{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T16:38:35Z","timestamp":1773247115970,"version":"3.50.1"},"reference-count":75,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2022,3,4]],"date-time":"2022-03-04T00:00:00Z","timestamp":1646352000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Australian Government\u2019s Cooperative Research Centres Program"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2022,5,31]]},"abstract":"<jats:p>This article first formalizes the problem of unlinkable attribute-based authentication in the system where each user possesses multiple assertions and uses them interchangeably. Currently, there are no recommendations for optimal usage of assertions in such authentication systems. To mitigate this issue, we use conditional entropy to measure the uncertainty for a Relying Party who attempts to link observed assertions with user labels. Conditional entropy is the function of usage statistics for all assertions in the system. Personal<jats:italic>decisions<\/jats:italic>made by the users about the usage of assertions contribute to these statistics. This collective effect from all the users impacts the unlinkability of authentication and must be studied using game theory. We specify several instances of the game where context information that is provided to the users differs. Through game theory and based on conditional entropy, we demonstrate how each user optimizes usage for the personal set of assertions. In the experiment, we substantiate the advantage of the proposed rational decision-making approaches: Unlinkability that we obtain under Nash equilibrium is higher than in the system where users authenticate using their assertions at random. We finally propose an algorithm that calculates equilibrium and assists users with the selection of assertions. This manifests that described techniques can be executed in realistic settings. This does not require modification of existing authentication protocols and can be implemented in platform-independent identity agents. As a use case, we describe how our technique can be used in Digital Credential Wallets: We suggest that unlinkability of authentication can be improved for Verifiable Credentials.<\/jats:p>","DOI":"10.1145\/3501260","type":"journal-article","created":{"date-parts":[[2022,3,4]],"date-time":"2022-03-04T10:44:06Z","timestamp":1646390646000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Improving Unlinkability of Attribute-based Authentication through Game Theory"],"prefix":"10.1145","volume":"25","author":[{"given":"Yevhen","family":"Zolotavkin","sequence":"first","affiliation":[{"name":"Deakin University, Geelong, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jongkil Jay","family":"Jeong","sequence":"additional","affiliation":[{"name":"Deakin University, Geelong, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7724-2601","authenticated-orcid":false,"given":"Veronika","family":"Kuchta","sequence":"additional","affiliation":[{"name":"The University of Queensland, St Lucia, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6054-9463","authenticated-orcid":false,"given":"Maksym","family":"Slavnenko","sequence":"additional","affiliation":[{"name":"Deakin University, Geelong, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6143-6850","authenticated-orcid":false,"given":"Robin","family":"Doss","sequence":"additional","affiliation":[{"name":"Deakin University, Geelong, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,3,4]]},"reference":[{"key":"e_1_3_3_2_2","article-title":"IRMA: Practical, decentralized and privacy-friendly identity management using smartphones","author":"Alp\u00e1r Gergely","year":"2017","unstructured":"Gergely Alp\u00e1r, Fabian van den Broek, Brinda Hampiholi, Bart Jacobs, Wouter Lueks, and Sietse Ringers. 