Revocable Privacy: Principles, Use Cases, and Technologies

  • Wouter Lueks
  • Maarten H. Everts
  • Jaap-Henk Hoepman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9484)


Security and privacy often seem to be at odds with one another. In this paper, we revisit the design principle of revocable privacy which guides the creation of systems that offer anonymity for people who do not violate a predefined rule, but can still have consequences for people who do violate the rule. We first improve the definition of revocable privacy by considering different types of sensors for users’ actions and different types of consequences of violating the rules (for example blocking). Second, we explore some use cases that can benefit from a revocable privacy approach. For each of these, we derive the underlying abstract rule that users should follow. Finally, we describe existing techniques that can implement some of these abstract rules. These descriptions not only illustrate what can already be accomplished using revocable privacy, they also reveal directions for future research.


License Plate Abstract Rule Interactive Sensor Group Signature Scheme Suspicious Behavior 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Au, M.H., Chow, S.S.M., Susilo, W.: Short E-cash. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 332–346. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Biskup, J., Flegel, U.: Transaction-based pseudonyms in audit data for privacy respecting intrusion detection. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 24–48. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bogdanov, D., Jõemets, M., Siim, S., Vaht, M.: How the Estonian tax and customs board evaluated a tax fraud detection system based on secure multi-party computation. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 227–234. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  4. 4.
    Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic n-times anonymous authentication. In: Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) CCS 2006, pp. 201–210. ACM (2006)Google Scholar
  5. 5.
    Camenisch, J.L., Hohenberger, S., Lysyanskaya, A.: Compact E-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO 1982, pp. 199–203. Plenum Press, New York (1982)Google Scholar
  7. 7.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  8. 8.
    Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: the second-generation onion router. In: Blaze, M. (ed.) USENIX 2004, pp. 303–320. USENIX (2004)Google Scholar
  9. 9.
    Ghadafi, E.: Efficient distributed tag-based encryption and its application to group signatures with efficient distributed traceability. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 327–347. Springer, Heidelberg (2015)Google Scholar
  10. 10.
    Henry, R., Goldberg, I.: Thinking inside the BLAC box: smarter protocols for faster anonymous blacklisting. In: Sadeghi, A., Foresti, S. (eds.) WPES 2013, pp. 71–82. ACM (2013)Google Scholar
  11. 11.
    Hoepman, J.H.: Revocable privacy. ENISA Q. Rev. 5(2), 16–17 (2009)Google Scholar
  12. 12.
    Hoepman, J., Galindo, D.: Non-interactive distributed encryption: a new primitive for revocable privacy. In: Chen, Y., Vaidya, J. (eds.) WPES 2011, pp. 81–92. ACM (2011)Google Scholar
  13. 13.
    Lueks, W., Everts, M.H., Hoepman, J.H.: Revocable Privacy 2012 - use cases. Technical report. 35627, TNO (2012)Google Scholar
  14. 14.
    Lueks, W., Hoepman, J.-H., Kursawe, K.: Forward-secure distributed encryption. In: De Cristofaro, E., Murdoch, S.J. (eds.) PETS 2014. LNCS, vol. 8555, pp. 123–142. Springer, Heidelberg (2014)Google Scholar
  15. 15.
    Schneier, B.: What Our Top Spy Doesn’t Get: Security and Privacy Aren’t Opposites. Wired, January 2008Google Scholar
  16. 16.
    Sound Intelligence: Sigard, aggression detection. Accessed 31 May 2015
  17. 17.
    Stadler, M.: Cryptographic Protocols for Revocable Privacy. Ph.D. thesis, Swiss Federal Institute of Technology, Zürich (1996)Google Scholar
  18. 18.
    Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: Blacklistable anonymous credentials: blocking misbehaving users without TTPs. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) CCS 2007, pp. 72–81. ACM (2007)Google Scholar
  19. 19.
    Tsang, P.P., Kapadia, A., Cornelius, C., Smith, S.W.: Nymble: blocking misbehaving users in anonymizing networks. IEEE Trans. Dependable Sec. Comput. 8(2), 256–269 (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Wouter Lueks
    • 1
  • Maarten H. Everts
    • 2
  • Jaap-Henk Hoepman
    • 1
  1. 1.Radboud UniversityNijmegenThe Netherlands
  2. 2.TNO, Netherlands Organisation for Applied Scientific ResearchThe HagueThe Netherlands

Personalised recommendations