On Unlinkability of Password-Based Anonymous Authentication

SeongHan SHIN  Kazukuni KOBARA  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E98-A   No.6   pp.1320-1324
Publication Date: 2015/06/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E98.A.1320
Type of Manuscript: LETTER
Category: Cryptography and Information Security
password,  authentication,  anonymity,  ISO/IEC 20009-4,  unlinkability,  

Full Text: PDF>>
Buy this Article

Password-based anonymous authentication schemes provide not only password-based authentication but also user anonymity. In [15], Yang et al., proposed a password-based anonymous authentication scheme (we call it YZWB10 scheme) using the password-protected credentials. This scheme has being standardized in ISO/IEC 20009-4 that was approved to proceed to the CD stage in the 49th ISO/IEC JTC 1/SC 27 Mexico meeting. In this paper, we analyze unlinkability of the YZWB10 scheme [15]. In particular, we show that a (malicious) server in the YZWB10 scheme can specify which user actually sent the login request to the server. Unlike Yang et al.,'s claim, the YZWB10 scheme [15] does not provide unlinkability against server.