"The problem is that the closer a company comes to the limit of its technology, the more it costs to make even small improvements. At this point, the returns on R&D begin to vanish, even as the company's current profits might be at an all-time high."
Foster
1986
Innovation: The Attacker's Advantage
🤷🏼♂️
It may require circular arguments to defend the genetic logical fallacy but "super intelligence" still isn't smart enough to avoid the trap.
We’ve been building an Anonymous Credentials system to strengthen trust in OONI data 💪
Today we’re sharing details of the system 👇
ooni.org/post/2025-announcing-oon...
Feedback welcome, especially from cryptographers & implementers 🙌
We are also very excited that Stefano Tessaro @stefanotessaro.bsky.social accepted to give an invited keynote on «anonymous credentials» at the PrivCrypt workshop: homes.cs.washington.edu/~tessaro/
Abstract. Digital identity systems require mechanisms for verifiable, privacy-preserving presentations of user attestations. The trivial approach of utilizing selective disclosure by presenting individually signed attestations introduces persistent linkability that compromises user anonymity. Existing anonymous credential systems come with practical drawbacks. Some depend on trusted setups, others require substantial modifications to an issuer’s established issuance flow. We propose an open, transparent, and lightweight anonymous credential design that addresses these limitations with the use of zero-knowledge proofs. Our construction is modular, requires no trusted setup and integrates with existing workflows without the need for substantial changes to existing cryptographic mechanisms, procedure overhauls, or hardware devices. It delivers unlinkability while maintaining broad applicability across heterogeneous digital-identity ecosystems and current verifiable credential standards. To demonstrate practicality, we provide a proof-of-concept implementation and benchmarks on mobile devices. Our results show best-in-class proving times, with a focus on efficient client-side proving, an essential requirement for usability in digital identity wallets. OpenAC was purposely constructed to be compatible with the European Digital Identity Architecture and Reference Framework (EUDI ARF). In the appendix, we map EUDI ARF’s functional, privacy, and interoperability requirements, illustrating how OpenAC satisfies regulatory constraints while preserving strong user privacy.
Image showing part 2 of abstract.
OpenAC: Open Design for Transparent and Lightweight Anonymous Credentials (Liam Eagen, Hy Ngo, Vikas Rushi, Ying Tong, Moven Tsai, Janabel Xia) ia.cr/2026/251
Abstract. Anonymous Credentials (or ACs) enable users to prove claims with strong privacy guarantees, protecting credential holders from being tracked by issuers and verifiers. However, these privacy guarantees imply that a credential holder cannot be held accountable for misuse (e.g., selling credential checks online for proving 𝑎𝑔𝑒 > 18). The lack of accountability may raise questions about the adoption of ACs into national iden- tity systems (e.g., European EUDI or Swiss e-ID), which might lead to the issuing authorities resorting to credential systems with weaker privacy guarantees (e.g., batch issuance of one-show credentials). This shows that the lack of account- ability can adversely impact the levels of privacy enjoyed by users. Hence, in this paper, we discuss transferability attacks on ACs and introduce a framework for providing accountability in AC systems. In addition to issuers, holders and verifiers, it assumes the existence of: (i) a law enforcement body (the police) and a judicial body (the judge) that work together to find information on credential misuse and; (ii) one or more digital privacy advocates, called the NGO(s), that ensure the system is not used for tracking people. We introduce the cryptographic forensic trail (CFT), which is attached to each credential show. The CFT can be used for obtaining more information about an individual if and only if the police have probable cause and can convince the judge to issue a corresponding search warrant. Then, the police, the judge, and the NGO(s) run a multiparty protocol for decrypting relevant trails only. The protocol mimics checks and balances of a healthy democracy, in which neither law enforcement nor justice can track people as they will. Even if both branches colluded, the NGO(s) can detect the misuse and block further use. In addition to possible extensions, we discuss performance constraints on mobile phones and argue that practical feasi- bility of the CFT is within reach.
Image showing part 2 of abstract.
Towards Accountability for Anonymous Credentials (Shailesh Mishra, Martin Burkhart) ia.cr/2026/389
Anonymous credentials: an illustrated primer
blog.cryptographyengineering.com/2026/03/02/anonymous-cre...
Privacy-preserving age and identity verification via anonymous credentials
Discussion
Privacy-preserving age and identity verification via anonymous credentials
L: blog.cryptographyengineering.com/2026/03/02/anonymous-cre...
C: https://news.ycombinator.com/item?id=47229953
posted on 2026.03.03 at 03:58:30 (c=1, p=3)
Privacy-preserving age and identity verification via anonymous credentials
blog.cryptographyengineering.com/2026/03/02/anonymous-cre...
📰 Privacy-preserving age and identity verification via anonymous credentials
💬 Issuer gives phone non-shareable age-credential; user loses control. Sentiment: skeptical. Vibe: privacy alarm 😒
https://news.ycombinator.com/item?id=47229953
Privacy-preserving age and identity verification via anonymous credentials blog.cryptographyengineering.com/2026/03/02/anonymous-cre... (https://news.ycombinator.com/item?id=47229953
Anonymous credentials: an illustrated primer
This post has been on my back burner for well over a year. It’s been sitting here unwritten, not because the topic is unimportant — in fact, with every single month that goes by, I become more convinced that anonymous authentication the mo…
#crypto #news
Privacy-preserving age and identity verification via anonymous credentials blog.cryptographyengineering.com/2026/03/02/anonymous-cre... (https://news.ycombinator.com/item?id=47229953
Privacy-preserving age and identity verification via anonymous credentials (blog.cryptographyengineering.com)
Discussion | Main Link
Local ZKP verification is the easy part. The hard part: your EUDI credential was still issued by a gov entity that logged the issuance. ZKPs hide the presentation. They can't hide that you exist in the issuer's DB. Anonymous credentials (BBS+) partially solve this. The EU isn't deploying BBS+.