2017. IRMA: Practical, decentralized and privacy-friendly identity management using smartphones. In Proceedings of the Hot Topics in Privacy Enhancing Technologies (HotPETs\u201917).","journal-title":"Proceedings of the Hot Topics in Privacy Enhancing Technologies (HotPETs\u201917)"},{"key":"e_1_3_3_3_2","first-page":"551","volume-title":"Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201916)","author":"Angel Sebastian","year":"2016","unstructured":"Sebastian Angel and Srinath Setty. 2016. Unobservable communication over fully untrusted infrastructure. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201916). USENIX Association, 551\u2013569. https:\/\/www.usenix.org\/conference\/osdi16\/technical-sessions\/presentation\/angel."},{"key":"e_1_3_3_4_2","unstructured":"A. Beduschi J. Cinnamon J. Langford C. Luo and D. Owen. 2017. Building digital identities: The challenges risks and opportunities of collecting behavioural attributes for new digital identity systems. 40 pages."},{"key":"e_1_3_3_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTCC50638.2020.9259642"},{"key":"e_1_3_3_6_2","doi-asserted-by":"publisher","DOI":"10.1006\/game.1995.1027"},{"key":"e_1_3_3_7_2","doi-asserted-by":"publisher","DOI":"10.3982\/TE1808"},{"key":"e_1_3_3_8_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-27809-2_26"},{"key":"e_1_3_3_9_2","doi-asserted-by":"crossref","unstructured":"T. Berners-Lee R. Fielding and L. Masinter. 2005. Uniform resource identifier (URI): Generic syntax. Retrieved from https:\/\/tools.ietf.org\/html\/rfc3986.","DOI":"10.17487\/rfc3986"},{"key":"e_1_3_3_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.114"},{"key":"e_1_3_3_11_2","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.CSWP.01162020"},{"key":"e_1_3_3_12_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-28628-8_3"},{"key":"e_1_3_3_13_2","volume-title":"Collins Dictionary of Mathematics","author":"Borowski E. J.","year":"2002","unstructured":"E. J. Borowski and J. M. Borwein. 2002. Collins Dictionary of Mathematics. HarperCollins."},{"key":"e_1_3_3_14_2","volume-title":"Proceedings of the International Symposium on Trustworthy Global Computing","author":"Brus\u00f3 Mayla","year":"2012","unstructured":"Mayla Brus\u00f3, Konstantinos Chatzikokolakis, Sandro Etalle, and Jerry Den Hartog. 2012. Linking unlinkability. In Proceedings of the International Symposium on Trustworthy Global Computing, Catuscia Palamidessi and Mark D. Ryan (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 129\u2013144."},{"key":"e_1_3_3_15_2","article-title":"D3. 1: Scientific comparison of ABC protocols","author":"Camenisch J.","year":"2014","unstructured":"J. Camenisch, S. Krenn, A. Lehmann G. L. Mikkelsen, G. Neven, and M. \u00d8. Pedersen. 2014. D3. 1: Scientific comparison of ABC protocols. Part I-Formal Treatment of Privacy-Enhancing Credential Systems. Project deliverable in ABC4Trust (2014).","journal-title":"Part I-Formal Treatment of Privacy-Enhancing Credential Systems. Project deliverable in ABC4Trust"},{"key":"e_1_3_3_16_2","series-title":"Proceedings of the 3rd International Conference on Security in Communication Networks (SCN\u201902), Revised Papers","first-page":"268","volume":"2576","author":"Camenisch Jan","year":"2002","unstructured":"Jan Camenisch and Anna Lysyanskaya. 2002. A signature scheme with efficient protocols. In Proceedings of the 3rd International Conference on Security in Communication Networks (SCN\u201902), Revised Papers, Lecture Notes in Computer Science, Vol. 2576. Springer, 268\u2013289."},{"key":"e_1_3_3_17_2","article-title":"An introduction to information theory and entropy","author":"Carter Tom","year":"2007","unstructured":"Tom Carter. 2007. An introduction to information theory and entropy. Complex Systems Summer School, Santa Fe.","journal-title":"Complex Systems Summer School, Santa Fe"},{"key":"e_1_3_3_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/3001913.3001919"},{"key":"e_1_3_3_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/MCOMSTD.001.1900020"},{"key":"e_1_3_3_20_2","unstructured":"Mike Clark. 