Identity Mixer

Identity Mixer (idemix) allows users to authenticate anonymously: instead of providing their identity, users can obtain access to a resource by merely proving possession of the required credentials without revealing the credentials themselves.

License Programming Language Operating System/Platform Category Intended Audience Download
International License .Agreement for Identity Mixer Version 1.2 Java platform independent (tested on WindowsXP/32, Windows7/64, Ubuntu10.04/32) JRE-1.6 cryptographic library developers, authentication system developers, web application developers ZIP/JAR


We all increasingly use electronic services in our daily lives. To do so, we have no choice but to provide plenty of personal information for authorisation, billing purposes, or as part of the terms and conditions of service providers. Dispersing all these personal information erodes our privacy and puts us at risk of abuse of this information by criminals.
Identity Mixer (idemix) allows users to minimise the personal data they have to reveal in such transactions. For instance, if electronic identity (eID) cards were realised with idemix, then teenagers possessing such eID cards could log onto a teenage chat room just proving that they are indeed 12-15 years of age without revealing any other information stored on the card such as their name or address.

The Identity Mixer cryptographic library offers the all the cryptographic algorithms to realise such anonymous authentication. This comprises the functionality for the issuer, client, and service provider. The library implements the credential system of Camenisch and Lysyanskaya [see for further information]. In addition to the basic credential system, the following additional features are currently supported for dealing with attribute contained in a credential when proving possession of credentials:

  • Selective release of the attributes (minimal disclosure);
  • Proving predicates over some of attributes; and
  • Verifiable encryption and anonymity revocation (useful for conditional anonymity) of some attributes

On top of that, the library also allows one to prove possession of several credentials at the same time and to state various relations among the attributes contained in these credentials.

How to Use

The library provides algorithms to generate all key material, to issue credentials, and to demonstrate possession of credentials. To realise a typical application, these algorithms need to be embedded into an access control system, similarly as the algorithms to generate and verify, e.g., x.509 or SAML token would need to be embedded. We refer to the documentation of the library for further information.
As one example use case, idemix has been integrated into the PRIME Core privacy-enhancing identity management system.

Target Audience

The library has been developed for the use by software engineers to realise the future of secure attribute-based authentication already today in their systems, be it for prototypes or commercial applications.

Future Plans

We aim to maintain the library in its current form. We might add some new features in the future but will try hard to stick to the API and data formats whenever possible.

Further Information

Platform: Java 6
Architecture: Clients, servers, and certifiers need to run the component for executing anonymous credential protocols.
License: See download page for detailed license terms.
Download: (Please note, that the download is hosted by TU Dresden).
Contact: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
LastUpdate: 13.4.11