BLACR: TTP-Free Blacklistable Anonymous Credentials with Reputation

Abstract

Anonymous authentication can give users the license to misbehave since there is no fear of retribution. As a deterrent or means to revocation, various schemes for accountable anonymity feature some kind of (possibly distributed) trusted third party (TTP) with the power to identify or link such misbehaving users. Recently, schemes such as BLAC, EPID, and PEREA showed how anonymous revocation can be achieved without such TTPs—anonymous users can be revoked if they misbehave, and yet nobody can identify or link such users cryptographically. Despite being the state of the art in anonymous revocation, BLAC, EPID, and PEREA allow only a basic form of revocation amounting to “revoke anybody on the blacklist†. Recently BLAC was extended to support d-strikes-out policies that revokes anybody who has d or more entries on the blacklist. In this paper we significantly advance this concept and make the first attempt to generalize reputation-based anonymous revocation through our proposed scheme called BLACR. We show how various negative or positive scores can be assigned to anonymous sessions across various categories of misbehavior resulting in users being blocked based on their reputation scores. We show how various relevant policies can be instantiated in BLACR and the workload for authenticating users is reasonable for web services.