Blacklistable anonymous credentials: blocking misbehaving users without ttps

Several credential systems have been proposed in which users can authenticate to services anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a complaint to a trusted third party (TTP). The ability of the TTP to revoke a user’s privacy at any time, however, is too strong a punishment for misbehavior. To limit the scope of deanonymization, systems such as “e-cash” have been proposed in which users are deanonymized under only certain types of well-defined mis-behavior such as “double spending.” While useful in some applications, it is not possible to generalize such techniques to more subjective definitions of misbehavior. We present the first anonymous credential system in which services can “blacklist” misbehaving users without contacting a TTP. Since blacklisted users remain anonymous, mis-behaviors can be judged subjectively without users fearing arbitrary deanonymization by a TTP.

[1]  Sean W. Smith,et al.  Nymble: Anonymous IP-Address Blocking , 2007, Privacy Enhancing Technologies.

[2]  Jan Camenisch,et al.  How to win the clonewars: efficient periodic n-times anonymous authentication , 2006, CCS '06.

[3]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.

[4]  Jan Camenisch,et al.  Balancing Accountability and Privacy Using E-Cash (Extended Abstract) , 2006, SCN.

[5]  Kazue Sako,et al.  k-Times Anonymous Authentication with a Constant Proving Cost , 2006, Public Key Cryptography.

[6]  Willy Susilo,et al.  Short E-Cash , 2005, INDOCRYPT.

[7]  Reihaneh Safavi-Naini,et al.  Dynamic k-Times Anonymous Authentication , 2005, ACNS.

[8]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[9]  Aggelos Kiayias,et al.  Group Signatures with Efficient Concurrent Join , 2005, EUROCRYPT.

[10]  Victor K.-W. Wei,et al.  Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation , 2005, ISPEC.

[11]  Lan Nguyen,et al.  Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[12]  Joseph K. Liu,et al.  Separable Linkable Threshold Ring Signatures , 2004, INDOCRYPT.

[13]  Kazue Sako,et al.  k-Times Anonymous Authentication (Extended Abstract) , 2004, ASIACRYPT.

[14]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[15]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[16]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[17]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[18]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[19]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[20]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[21]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[22]  Dawn Xiaodong Song,et al.  Quasi-Efficient Revocation in Group Signatures , 2002, Financial Cryptography.

[23]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[24]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[25]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[26]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[27]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[28]  Paul F. Syverson,et al.  Unlinkable Serial Transactions , 1997, Financial Cryptography.

[29]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[30]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[31]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[32]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[33]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[34]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.