Credentials, and more precisely cryptographic credentials, are commonly known and used to certify access to cryptography-based applications, e.g. cryptographically secured exchange of data between computer systems and/or devices. A credential holder who is requested to provide information may provide the requested information and use a credential to prove that information provided by him is correct and trustable. A cryptographic credential is essentially a certificate generated via a cryptographic process. Such a credential is issued by a credential issuing entity to a credential holder. In general, the credential issuing entity appropriately verifies the information to be certified before issuing the credential. Thereby, the credential issuing entity establishes a trust anchor, i.e. it is an authoritative entity for which trust is assumed and not derived. For example, in X.509 architecture, a root certificate issued by a root certificate issuing entity may be the trust anchor from which a chain of trust is derived. The information in question is cryptographically encoded in the credential to certify the correctness of said information. In particular, the information to be certified may be represented by some value or function which is then encoded in the credential via a cryptographic algorithm. When requested by a verifying entity to provide certain information and to prove the same, the credential holder may provide the requested information and use his credential, in which the respective information is encoded, to make a suitable proof to the verifying entity via various cryptographic proof protocols.
Privacy-preserving Attribute-Based Credentials or Privacy-ABCs, sometimes also known as anonymous credentials or minimal disclosure tokens, allows a user computer system to authenticate to a verifying computer system in a privacy-preserving manner. An issuing computer system assigns attributes to a user computer system by issuing a credential containing the list of attributes for that user computer system. The user computer systems, receiving the credential, can then use this credential to convince a verifying computer system that his certified attributes satisfy certain properties without disclosing more information than strictly necessary.