2019. German government adds iPhone NFC identity card reading to digital ID app. Retrieved from https:\/\/www.nfcw.com\/2019\/10\/01\/364573\/german-government-adds-iphone-nfc-identity-card-reading-to-digital-id-app\/."},{"key":"e_1_3_3_21_2","unstructured":"Sarah Clark. 2020. Germany to begin rollout of open national digital identity service \u201clater this year\u201d. Retrieved from https:\/\/www.nfcw.com\/2020\/07\/29\/367360\/germany-to-begin-rollout-of-open-national-digital-identity-service-later-this-year\/."},{"key":"e_1_3_3_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/1179529.1179539"},{"key":"e_1_3_3_23_2","doi-asserted-by":"publisher","DOI":"10.1137\/0806023"},{"key":"e_1_3_3_24_2","article-title":"Looking ahead: The user experience of eIDAS-based eID","author":"Commission European","year":"2018","unstructured":"European Commission. 2018. Looking ahead: The user experience of eIDAS-based eID. Value Proposition of eIDAS eID.","journal-title":"Value Proposition of eIDAS eID"},{"key":"e_1_3_3_25_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC6973"},{"key":"e_1_3_3_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/MCOMSTD.001.1900029"},{"key":"e_1_3_3_27_2","volume-title":"Proceedings of the International Workshop on Privacy Enhancing Technologies","author":"Diaz Claudia","year":"2002","unstructured":"Claudia Diaz, Stefaan Seys, Joris Claessens, and Bart Preneel. 2002. Towards measuring anonymity. In Proceedings of the International Workshop on Privacy Enhancing Technologies Roger Dingledine and Paul Syverson (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 54\u201368."},{"key":"e_1_3_3_28_2","article-title":"The Key to Digital Identity","year":"2021","unstructured":"Dizme. 2021. The Key to Digital Identity. Retrieved from https:\/\/www.dizme.io\/.","journal-title":"https:\/\/www.dizme.io\/"},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jebo.2003.11.008"},{"key":"e_1_3_3_30_2","unstructured":"European Commission. 2020-07-23. Proposal for a European Digital Identity (EUid) and Revision of the eIDAS Regulation. Directorate-General for Communications Networks Content and Technology (2020-07-23)."},{"key":"e_1_3_3_31_2","article-title":"Regulation (EU) No 910\/2014 of the european parliament and of the council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999\/93\/EC","author":"Parliament European","unstructured":"European Parliament. 2014-07-23. Regulation (EU) No 910\/2014 of the european parliament and of the council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999\/93\/EC. Council of the European Union (2014-07-23).","journal-title":"Council of the European Union"},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/28395.28419"},{"key":"e_1_3_3_33_2","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-53r5"},{"key":"e_1_3_3_34_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-75551-7_1"},{"key":"e_1_3_3_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653702"},{"key":"e_1_3_3_36_2","volume-title":"Game Theory (11 ed.)","author":"Fudenberg Drew","year":"1991","unstructured":"Drew Fudenberg and Jean Tirole. 1991. Game Theory (11 ed.). The MIT Press."},{"key":"e_1_3_3_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/Allerton.2013.6736721"},{"key":"e_1_3_3_38_2","volume-title":"Computer Security","author":"Gon\u00e7alves S\u00e9rgio Manuel N\u00f3brega","year":"2020","unstructured":"S\u00e9rgio Manuel N\u00f3brega Gon\u00e7alves, Alessandro Tomasi, Andrea Bisegna, Giulio Pellizzari, and Silvio Ranise. 2020. Verifiable Contracting. In Computer Security, Ioana Boureanu, Constantin C\u01cet\u01celin Dr\u01cegan, Mark Manulis, Thanassis Giannetsos, Christoforos Dadoyan, Panagiotis Gouvas, Roger A. Hallman, Shujun Li, Victor Chang, Frank Pallas, J\u00f6rg Pohle, and Angela Sasse (Eds.). Springer International Publishing, Cham, 133\u2013144."