Anonymous Deniable Identification in Ephemeral Setup & Leakage Scenarios

In this paper we concern anonymous identification, where the verifier can check that the user belongs to a given group of users (just like in case of ring signatures), however a transcript of a session executed between a user and a verifier is deniable. That is, neither the verifier nor the prover can convice a third party that a given user has been involved in a session but also he cannot prove that any user has been interacting with the verifier. Thereby one can achieve high standards for protecting personal data according to the General Data Protection Regulation – the fact that an interaction took place might be a sensitive data from information security perspective. We show a simple realization of this idea based on Schnorr identification scheme arranged like for ring signatures. We show that with minor modifications one can create a version immune to leakage of ephemeral keys. We extend the above scenario to the case of k out of n, where the prover must use at least k private keys corresponding to the set of n public keys. With the most probable setting of k = 2 or 3, we are talking about the practical case of multifactor authentication that might be necessary for applications with higher security level