A secure and privacy-protecting protocol for transmitting personal information between organizations
Proceedings on Advances in cryptology---CRYPTO '86
Elections with unconditionally-secret ballots and disruption equivalent to breaking RSA
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Special Uses and Sbuses of the Fiat-Shamir Passport Protocol
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
How to generate and exchange secrets
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
A "Paradoxical" Solution To The Signature Problem
SFCS '84 Proceedings of the 25th Annual Symposium onFoundations of Computer Science, 1984
Strong loss tolerance of electronic coin systems
ACM Transactions on Computer Systems (TOCS)
Design and implementation of the idemix anonymous credential system
Proceedings of the 9th ACM conference on Computer and communications security
Flow Control: A New Approach for Anonymity Control in Electronic Cash Systems
FC '99 Proceedings of the Third International Conference on Financial Cryptography
Security analysis and fix of an anonymous credential system
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Hi-index | 0.00 |
Payment systems and credential mechanisms are protocols allowing individuals to conduct a wide range of financial and social activities while preventing even infinitely powerful and cooperating organizations from monitoring these activities. These concepts were invented and first studied by David Chaum.Clearly, such systems must also be secure against abuse by individuals (prevent them from showing credentials that have not been issued to them, etc.). In this work, we present constructions for which we can prove, that no individual can cheat successfully, unless he possesses an algorithm that contradicts a single plausible intractability assumption. This can be done while maintaining the unconditional security against abuse by organizations.Our constmction will work using any general two-party computation protocol with unconditional privacy for one party, and any signature scheme secure against adaptive chosen message attacks (these concepts are explained in more detail later). From the signature scheme by Bellare and Micali [BeMi] and the multiparty computation protocol by Chaum, Damg氓rd and van de Graaf [ChDaGr], it will be clear that both requirements can be met if pairs of claw free functions and trapdoor one-way permutations exist. This, in turn, is satisfied, for example if factoring Blum integers is a hard problem.For credential mechanisms, we obtain an additional advantage over one earlier proposals [ChEv], where a center trusted by the organizations (but not by individuals) was needed. This center possessed a "master" secret allowing it to issue all types of credentials supported by the system. Moreover, the center had to be on-line permanently. In our construction, only an off-line center is needed, which only has to be trusted as far as validating the identity of each individual is concerned. Only organizations authorized to issue a given type of credential have the ability to compute them.