In an anonymous credential system, users collect
credentials from issuers, and can use their credentials to gen-
erate privacy-preserving identity proofs that can be shown
to third-party verifiers. Since the introduction of anonymous
credentials by Chaum in 1985, there has been promising
advances with respect to system design, security analysis
and real-world implementations of anonymous credential
systems.
In this paper, we examine Hyperledger AnonCreds, an
anonymous credential system that was introduced in 2017
and is currently undergoing specification. Despite being
implemented in deployment-ready identity system platforms,
there is no formal security analysis of the Hyperledger
AnonCreds protocol. We rectify this, presenting syntax and
a security model for, and a first security analysis of, the
Hyperledger AnonCreds protocol. In particular, we demon-
strate that Hyperledger AnonCreds is correct, and satisfies
notions of unforgeability and anonymity. We conclude with
a discussion on the implications of our findings, highlighting
the importance of rigorous specification efforts to support
security evaluation of real-world cryptographic protocols.