Scalable Anonymous Authentication Scheme Based on Zero-Knowledge Set-Membership Proof

Abstract

In this paper, we propose zero-knowledge named proof, a stateless replay attack prevention strategy that ensures the user’s anonymity against malicious administrators. We begin with adopting the zero-knowledge set-membership proof into an authentication setting in which users would delegate their requests to an agent that obstructs the user’s identity from the administrator. This anonymous agent carries the guarantee of authenticity, which the administrator through the set-membership proof can confirm. Next, we prevent replay attacks from other parties by binding the agent’s identity to the authentication proof verifiable by the administrators. By leveraging these properties, a scalable blockchain-based authentication scheme is then built. We quantitatively evaluate the security and measure the time and monetary cost of our scheme under both ideal and realistic environments. On top of it, we provide a third-party authorization scheme derived from our authentication framework to demonstrate its real-world applicability.