Using #cryptography for anonymous ID verfification --- cool and useful! @matthew_d_green
blog.cryptographyengineering.com/2026/03/02/anonymous-cre...
I get Google to substitute fancy math LaTeX with Unicode variants but it consumes entire context windows in less than 20 questions and also makes output unsearchable despite hedonic æsthetics.
New preprint by Anna Lysyanskaya and Eileen Nolan on SMA2RT. Highly relevant for the anonymous token space. It bridges ATPMs and anonymous credentials, solving the communication complexity bottleneck for privacy-preserving rate-limited web services.
We want not to fall into genetic logical fallacy traps of rejecting anonymous sources based on anonymity alone.
Police, journalists, historians & other investigators lead following Jon Doe tips.
If you keep finding counterfeit cash, you may redouble seeking a culprit but don't turn down free genuine
Cloudflare has been leading the tech pack in terms of giving their users and customers tools to combat bots
developers.cloudflare.com/bots/additio...
@cloudflare.social wrote this vision post for Anonymous Credentials, which is an emerging proposal for a standard
Sounds like it could be real useful in @atproto.com #atdev #atprotodev
blog.cloudflare.com/private-rate...
Abstract. Blind signature schemes are essential for privacy-preserving applications such as electronic voting, digital currencies or anonymous credentials. In this paper, we revisit Fischlin’s framework for round-optimal blind signature schemes and its recent efficient lattice-based instantiations. Our proposed framework compiles any post-quantum hash-and-sign signature scheme into a blind signature scheme. The resulting scheme ensures blindness by design and achieves one-more unforgeability, relying solely on the unforgeability of the underlying signature scheme and the random oracle model. To achieve this we introduce the notion of commit-append-and-prove (CAP) systems, which generalizes traditional commit-and-prove system by making their commitments updatable before proving. This building block allows us to unlock the technical challenges encountered when generalizing previous variants of the Fischlin’s framework to any hash-and-sign signature scheme. We provide efficient CAP system instantiations based on recent MPC-in-the-Head techniques. We showcase our framework by constructing blind versions of UOV and Wave, thereby introducing the first practical blind signatures based on multivariate cryptography and code-based cryptography. Our blind UOV signatures range from 3.8 KB to 11 KB, significantly outperforming previous post-quantum blind signatures, such as the 22 KB lattice-based blind signatures, which were the most compact until now.
Image showing part 2 of abstract.
Blinding Post-Quantum Hash-and-Sign Signatures (Charles Bouillaguet, Thibauld Feneuil, Jules Maire, Matthieu Rivain, Julia Sauvage, Damien Vergnaud) ia.cr/2025/895
Abstract. Anonymous digital credentials allow a user to prove possession of an attribute that has been asserted by an identity issuer without revealing any extra information about themselves. For example, a user who has received a digital passport credential can prove their “age is > 18” without revealing any other attributes such as their name or date of birth. Despite inherent value for privacy-preserving authentication, anonymous credential schemes have been difficult to deploy at scale. Part of the difficulty arises because schemes in the literature, such as BBS+, use new cryptographic assumptions that require system-wide changes to existing issuer infrastructure. In addition, issuers often require digital identity credentials to be device-bound by incorporating the device’s secure element into the presentation flow. As a result, schemes like BBS+ require updates to the hardware secure elements and OS on every user’s device. In this paper, we propose a new anonymous credential scheme for the popular and legacy-deployed Elliptic Curve Digital Signature Algorithm (ECDSA) signature scheme. By adding efficient zk arguments for statements about SHA256 and document parsing for ISO-standardized identity formats, our anonymous credential scheme is that first one that can be deployed without changing any issuer processes, without requiring changes to mobile devices, and without requiring non-standard cryptographic assumptions. Producing ZK proofs about ECDSA signatures has been a bottleneck for other ZK proof systems because standardized curves such as P256 use finite fields which do not support efficient number theoretic transforms. We overcome this bottleneck by designing a ZK proof system around sumcheck and the Ligero argument system, by designing efficient methods for Reed-Solomon encoding over the required fields, and by designing specialized circuits for ECDSA. Our proofs for ECDSA can be generated in 60ms. When incorporated into a fully standardized identity protocol such as the ISO MDOC standard, we can generate a zero-knowledge proof for the MDOC presentation flow in 1.2 seconds on mobile devices depending on the credential size. These advantages make our scheme a promising candidate for privacy-preserving digital identity applications.
Image showing part 2 of abstract.
Image showing part 3 of abstract.
Anonymous credentials from ECDSA (Matteo Frigo, abhi shelat) ia.cr/2024/2010
Policy, privacy and post-quantum: anonymous credentials for everyone
Policy, privacy and post-quantum: anonymous credentials for everyone
#HackerNews
https://blog.cloudflare.com/private-rate-limiting/
