Cryptography and Information Security Group Research
Project: Anonymity in Cryptographic Protocols
Maintaining user anonymity is desirable in a variety of electronic
commerce applications. For example, if you were to vote
electronically, you probably would not want anyone to know the candidate
for whom you voted; or if you were to use electronic cash to purchase
a product, you may not want your identity to be known since this information
could be used to trace your spending patterns, and perhaps spam you with
junk mail. Although achieving anonymity can be an important design criterion
in cryptographic systems, it comes at a cost. If the systems are not carefully
designed, the overall security of the system could be compromised.
Our goal is to develop mathematical techniques that enable anonymity in
cryptographic systems without compromising the security. Recent
results include the design of Pseudonym Systems and the construction of
Group Blind Digital Signatures.
Pseudonym Systems.
Pseudonym systems allow users to interact with
multiple organizations anonymously, using pseudonyms. The pseudonyms
cannot be linked, but are formed in such a way that a user can prove to
one organization a statement about his relationship with another. Such
a statement is called a credential. Previous work in this area did not
protect the system agains dishonest users who collectively use their
pseudonyms and credientials, i.e. share an identity. Previous practical
schemes also relied heavily on the involvement of a trusted center.
We provide a formal definition of pseudonym systems where
users are motivated not to share their identity, and in which the trusted
center's involvement is minimal. We give theoretical constructions for
such systems based on any one-way function. We also suggest an efficient
and easy to implement practical scheme.
Relevant Papers:
Anna Lysyanskaya, Ronald L. Rivest, Amit Sahai, Stefan Wolf.
Pseudonym
Systems
Group Blind Digital Signatures.
We introduce a new cryptographic construct called a Group Blind Digital Signature.
This construct combines the already existing notions of a Group Digital
Signature and a Blind Digital Signature. A group blind
signature allows individual members of a possibly large group to
digitally sign a message on behalf of the entire group in a cryptographically
secure manner. In addition to being hard to forge, the resulting digital
signatures are anonymous and unlinkable, and only a pre-specified group
manager can determine the identity of the signer. Finally, the signatures
have a blindness property, so if the signer later sees a message he has signed,
he will not be able to determine when or for whom he signed it. Group Blind
Digital Signatures are useful for various aspects of electronic commerce.
In particular, through the use of such signatures we can design protocols for
secure distributed electronic banking, and secure online voting with multiple
voting centers. We show, for the first time, how to construct such signatures based on number-theoretic assumptions. We also examine the implications to Electronic Cash and
Online Voting.
Relevant Papers:
Anna Lysyanskaya, Zulfikar Ramzan.
Group Blind Digital
Signatures: A Scalable Solution to Electronic Cash. In Ray Hirschfeld, Editor
Proceedings of the Second International Conference on Financial
Cryptography 1998, Lecture Notes in Computer Science, Volume 1465,
Springer Verlag, Berlin.
A more thorough and extensive treatment of the above paper can be obtained from: