Anonymous Evaluation System

  • Kamil Kluczniak
  • Lucjan Hanzlik
  • Przemysław Kubiak
  • Mirosław Kutyłowski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9408)


We present a pragmatic evaluation system, where privacy of each evaluator is guaranteed in a cryptographic way. Each evaluation report is signed with a domain signature that is related to the anonymous signer and to the evaluation subject in the way that (a) a given user cannot appear under different pseudonym for a given evaluation subject (no Sybil attack possible), (b) it is infeasible to decide whether the signatures for different subjects have been created by the same evaluator, (c) each evaluator holds a single private key.

Unlike available anonymous credential systems and domain signatures proposed so far, our scheme is based on standard operations available on most cryptographic smart cards and easy to implement in the scenarios where the set of evaluators is determined. We describe one application scenario – a university evaluation system with courses feedback from the students.


Anonymity Authentication Domain specific pseudonym Digital signature Unlinkability White list 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    European Parliament and of the Council: Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities L(281) (23/11/1995)Google Scholar
  2. 2.
    European Commision: Proposal for a regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (June 4, 2012).
  3. 3.
    Camenisch, J.L., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  4. 4.
    Brands, S.: Untraceable off-line cash in wallets with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994) Google Scholar
  5. 5.
    Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: Proc. ACM SIGSAC Computer & Communications Security (CCS 2013), pp. 1087–1098. ACM (2013)Google Scholar
  6. 6.
    Acar, T., Chow, S.S.M., Nguyen, L.: Accumulators and U-prove revocation. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 189–196. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  7. 7.
    Nguyen, L., Paquin, C.: U-Prove designated-verifier accumulator revocation extension. MSR-TR-2015-40, May 2015.
  8. 8.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  9. 9.
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  10. 10.
    Herranz, J., Sáez, G.: Forking lemmas for ring signature schemes. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 266–279. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  11. 11.
    Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: Domain-specific pseudonymous signatures for the german identity card. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 104–119. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  12. 12.
    Bringer, J., Chabanne, H., Lescuyer, R., Patey, A.: Efficient and strongly secure dynamic domain-specific pseudonymous signatures for ID documents. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 252–269. Springer, Heidelberg (2014) Google Scholar
  13. 13.
    BSI: Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token 2.20. Technical Guideline TR-03110-2 (2015).
  14. 14.
    Kutyłowski, M., Shao, J.: Signing with multiple ID’s and a single key. In: IEEE Consumer Communications and Networking Conference (CCNC), pp. 519–520 (2011)Google Scholar
  15. 15.
    Choi, J.Y., Golle, P., Jakobsson, M.: Auditable privacy: on tamper-evident mix networks. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 126–141. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  16. 16.
    Ateniese, G., Camenisch, J.L., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, p. 255. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  17. 17.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard java card. In: ACM Computer and Communications Security (CCS), pp. 600–610 (2009)Google Scholar
  18. 18.
    Vullers, P.: Efficient Implementations of Attribute-based Credentials on Smart Cards (2014).
  19. 19.
    Barker, E., Roginsky, A.: NIST Special Publication 800–131A - Transitioning the Use of Cryptographic Algorithms and Key Lengths. Technical report, July 2015.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Kamil Kluczniak
    • 1
  • Lucjan Hanzlik
    • 1
  • Przemysław Kubiak
    • 1
  • Mirosław Kutyłowski
    • 1
  1. 1.Faculty of Fundamental Problems of TechnologyWrocław University of TechnologyWrocławPoland

Personalised recommendations