The success of electronic authentication systems, be it eID card systems or Internet authentication systems such as CardSpace, highly depends on the provided level of user-privacy. Thereby, an important requirement is an eﬃcient means for revocation of the authentication credentials. In this paper we consider the problem of revocation for certiﬁcate-based privacy-protecting authentication systems. To date, the most eﬃcient solutions for revocation for such systems are based on cryptographic accumulators. Here, an accumulate of all currently valid certiﬁcates is published regularly and each user holds a witness enabling her to prove the validity of her (anonymous) credential while retaining anonymity. Unfortunately, the users’ witnesses must be updated at least each time a credential is revoked. For the know solutions, these updates are computationally very expensive for users and/or certiﬁcate issuers which is very problematic as revocation is a frequent event as practice shows. In this paper, we propose a new dynamic accumulator scheme based on bilinear maps and show how to apply it to the problem of revocation of anonymous credentials. In the resulting scheme, proving a credential’s validity and updating witnesses both come at (virtually) no cost for credential owners and veriﬁers. In particular, updating a witness requires the issuer to do only one multiplication per addition or revocation of a credential and can also be delegated to untrusted entities from which a user could just retrieve the updated witness. We believe that thereby we provide the ﬁrst authentication system oﬀering privacy protection suitable for implementation with electronic tokens such as eID cards or drivers’ licenses.