ADAPID D15: E-Government II

This report presents the work done within ADAPID on advanced technologies for e-ID cards. Current e-ID cards are based on X.509 certificates, which provide authentication and digital signature functionalities. The shortcomings of X.509 certificates are that all data in the certificates is disclosed in every transaction, and that all transactions made with the same card are linkable to each other. We have designed and implemented an advanced proof-of-concept smart card prototype that demonstrates the feasibility of implementing anonymous credential protocols in a smart card. Anonymous credential protocols allow for secure and privacy-enhanced authentication. The main advantages of these protocols over traditional PKI-based technologies is that they allow for data minimization and unlinkability. This implies that in each transaction the protocols only disclose the information that is strictly necessary for the provision of the service. In order to achieve good performance, our implementation splits operations between the smart card and a client PC. Operations that require the secret keys are performed by the card, while other operations are outsourced to the PC to accelerate the performance of the system. Our case-study application is an electronic petition service. Our implementation simultaneously provides the following properties: (i) petition signing is anonymous; (2) each citizen can only sign a petition once; and (3) signatures of different petitions by the same citizen are unlinkable to each other.