},{"key":"e_1_3_3_39_2","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-63-3"},{"key":"e_1_3_3_40_2","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.8112"},{"key":"e_1_3_3_41_2","doi-asserted-by":"publisher","DOI":"10.5555\/1145948.1145953"},{"key":"e_1_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.14.3.159"},{"key":"e_1_3_3_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/1698750.1698753"},{"key":"e_1_3_3_44_2","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-205"},{"key":"e_1_3_3_45_2","doi-asserted-by":"publisher","DOI":"10.5555\/1947915.1947920"},{"key":"e_1_3_3_46_2","article-title":"An open ecosystem for trusted identities","year":"2021","unstructured":"IDunion. 2021. An open ecosystem for trusted identities. Retrieved from https:\/\/idunion.org\/?lang=en.","journal-title":"https:\/\/idunion.org\/?lang=en"},{"key":"e_1_3_3_47_2","volume-title":"Information Technology\u2013Security Techniques\u2013Security Assurance Framework\u2013Part 1: Introduction and Concepts","author":"Secretary ISO Central","year":"2012","unstructured":"ISO Central Secretary. 2012. Information Technology\u2013Security Techniques\u2013Security Assurance Framework\u2013Part 1: Introduction and Concepts. Technical Report ISO\/IEC TR 15443-1:2012(E). International Organization for Standardization, Geneva, CH."},{"key":"e_1_3_3_48_2","volume-title":"Information Technology\u2013Security Techniques\u2013Information Security Risk Management","author":"Secretary ISO Central","year":"2018","unstructured":"ISO Central Secretary. 2018. Information Technology\u2013Security Techniques\u2013Information Security Risk Management. Standard ISO\/IEC 27005:2018(E). International Organization for Standardization, Geneva, CH."},{"key":"e_1_3_3_49_2","volume-title":"Systems and Software Engineering\u2013Systems and Software Assurance\u2013Part 1: Concepts and Vocabulary","author":"Secretary ISO Central","year":"2019","unstructured":"ISO Central Secretary. 2019. Systems and Software Engineering\u2013Systems and Software Assurance\u2013Part 1: Concepts and Vocabulary. Standard ISO\/IEC\/IEEE 15026-1:2019(E). International Organization for Standardization, Geneva, CH."},{"key":"e_1_3_3_50_2","volume-title":"Information Security, Cybersecurity and Privacy Protection\u2013Evaluation Criteria for IT Security\u2013Part 2: Security Functional Components","author":"Secretary ISO Central","year":"2020","unstructured":"ISO Central Secretary. 2020. Information Security, Cybersecurity and Privacy Protection\u2013Evaluation Criteria for IT Security\u2013Part 2: Security Functional Components. Standard ISO\/IEC DIS 15408-2:2020(E). International Organization for Standardization, Geneva, CH."},{"key":"e_1_3_3_51_2","volume-title":"Information Technology\u2013Requirements for Attribute-based Unlinkable Entity Authentication","author":"Secretary ISO Central","year":"2020","unstructured":"ISO Central Secretary. 2020. Information Technology\u2013Requirements for Attribute-based Unlinkable Entity Authentication. Standard ISO\/IEC DIS 27551. International Organization for Standardization, Geneva, CH."},{"key":"e_1_3_3_52_2","volume-title":"ITU-T Focus Group Digital Financial Services: Main Recommendations","author":"ITU Telecommunication Standardization Sector of","year":"2017","unstructured":"Telecommunication Standardization Sector of ITU. 2017. ITU-T Focus Group Digital Financial Services: Main Recommendations. Standard. International Telecommunication Union, Geneva, CH."},{"key":"e_1_3_3_53_2","doi-asserted-by":"crossref","unstructured":"M. Jones. 2015. JSON web key (JWK). Retrieved from https:\/\/tools.ietf.org\/html\/rfc7517.","DOI":"10.17487\/RFC7517"},{"key":"e_1_3_3_54_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7516"},{"key":"e_1_3_3_55_2","doi-asserted-by":"publisher","DOI":"10.1145\/2554797.2554834"},{"key":"e_1_3_3_56_2","volume-title":"JSON-LD 1.1: A JSON-based Serialization for Linked Data","author":"Kellogg Gregg","year":"2020","unstructured":"Gregg Kellogg, Pierre-Antoine Champin, and Dave Longley. 2020. JSON-LD 1.1: A JSON-based Serialization for Linked Data. Recommendation. World Wide Web Consortium."},{"key":"e_1_3_3_57_2","doi-asserted-by":"crossref","unstructured":"G. Klyne and C. Newman. 