Anonymous Authentication of Membership in Dynamic Groups
We present a series of protocols for authenticating an in- dividual’s membership in a group without revealing that individual’s identity and without restricting how the membership of the group may be changed. In systems using these protocols a single message to the authenticator may be used by an individual to replace her lost key or by a trusted third party to add and remove members of the group. Ap- plications in electronic commerce and communication can thus use these protocols to provide anonymous authentication while accommodating frequent changes in membership. We build these protocols on top of a new primitive: the verifiably common secret encoding. We show a con- struction for this primitive, the security of which is based on the existence of public-key cryptosystems capable of securely encoding multiple mes- sages containing the same plaintext. Because the size of our construct grows linearly with the number of members in the group, we describe techniques for partitioning groups to improve performance.
Keywordsanonymity authentication key replacement identification verifiably common secret encoding
Unable to display preview. Download preview PDF.
- 1.Anonymizer, Inc., http://www.anonymizer.com
- 2.M. Blum and S. Goldwasser, “An Efficient Probabilistic Public-Key Encryption Scheme which Hides All Partial Information,” Advances of Cryptology-CRYPTO’ 84 Proceedings, Springer-Verlag, pp. 289–299.Google Scholar
- 3.J. Camenisch and M. Stadler, “Efficient Group Signature Schemes for Large Groups,” Advances in Cryptology-CRYPTO’ 97 Proceedings, Springer-Verlag, v. 1294, pp. 410–424Google Scholar
- 6.D. Chaum, A. Fiat, and M. Naor, “Untraceable Electronic Cash,” Advances in Cryptology-CRYPTO’ 88 Proceedings, Springer-Verlag, pp. 319–327.Google Scholar
- 7.D. Chaum and E. van Heyst, “Group signatures,” Advances in Cryptology-EUROCRYPT’ 91 Proceedings, Springer-Verlag, pp. 257–265.Google Scholar
- 9.R. Cramer, I. Damgard, B. Schoenmakers, “Proofs of partial knowledge and simplified design of witness hiding protocols,” Advances in Cryptology-CRYPTO’ 94 Proceedings, pp.174–187.Google Scholar
- 10.A. De Santis, G. Di Crescenzo, G. Persiano, “Communication-efficient anonymous group identification,” 5th ACM Conference on Computer and Communications Security, November 1998, pp.73–82.Google Scholar
- 11.A. De Santis, G. Di Crescenzo, G. Persiano, M. Yung, “On monotone formula closure of SZK,” FOCS’ 94.Google Scholar
- 13.J. Hastad and A. Shamir, “On Using RSA with Low Exponent in a Public Key Network,” Advances in Cryptology-CRYPTO’ 85 Proceedings, Springer-Verlag, pp.403–408.Google Scholar
- 15.J. Kilian and E. Petrank, “Identity Escrow,” Advances in Cryptology-CRYPTO’ 98 Proceedings, Springer-Verlag, pp.167–185.Google Scholar
- 16.M. Reed, P. Syverson, and D. Goldschlag, “Anonymous Connections and Onion Routing,” IEEE Journal on Selected Areas in Communication Special Issue on Copyright and Privacy Protection, 1998.Google Scholar
- 17.M. Reiter and A. Rubin, “Crowds: Anonymity for Web Transactions” DIMACS Technical Report 97-15, Apr 1997.Google Scholar
- 18.P. Syverson, S. Stubblebine, and D. Goldschlag. “Unlinkable Serial Transactions,” Financial Cryptography’ 97, Feb 1997.Google Scholar
- 19.The Wall Street Journal Online, http://www.wsj.com.