Image for post
Image for post

Let 2021 Be The Year of Anonymity and Trust: Meet The Camenisch-Lysyanskaya Signature

We have several problems on the Internet. The first is that we have our identities harvested by companies such as Facebook and Google, and the second is that we must now prove things — such as our age or our location — and in doing so, we are revealing our information to others. So how can we create a trusted digital world, where we prove things, without revealing our sensitive information?

We have barely got to the point where we can digitally sign our documents, and where many industries still rely on wet signatures. With this, we create a public key (pk) and a private key (sk) and then use our private key to sign something. This then creates a signature (S). Our public key then validates the entity which signed it. But whenever we sign a document, it often reveals our identity, and, possibly other parts of our identity (such as our age, address, and so on). In many cases, though, such as being served in a bar, Peggy should just have to prove that she is over 18 years old, and not have to reveal her name, date of birth and address.

So in a paper-based system, Peggy will have some ID which has a unique identifier that only a trusted entity will be able to create. This might be a driver’s licence which has a government watermark on the card. But in an electronic system how do we create the equivalent? Well, normally we use public-key encryption to prove identity.

In a credential-based system, we create credentials which are signed by a given entity. For example, if Peggy (the prover) is over 18, she will create a credential that will be signed by her private key of the entity which proves that she is over 18 to Victor (the verifier):

Camenisch-Lysyanskaya (CL) signature

So what if Peggy doesn’t want to reveal her identity, and stay anonymous? How can she now reveal that I am over 18, without revealing anything else about her credentials, and for Peggy to get the credentials in an anonymous way? For this, we need an anonymous credential system, and one of the most widely used is the Camenisch-Lysyanskaya (CL) signature:

Within a Camenisch-Lysyanskaya signature (known as a signature with efficient protocols), Peggy can pass Victor a signature which proves “I am over 18”, and which will not reveal any other of her credentials. It thus allows:

  • Secure two-party computation. This allows a signer (such as the DVLC) to issue a signature to Peggy (the owner of the signature) without learning all the messages that are being signed, or the full signature.
  • Zero-knowledge proof. This allows Peggy to prove the required signature on a number of messages, without giving away the signature (or additional sub-information on the messages).

And so Peggy is happy. She has asked the DVLC to prove that she is over 18, and they have provided the signature, of which they have no way of knowing how she is using it, and then Peggy can use this in the bar — or anywhere else — to prove she is over 18.

And if you are interested, here is some other Camenisch-Lysyanskaya work:


We need to rebuild our data infrastructure and provide systems where citizens control and own their own data. The CL signature is one way of rebuilding this world and proves us a way of gathering trusted credentials that can then be revealed to others, without giving away other information. This will be a world built on trust, but which respects the rights to privacy and consent. Let 2021 be the year that your company takes these rights seriously, and rebuilds their data infrastructures with privacy and consent at its core.

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store