Privacy Protection for Transactions of Digital Goods

In this paper we study the problem of how to protect users' privacy in web transactions of digital goods. In particular, we introduce a system which allows a user to disclose his/her identity information (such as user account or credit card number) to a web site in exchange for a digital item, but privents the web site from learning which specific item the user intends to obtain. The problem concerned here is orthogonal to the problem of anonymous transactions [RSG98, RR98] but commensurate with the general problem of PIR (private information retrieval) [CGK95, CG97]. Most of the existing results in PIR, however, are theoretical in nature and can not be applied in practice due to their large communication and computational overheads. In the present paper, we introduce two practical solutions that satisfy the above two requirements and analyze their security and performance.

[1]  Jean-Sébastien Coron,et al.  On the Security of RSA Padding , 1999, CRYPTO.

[2]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[3]  Alan Underwood,et al.  Professional Ethics in a Security and Privacy Context - the Perspective of a National Computing Society , 2000, ACISP.

[4]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[5]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[6]  Michael J. Wiener,et al.  Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.

[7]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[8]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[9]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[10]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[11]  R. Mori,et al.  Superdistribution : the concept and the architecture , 1990 .

[12]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[13]  David Chaum,et al.  Electronic Mail, Return Address, and Digital Pseudonyms , 1981 .

[14]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[15]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[16]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[17]  Robert H. Deng,et al.  An Efficient and Practical Scheme for Privacy Protection in the E-Commerce of Digital Goods , 2000, ICISC.

[18]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 2000, IEEE Trans. Inf. Theory.