Universally Unique Identifiers: How To Ensure Uniqueness While Protecting The Issuer's Privacy

Universally Unique Identifiers (UUIDs) - standardized in ISO/IEC 9834-8:2005 - are widely used to uniquely identify entities in modern IT-systems. Apart from what promised in the standard, UUIDs are not guaranteed to be unique while preserving the is- suer's privacy. In this paper we introduce a novel con- cept called collision-free number generation that can be used to locally generate UUIDs which are provably glob- ally unique. Moreover, if the presented technique is in- stanced carefully, a poly-bounded adversary is not able to efficiently identify the issuer of a UUID. Our ap- proach is efficient in terms of communication, time and space. As a by-product, it can be applied in other areas where collisions have to be avoided (e.g. key generation, pseudonym systems and interactive proofs).

[1]  Elaine B. Barker,et al.  A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[2]  Abraham Bookstein,et al.  Cryptography: A new dimension in computer data security ? and ?. Wiley-Interscience, New York (1982). xxi + 775 pp., $43.95. ISBN 0471-04892-5. , 1985 .

[3]  Rich Salz,et al.  A Universally Unique IDentifier (UUID) URN Namespace , 2005, RFC.

[4]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5]  Chris Stanford Security tokens , 1992 .

[6]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[7]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[8]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[9]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[10]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[11]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[12]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[13]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[14]  John M. DeLaurentis,et al.  A Further Weakness in the Common Modulus Protocol for the RSA Cryptoalgorithm , 1984, Cryptologia.

[15]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[16]  Patrick Horster Dublettenfreie Schlüsselgenerierung durch isolierte Instanzen , 1998 .

[17]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[18]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[19]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.