A Practical System for Globally Revoking the Unlinkable Pseudonyms of Unknown Users

  • Stefan Brands
  • Liesje Demuynck
  • Bart De Decker
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4586)


We propose the first single sign-on system in which a user can access services using unlinkable digital pseudonyms that can all be revoked in case she abuses any one service. Our solution does not rely on key escrow: a user needs to trust only her own computing device with following our protocols in order to be assured of the unconditional untraceability and unlinkability of her pseudonyms. Our solution involves two novel ingredients: a technique for invisibly chaining the user’s pseudonyms such that all of them can be revoked on the basis of any one of them (without knowing the user’s identity with the issuer) and a sublinear-time proof that a committed value is not on a list without revealing additional information about the value. Our solution is highly practical.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bangerter, E., Camenisch, J., Lysyanskaya, A.: A cryptographic framework for the controlled release of certified data. In: IWSP (2004)Google Scholar
  2. 2.
    Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  3. 3.
    Brands, S.: Untraceable off-line cash in wallets with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Brands, S., Demuynck, L., De Decker, B.: A pract. system for globally revoking the unlinkable pseudonyms of unknown users. Technical report, K.U.Leuven (2006)Google Scholar
  5. 5.
    Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)Google Scholar
  6. 6.
    Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: ACM Conference on Computer and Communications Security, pp. 132–145 (2004)Google Scholar
  7. 7.
    Brickell, E.F., Gemmell, P., Kravitz, D.W.: Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In: SODA (1995)Google Scholar
  8. 8.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, Springer, Heidelberg (2001)Google Scholar
  9. 9.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Camenisch, J., Maurer, U.M., Stadler, M.: Digital payment systems with passive anonymity-revoking trustees. Journal of Computer Security 5(1), 69–90 (1997)Google Scholar
  11. 11.
    Camenisch, J.: Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. PhD thesis, ETH Zurich (1998)Google Scholar
  12. 12.
    Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact e-cash. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)Google Scholar
  13. 13.
    Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)Google Scholar
  14. 14.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)Google Scholar
  15. 15.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)Google Scholar
  16. 16.
    Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO ( 1982)Google Scholar
  17. 17.
    Chaum, D., Pedersen, T.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, Springer, Heidelberg (1993)Google Scholar
  18. 18.
    Chaum, D.: Blind signature system. In: CRYPTO, p. 153 (1983)Google Scholar
  19. 19.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  20. 20.
    Cramer, R., Pedersen, T.P.: Improved privacy in wallets with observers (extended abstract). In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 329–343. Springer, Heidelberg (1994)Google Scholar
  21. 21.
    Damgård, I.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418–430. Springer, Heidelberg (2000)Google Scholar
  22. 22.
    Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. 23.
    George, I.: Davida, Yair Frankel, Yiannis Tsiounis, and Moti Yung. Anonymity control in e-cash systems. In: Financial Cryptography, pp. 1–16 (1997)Google Scholar
  24. 24.
    Jakobsson, M., Yung, M.: Distributed ”magic ink” signatures. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 450–464. Springer, Heidelberg (1997)Google Scholar
  25. 25.
    Lipmaa, H.: Statistical zero-knowledge proofs from diophantine equationsGoogle Scholar
  26. 26.
    Nguyen, L.: Accumulators from bilin. pairings and applications. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, Springer, Heidelberg (2005)Google Scholar
  27. 27.
    Stadler, M., Piveteau, J.-M., Camenisch, J.: Fair blind signatures. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 209–219. Springer, Heidelberg (1995)Google Scholar
  28. 28.
    Wei, V.K.: More compact e-cash with efficient coin tracing. Cryptology ePrint Archive, Report 2005/411 (2005), http://eprint.iacr.org/

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Stefan Brands
    • 1
  • Liesje Demuynck
    • 2
  • Bart De Decker
    • 2
  1. 1.Credentica & McGill School of Comp. Science, 1010 Sherbrooke St. W., Suite 1800, Montreal, QC,H3A 2R7Canada
  2. 2.K.U.Leuven, Department of Computer Science, Celestijnenlaan 200A, B-3001 HeverleeBelgium

Personalised recommendations