We present a version of Camenisch-Lysyanskaya's anonymous credential system immune to attacks based on leakage of ephemeral values used during protocol execution. While preserving "provable security" of the original design, our scheme improves its security in a realistic scenario of an imperfect implementation on a cryptographic device.
展开▼