Password based anonymous authentication with private information retrieval

This paper focuses on authentication with three types of entities: a user who sends an authentication request, a service provider who receives and verifies the request, and a database who supplies the service provider with information for verifying the request. This paper presents novel authentication protocols that satisfy the following important properties: (1) secure against replay attacks and (2) the database cannot identify which user is authenticating. First, we show a protocol which satisfies Properties (2). Second, we show a protocol which satisfies Properties (1) and (2). A key idea of our authentication protocols is to use private information retrieval (PIR) [Chor et al. J. ACM, 1998].