2002. Date and time on the Internet: Timestamps. Retrieved from https:\/\/tools.ietf.org\/html\/rfc3339.","DOI":"10.17487\/rfc3339"},{"key":"e_1_3_3_58_2","unstructured":"Michael Kubach Heiko Ro\u00dfnagel and Rachelle Sellung. 2013. Service providers\u2019 requirements for eID solutions: Empirical evidence from the leisure sector. Open Identity Summit 2013 (2013)."},{"key":"e_1_3_3_59_2","doi-asserted-by":"crossref","unstructured":"Loic Lesavre Priam Varin Peter Mell Michael Davidson and James Shook. 2019. A taxonomic approach to understanding emerging blockchain identity management systems. CoRR abs\/1908.00929 (2019). arXiv:1908.00929 http:\/\/arxiv.org\/abs\/1908.00929","DOI":"10.6028\/NIST.CSWP.9"},{"key":"e_1_3_3_60_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2013.6567110"},{"key":"e_1_3_3_61_2","volume-title":"RSA Signature Suite 2018","author":"Longley Dave","year":"2020","unstructured":"Dave Longley and Manu Sporny. 2020. RSA Signature Suite 2018. Specification. World Wide Web Consortium."},{"key":"e_1_3_3_62_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-50086-3_7"},{"key":"e_1_3_3_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.55"},{"key":"e_1_3_3_64_2","volume-title":"Verifiable Credentials Use Cases","author":"Otto Nate","year":"2019","unstructured":"Nate Otto, Sunny Lee, Brian Sletten, Daniel Burnett, Manu Sporny, and Ken Ebert. 2019. Verifiable Credentials Use Cases. Guide. World Wide Web Consortium."},{"key":"e_1_3_3_65_2","doi-asserted-by":"publisher","DOI":"10.5555\/1788494.1788513"},{"key":"e_1_3_3_66_2","unstructured":"Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity unlinkability undetectability unobservability pseudonymity and identity management."},{"key":"e_1_3_3_67_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.09.025"},{"key":"e_1_3_3_68_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-00119-7_4"},{"key":"e_1_3_3_69_2","unstructured":"Mikerah Quintyne-Collins Heather Vescent Darrell O\u2019Donnell Greg Slepak Michael Brown Christoper Allen and Michael Ruther. [n. d.]. Digital credential wallets."},{"key":"e_1_3_3_70_2","volume-title":"Decentralized Identifiers (DIDs) v1.0: Core Architecture, Data Model, and Representations","author":"Reed Drummond","year":"2021","unstructured":"Drummond Reed, Manu Sporny, Dave Longley, Christopher Allen, Ryan Grant, and Markus Sabadello. 2021. Decentralized Identifiers (DIDs) v1.0: Core Architecture, Data Model, and Representations. Recommendation. World Wide Web Consortium."},{"key":"e_1_3_3_71_2","doi-asserted-by":"publisher","DOI":"10.1145\/3007204"},{"key":"e_1_3_3_72_2","doi-asserted-by":"publisher","DOI":"10.1111\/itor.12248"},{"key":"e_1_3_3_73_2","volume-title":"Verifiable Credentials Data Model v1.0: Expressing Verifiable Information on the Web","author":"Sporny Manu","year":"2019","unstructured":"Manu Sporny, Noble Grant, Dave Longley, Daniel Burnett, and Brent Zundel. 2019. Verifiable Credentials Data Model v1.0: Expressing Verifiable Information on the Web. Recommendation. World Wide Web Consortium."},{"key":"e_1_3_3_74_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-40956-4_3"},{"key":"e_1_3_3_75_2","doi-asserted-by":"publisher","DOI":"10.18420\/ois2020_14"},{"key":"e_1_3_3_76_2","doi-asserted-by":"publisher","DOI":"10.1145\/3168389"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3501260","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3501260","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:12:18Z","timestamp":1750191138000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3501260"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,4]]},"references-count":75,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,5,31]]}},"alternative-id":["10.1145\/3501260"],"URL":"https:\/\/doi.org\/10.1145\/3501260","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3,4]]},"assertion":[{"value":"2021-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-03-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}