A Brief Note on Cryptographic Pseudonyms for Anonymous Credentials

TL;DR

This work addresses how to create privacy-preserving yet accountable pseudonyms for anonymous credentials in the European Identity Wallet (EUDI) ecosystem. It proposes a two-step approach that adds a high-entropy pseudonym seed $pns$ to the credential and derives RP-specific pseudonyms via a PRF, enabling selective disclosure and unlinkable interactions across RPs. Two instantiations are explored: a generic ZKP with HMAC-based pseudonyms and a BBS credential-based path, each supporting zero-knowledge proofs of credential validity and binding without exposing $pns$. The paper also discusses transferability across devices, rate-limiting through an index, and practical considerations such as online/offline transfers and the deprecated batch-issuance approach, aiming to deliver practical, scalable, and privacy-respecting anonymous credentials in real-world web contexts.

Abstract

This paper describes pseudonyms for the upcoming European Identity Wallet (EUDIW) architecture from both a cryptographic and an implementation perspective. Its main goal is to provide technical insights into the achievable properties and cryptographic realizations. In particular, we (1) outline the security and privacy requirements of EUDI pseudonyms as the basis for building consensus on the cross-country decision maker level; (2) sketch an abstract cryptographic protocol that fulfills these requirements; and (3) suggest two instantiation options for the protocol sketch based on well-studied building A complete specification of the formal properties, as well as the specific set of credential issuance, provisioning, and pseudonym presentation generation is outside the scope of this paper, but is expected to follow as future work.