For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
On Unlinkability of Password-Based Anonymous Authentication
SeongHan SHIN Kazukuni KOBARA
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Publication Date: 2015/06/01
Online ISSN: 1745-1337
Type of Manuscript: LETTER
Category: Cryptography and Information Security
password, authentication, anonymity, ISO/IEC 20009-4, unlinkability,
Full Text: PDF(95KB)
>>Buy this Article
Password-based anonymous authentication schemes provide not only password-based authentication but also user anonymity. In , Yang et al., proposed a password-based anonymous authentication scheme (we call it YZWB10 scheme) using the password-protected credentials. This scheme has being standardized in ISO/IEC 20009-4 that was approved to proceed to the CD stage in the 49th ISO/IEC JTC 1/SC 27 Mexico meeting. In this paper, we analyze unlinkability of the YZWB10 scheme . In particular, we show that a (malicious) server in the YZWB10 scheme can specify which user actually sent the login request to the server. Unlike Yang et al.,'s claim, the YZWB10 scheme  does not provide unlinkability against server.