An anonymous single sign-on (ASSO) scheme allows users to access multiple services anonymously using one credential. We propose a new ASSO scheme, where users can access services anonymously through the use of anonymous credentials and unlinkably through the provision of designated verifiers. Notably, verifiers cannot link a user's service requests even if they collude. The novelty is that when a designated verifier is unavailable, a central authority can authorize new verifiers to authenticate the user on behalf of the original verifier. Furthermore, a central verifier can also be authorized to de-anonymize users and trace their service requests. We formalize the scheme along with a security proof and provide an empirical evaluation of its performance. This scheme can be applied to smart ticketing where minimizing the collection of personal information of users is increasingly important to transport organizations due to privacy regulations such as general data protection regulations (GDPRs).

中文翻译：

---

带有代理重新验证的匿名单点登录

匿名单点登录（ASSO）方案允许用户使用一个凭据匿名访问多种服务。我们提出了一种新的ASSO方案，在该方案中，用户可以使用匿名凭据匿名访问服务，而通过提供指定的验证者则可以不可链接地访问服务。值得注意的是，验证者即使相互勾结也无法链接用户的服务请求。新颖之处在于，当指定的验证者不可用时，中央机构可以授权新的验证者代表原始验证者对用户进行身份验证。此外，还可以授权中央验证者对用户取消匿名并跟踪其服务请求。我们对该方案进行了形式化并提供了安全证明，并对其性能进行了实证评估。