LAUSR

Authentication while maintaining anonymity when availing a service over the internet is a significant privacy challenge. Anonymous credentials (AC) address this by providing the user with a credential issued by a trusted entity that convinces the service provider ( $\mathcal {SP}$ ) that the user is authenticated but reveals no other information. The existing AC schemes assume a single trusted authority (certifier) that validates all the user attributes. In practice, however, a user may require different attributes to be attested by different certifiers. This means that the user has to get multiple credentials, increasing the burden on the $\mathcal {SP}$ who has to verify each one of them. Moreover, complete anonymity can be misused. We propose a decentralized threshold revocable anonymous credential (DTRAC) scheme over blockchains that supports – a) attestation of attributes by multiple certifiers, and b) anonymity revocation through a set of distributed openers, by integrating threshold opening to the state-of-the-art threshold anonymous credential issuance scheme, Coconut [35]. DTRAC generates a single credential on attributes that are attested by multiple certifiers, freeing the SP from the hassle of verifying multiple credentials. We analyze the security of DTRAC formally in the universal composability (UC) framework. We also implement a prototype on Ethereum using smart contracts and give a detailed analysis of its performance. We compare the verification time for credentials with attributes attested by multiple certifiers in both DTRAC and Coconut and see that in terms of execution time and gas consumption, DTRAC performs significantly better than Coconut. It also scales better, with the performance gain of DTRAC over Coconut increasing linearly with the number of certifiers.