Anonymous Credentials from (Indexed) Aggregate Signatures
S. Canard and R. Lescuyer

Anonymous credential systems allow users to obtain certified credentials (a driving license, a student card, etc.) from organizations and then later to prove the possession of one (or more) credential(s) to another party, while minimizing the information given to the latter. While current constructions use zero-knowledge proofs of knowledge of a signature or blinding mechanisms, we keep in this paper a new approach, based on aggregate signature schemes. In particular, we use the notion of indexed aggregate signature by which we aggregate several signatures into a single one, but only if they are initially related to the same index. The resulting anonymous credential system is the first one which efficiently enables a user to prove the possession, in an untraceable way, of several credentials issued by possibly several organizations.