How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Divertible zero knowledge interactive proofs and commutative random self-reducibility
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
CRYPTO '89 Proceedings on Advances in cryptology
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
ISEC '01 Proceedings of the Second International Symposium on Topics in Electronic Commerce
Secure PC-Franking for Everyone
EC-WEB '00 Proceedings of the First International Conference on Electronic Commerce and Web Technologies
Co-operatively Formed Group Signatures
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Extensions of Single-term Coins
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
Untraceable Off-line Cash in Wallets with Observers (Extended Abstract)
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
New Generation of Secure and Practical RSA-Based Signatures
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Fair Off-Line e-cash Made Easy
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Payment technologies for E-commerce
Anonymous credentials with biometrically-enforced non-transferability
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Universally Composable Multi-party Computation Using Tamper-Proof Hardware
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Ripping coins for a fair exchange
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Refundable electronic cash for mobile commerce
HSI'03 Proceedings of the 2nd international conference on Human.society@internet
A practical system for globally revoking the unlinkable pseudonyms of unknown users
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
David and Goliath commitments: UC computation for asymmetric parties using tamper-proof hardware
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Group signatures are suitable for constrained devices
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Founding cryptography on tamper-proof hardware tokens
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
| Hi-index | 0.00 |
Wallets with observers were suggested by David Ghaum and have previously been described in [Ch92] and [CP92]. These papers argue that a particular combination of a tamper-resistant-unit and a small computer controlled by the user is very suitable as a personal device in consumer transaction systems. Using such devices, protocols are constructed that, simultaneously, achieve high levels of security for organizations and anonymity for individual users. The protocols from [CP92] offer anonymity to users, under the assumption that the information stored by observers is never revealed to the outside world.This paper extends [CP92] by defining additional requirements for the protocols which make it impossible to trace the behaviour of individuals in the system if one is also allowed to analyse a posteriori the information observers can collect. We propose two protocols satisfying our requirements, thus achieving a higher degree of privacy for individuals. This extra level of privacy is obtained at essentially no cost as the new protocols have the same complexity as those previously proposed.