In this page we go over various proposed anonymous credential and token schemes.

We start our investigation with anonymous credentials schemes that have been specified and implemented. We first present the various schemes and their security properties in this table, and then we dive more in depth right below.

Scheme Type Attributes Public Verifiability Other notes
Privacy Pass Single-show ? No Perfect Unlinkability
Signal Creds Multi-show Yes No  
Coconut Multi-show Yes Yes Complex attributes / Threshold Issuance
Idemix Multi-show ? ?  
FB PrivateStats Single-show Yes No  
U-Prove Single-show Yes ?  
FB Blind Sigs Single-show ? Yes Perfect Unlinkability
aeonflux Multi-show Yes No  

[DGST18]: Privacy Pass

Click for details

[CPZ19]: Signal Private Group System

Click for details

[SABM19]: Coconut

Click for details

[CH03]: Idemix

Click for details

[HIJK21]: Facebook’s PrivateStats

Click for details
  • Properties: Single-show, Public Attributes
  • Based on:

[PZ13]: U-Prove

Click for details

Facebook’s Blind Signatures

Click for details


Click for details
  • aeonflux Implementation
  • Properties: Multi-show, Attributes
  • Based on: KVAC
  • Performance: TODO

We now continue with credential schemes that have been proposed and can serve as a basis for more complete systems but have not been implemented yet.

[BL13]: Anonymous Credentials Light

Click for details
  • Based on: Abe-Okamoto
  • Properties: Attributes, Single-show
  • Notes: Small anonymous credentials that allow a user with a list of attributes (L_1, \dots, L_n)

[KVAC]: Keyed-Verification Anonymous Credentials

Click for details
  • Based on: Algebraic MACs
  • Properties: Multi-show, Public Attributes, Selective Disclosure

[TAKS10]: BLAC: Revoking Repeatedly Misbehaving Anonymous Users …

Click for details
  • Based on: ZKPs & BBS+ Signatures
  • Related: [BLACR] “BLACR: TTP-free blacklistable anonymous credentials with reputation …”
  • Related: [AKTS07] “Blacklistable Anonymous Credentials: Blocking Misbehaving ..”
  • Properties: Blacklisting

[AMO08]: An Efficient Anonymous Credential System

Click for details
  • Based on: Bilinear Pairings, TODO
  • Properties: Strong-unlinkability, Attributes

[CL06]: Randomizable Proofs and Delegatable Anon Credentials

Click for details
  • Based on: ZKPs
  • Related: [CSF14] “Malleable Signatures: New Definitions and Delegatable Anonymous Credentials”
  • Properties: Multi-show, Delegetable

[CL04]: Signature Schemes and Anonymous Credentials from …

Click for details

[CL03]: A Signature Scheme with Efficient Protocols

Click for details
  • Based on: ZKPs
  • Properties: Multi-show, Attributes
  • Notes: The distinguishing feature of a CL signature is that it allows a user to prove possession of a signature without revealing the underlying messages or even the signature itself using efficient zero-knowledge proofs of knowledge. As the proof is “zero-knowledge”, the user can repeat such a proof as many times as she wants and still it is not possible to link the individual proofs.
  • Related: [CL01] An Efficient System for Non-transferable Anonymous Credentials

[CL02]: Dynamic Accumulators and Application to Efficient, Revocable Credentials

Click for details

[EPID]: Enhanced Privacy ID

Click for details

Tor Anonymous Res Tokens

Click for details

[ZKSZ20]: EL PASSO: Privacy-preserving, Asynchronous Single Sign-On

Click for details
  • Based on: PS signatures
  • Properties: Multi-show, Selective Attribute Disclosure
  • Performance:
    • Show size: 414 bytes