Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

Info-Icon Diese Seite ist nicht in Deutsch verfügbar

CRC 901 – On-The-Fly Computing (OTF Computing)


The upb.crypto project is a collection of several cryptographic implementations. It enables and implements modern cryptographic schemes such as anonymous credential systems (which allow users to authenticate while preserving their anonymity) and attribute-based encryption (which allows policy-based access control to data as opposed to the classical one-sender-one-receiver encryption schemes).


The upb.crypto project is comprised of several modules that either implement cryptographic schemes or their (reusable) building blocks.

Modules of upb.crypto


The math module of upb.crypto mainly implements elliptic curve groups with pairings including the supersingular curve with Tate pairing and Barreto-Naehrig curves. These groups form the base of many cryptographic constructions.
Moreover, it implements other mathematical basics used in cryptographic constructions like polynomial rings, finite fields, etc.


The craco (CRyptogrAphic COnstructions) module of upb.crypto started out as a library for attribute-based access control and evolved into a library providing implementations of numerous cryptographic constructions, many of which form the basis of more complex schemes.
Craco provides (among others) attribute-based encryption (ABE), identity-based encryption, signature schemes, commitment schemes, secret sharing schemes, and cryptographic accumulators.

Craco has been developed during the first phase of the SFB 901 and has been steadily updated with new functionality since then.


The protocols module of upb.crypto gathers all kind of (non-)interactive cryptographic protocols. Its focus is on zero-knowledge proof of knowledge protocols, in particular sigma protocols.
This currently includes an implementation of the (generalized) Schnorr protocol as well as several advanced Schnorr-style "proof of knowledge of exponent" protocols (range proofs, set membership proofs, etc.) and standard transformations (the Fiat-Shamir heuristic and Damgård's technique).


The clarc (Cryptographic Library for Anonymous Reputation and Credentials) module combines all modules introduced before to implementent an anonymous credential system with integrated reputation system (see our paper as presented at ARES 2018). The implemented credential system is unique in the sense that it provides support for almost arbitrary access policies.
For the sake of demonstration, we implemented an example application using the clarc library to secure a simple online shop. 

Die Universität der Informationsgesellschaft