Privacy preserving electronic petitions

We present the design of a secure and privacy preserving e-petition system that we have implemented as a proof-of-concept demonstrator. We use the Belgian e-ID card as source of authentication, and then proceed to issue an anonymous credential that is used to sign petitions. Our system ensures that duplicate signatures are detectable, while preserving the anonymity of petition signers. We analyze the privacy and security requirements of our application, present an overview of its architecture, and discuss the applicability of data protection legislation to our system.

[1]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[2]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[3]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[4]  Jan Camenisch,et al.  How to win the clonewars: efficient periodic n-times anonymous authentication , 2006, CCS '06.

[5]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[6]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[7]  Ivan Damgård,et al.  Unclonable Group Identification , 2006, IACR Cryptol. ePrint Arch..

[8]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[9]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[10]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[11]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[12]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[13]  Brendan Van Alsenoy,et al.  Due processing of personal data in eGovernment? , 2008, Datenschutz und Datensicherheit - DuD.

[14]  Markulf Kohlweiss,et al.  Self-certified Sybil-free pseudonyms , 2008, WiSec '08.

[15]  Kazue Sako,et al.  k-Times Anonymous Authentication (Extended Abstract) , 2004, ASIACRYPT.

[16]  C. Kuner European Data Protection Law: Corporate Compliance and Regulation , 2007 .

[17]  Bart Preneel,et al.  Assertion-based Signatures for XML Signatures , 2007 .