Public-key cryptography
Computationally private information retrieval (extended abstract)
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Protecting data privacy in private information retrieval schemes
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Crowds: anonymity for Web transactions
ACM Transactions on Information and System Security (TISSEC)
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
FOCS '95 Proceedings of the 36th Annual Symposium on Foundations of Computer Science
Replication is not needed: single database, computationally-private information retrieval
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Securing traceability of ciphertexts: towards a secure software key escrow system
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of RSA with private key d less than N0:292
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Computationally private information retrieval with polylogarithmic communication
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Anonymous connections and onion routing
IEEE Journal on Selected Areas in Communications
Privacy-enhanced superdistribution of layered content with trusted access control
Proceedings of the ACM workshop on Digital rights management
| Hi-index | 0.00 |
The Internet creates many new threats to personal privacy and raises some unique privacy concerns. In this paper we study the problem of how to protect users' privacy in web transactions of digital products. In particular, we introduce a system which (1) allows a user to disclose his/her identity information (such as user account or credit card number) to a web site in exchange for a digital product, but (2) prevents the web site from learning which specific product the user intends to obtain. The problem concerned here is orthogonal to the problem of anonymous transactions [M. Reed, P. Syverson, D. Goldschag, Anonymous connections and Onion Routing, IEEE Journal of Selected Areas in Communication 16 (4) (1998) 482-494; M. Reiter, A. Rubin, Crowds: anonymity for web transactions, ACM Transactions on Information System Security, 1 (1) (1998) 66-92] but commensurate with the general problem of PIR (private information retrieval) [B. Chor, O. Goldreich, E. Kushilevita, M. Sudan, Private information retrieval, in: Proceedings of 36th FOCS, 1995, pp. 41-50; B. Chor, N. Gilboa, Computational private information retrieval, in: Proceedings of 29th STOC, 1997, pp. 304-313]. Most of the existing results in PIR, however, are theoretical in nature and can not be applied in practice due to their huge communication and computational overheads. In the present paper, we introduce two practical solutions that satisfy the above two requirements and analyze their security and performance. Another issue we study in this paper is how to recover sales statistics data in our user privacy-protected system. We present a novel solution to the problem along with its security analysis.