Conference on Computer and Communications Security, CCS'07
Country/TerritoryUnited States
CityAlexandria, VA


  • Anonymous authentication
  • Anonymous blacklisting
  • Privacy
  • Revocation
  • User misbehavior

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this