{"id":170918,"date":"2012-02-25T22:58:55","date_gmt":"2012-02-25T22:58:55","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/project\/u-prove\/"},"modified":"2026-02-05T06:38:25","modified_gmt":"2026-02-05T14:38:25","slug":"u-prove","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/u-prove\/","title":{"rendered":"U-Prove"},"content":{"rendered":"

\"\"<\/p>\n

Overview<\/h1>\n

A U-Prove token is a type of credential similar to a PKI certificate that can encode attributes of any type, but with two important differences:<\/p>\n

1) The issuance and presentation of a token is unlinkable<\/i> due to the special type of public key and signature encoded in the token; the cryptographic \u201cwrapping\u201d of the attributes contain no correlation handles. This prevents unwanted tracking of users when they use their U-Prove tokens, even by colluding insiders.<\/p>\n

2) Users can minimally disclose information about what attributes are encoded in a token in response to dynamic verifier policies. As an example, a user may choose to only disclose a subset of the encoded attributes, prove that her undisclosed name does not appear on a deny list, or prove that she is of age without disclosing her actual birthdate.<\/p>\n

These user-centric aspects make the U-Prove technology ideally suited to creating the digital equivalent of paper-based credentials and the plastic ID cards in one’s wallet.<\/p>\n

Microsoft has made available the foundational features of the technology by releasing the core U-Prove specifications under the Open Specification Promise. The core cryptographic scheme has been standardized in ISO\/IEC 18370-2:2016 (opens in new tab)<\/span><\/a> (Blind digital signatures \u2014 Part 2: Discrete logarithm based mechanisms).<\/p>\n

Links<\/h1>\n