# Privacy-Preserving Observation in Public Spaces

## Abstract

One method of privacy-preserving accounting or billing in cyber-physical systems, such as electronic toll collection or public transportation ticketing, is to have the user present an encrypted record of transactions and perform the accounting or billing computation securely on them. Honesty of the user is ensured by spot checking the record for some selected surveyed transactions. But how much privacy does that give the user, i.e. how many transactions need to be surveyed? It turns out that due to collusion in mass surveillance
*all*
transactions need to be observed, i.e. this method of spot checking provides no privacy at all. In
this paper we present a cryptographic solution to the spot checking problem in cyber-physical systems.
Users carry an authentication device that authenticates only based on fair random coins. The probability
can be set high enough to allow for spot checking, but in all other cases privacy is perfectly preserved.
We analyze our protocol for computational efficiency and show that it can be efficiently implemented
even on platforms with limited computing resources, such as smart cards and smart phones.

## Keywords

Smart Card Road Segment Oblivious Transfer Collusion Attack Spot Check## Supplementary material

## References

- 1.Aiello, W., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 119. Springer, Heidelberg (2001)CrossRefGoogle Scholar
- 2.Balasch, J., Rial, A., Troncoso, C., Preneel, B., Verbauwhede, I., Geuens, C.: PrETP: privacy-preserving electronic toll pricing. In: Proceedings of the 19th USENIX Security Symposium (2010)Google Scholar
- 3.Brassard, G., Crépeau, C., Robert, J.M.: All-or-nothing disclosure of secrets. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 234–238. Springer, Heidelberg (1987)CrossRefGoogle Scholar
- 4.Catrina, O., Kerschbaum, F.: Fostering the uptake of secure multiparty computation in e-commerce. In: Proceedings of the International Workshop on Frontiers in Availability, Reliability and Security (FARES) (2008)Google Scholar
- 5.Dreier, J., Kerschbaum, F.: Practical privacy-preserving multiparty linear programming based on problem transformation. In: Proceedings of the 3rd IEEE International Conference on Privacy, Security, Risk and Trust (PASSAT) (2011)Google Scholar
- 6.El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
- 7.Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM
**28**(6), 637–647 (1985) MathSciNetCrossRefzbMATHGoogle Scholar - 8.Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
- 9.Green, M., Hohenberger, S.: Blind identity-based encryption and simulatable oblivious transfer. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 265–282. Springer, Heidelberg (2007)CrossRefGoogle Scholar
- 10.Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004)CrossRefGoogle Scholar
- 11.Heydt-Benjamin, T.S., Chae, H.-J., Defend, B., Fu, K.: Privacy for public transportation. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 1–19. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 12.Y. Hu.: Improving the efficiency of homomorphic encryption schemes. Ph.D thesis, Worcester Polytechnic Institute (2013)Google Scholar
- 13.Kerschbaum, F.: Building a privacy-preserving benchmarking enterprise system. Enterp. Inf. Syst.
**2**(4), 421–441 (2008) CrossRefGoogle Scholar - 14.Kerschbaum, F.: A verifiable, centralized, coercion-free reputation system. In: Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society (WPES) (2009)Google Scholar
- 15.Kerschbaum, F.: Outsourced private set intersection using homomorphic encryption. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communication Security (ASIACCS) (2012)Google Scholar
- 16.Kerschbaum, F., Dahlmeier, D., Schrpfer, A., Biswas, D.: On the practical importance of communication complexity for secure multi-party computation protocols. In: Proceedings of the 24th ACM Symposium on Applied Computing (SAC) (2009)Google Scholar
- 17.Kerschbaum, F., Lim, H.W., Gudymenko, I.: Privacy-preserving billing for e-ticketing systems in public transportation. In: Proceedings of the 12th Annual ACM Workshop on Privacy in the Electronic Society (WPES) (2013)Google Scholar
- 18.Kerschbaum, F., Terzidis, O.: Filtering for private collaborative benchmarking. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 409–422. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 19.Kerschbaum, F., Oertel, N.: Privacy-preserving pattern matching for anomaly detection in RFID anti-counterfeiting. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 124–137. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- 20.Kilian, J.: Founding crytpography on oblivious transfer. In: Proceedings of the 20th ACM Symposium on Theory of Computing (STOC) (1988)Google Scholar
- 21.Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Enhancing location privacy for electric vehicles (at the
*Right*time). In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 397–414. Springer, Heidelberg (2012) CrossRefGoogle Scholar - 22.Meiklejohn, S., Mowery, K., Checkoway, S., Shacham, H.: The phantom tollbooth: privacy-preserving electronic toll collection in the presence of driver collusion. In: Proceedings of the 20th USENIX Security Symposium (2011)Google Scholar
- 23.MIRACL - Benchmarks and Subs. Certivox Developer Community (2014). https://certivox.org/display/EXT/Benchmarks+and+Subs
- 24.Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 223. Springer, Heidelberg (1999)CrossRefGoogle Scholar
- 25.Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
- 26.Popa, R.A., Balakrishnan, H., Blumberg, A.J.: VPriv: protecting privacy in location-based vehicular services. In: Proceedings of the 18th USENIX Security Symposium (2009)Google Scholar
- 27.Rabin, M.: How to exchange secrets by oblivious transfer. Technical Memo TR-81, Aiken Computation Laboratory (1981)Google Scholar
- 28.Sadeghi, A., Visconti, I., Wachsmann, C.: User privacy in transport systems based on RFID e-tickets. In: Proceedings of the 1st International Workshop on Privacy in Location-Based Applications (PilBA) (2008)Google Scholar
- 29.Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar
- 30.Schröpfer, A., Kerschbaum, F., Müller, G.: L1-an intermediate language for mixed-protocol secure computation. In: Proceedings of the 35th IEEE Computer Software and Applications Conference (COMPSAC) (2011)Google Scholar
- 31.Uhsadel, L., Poschmann, A., Paar, C.: Enabling full-size public-key algorithms on 8-bit sensor nodes. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 73–86. Springer, Heidelberg (2007)CrossRefGoogle Scholar
- 32.Wenger, E., Unterluggauer, T., Werner, M.: 8/16/32 Shades of elliptic curve cryptography on embedded processors. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 244–261. Springer, Heidelberg (2013)CrossRefGoogle Scholar