Privacy-Friendly Checking of Remote Token Blacklists

  • Roel Peeters
  • Andreas Pashalidis
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 396)


Consulting a remote blacklist as part of verifying a token should not come at the cost of privacy. In particular, the blacklist provider should be unable to identify which tokens are being verified. The contents of the blacklist should also be protected; that is, it should not be possible to learn the contents of the blacklist, for example by querying the blacklist provider a large number of times. This paper defines a range of desirable properties for privacy preserving blacklist checking protocols, and surveys existing technical solutions to this problem. We propose adaptations where appropriate, and provide concrete performance estimates for the use case of checking whether or not a passport has been reported lost or stolen.


Blind Signature User Privacy Oblivious Transfer Protocol Execution Private Information Retrieval 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Yearly Report on Algorithms and Keysizes (2011), D.SPA.17 Rev. 1.0. Technical report, ICT-2007-216676 ECRYPT II (June 2011)Google Scholar
  2. 2.
    Chor, B., Gilboa, N., Naor, M.: Private information retrieval by keywords. Cryptology ePrint Archive, Report 1998/003 (1998),
  3. 3.
    De Cristofaro, E., Jarecki, S., Kim, J., Tsudik, G.: Privacy-Preserving Policy-Based Information Transfer. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 164–184. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    De Cristofaro, E., Tsudik, G.: Practical Private Set Intersection Protocols with Linear Complexity. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 143–159. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    De Cristofaro, E., Tsudik, G.: Experimenting with Fast Private Set Intersection. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 55–73. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    De Cristofaro, E., Tsudik, G.: On the performance of certain private set intersection protocols. Cryptology ePrint Report 2012/054 (2012),
  7. 7.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Freedman, M.J., Nissim, K., Pinkas, B.: Efficient Private Matching and Set Intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Hohenberger, S., Weis, S.A.: Honest-Verifier Private Disjointness Testing Without Random Oracles. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 277–294. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Huang, Y., Evans, D., Katz, J.: Private set intersection: Are garbled circuits better than custom protocols? In: Proceedings of the NDSS 2012. IEEE (2012)Google Scholar
  11. 11.
    International Civil Aviation Organization. Document 9303, vol. 2, pt. 1 (2006)Google Scholar
  12. 12.
    Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Motiwalla, J., Tsudik, G. (eds.) CCS 1999, Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore, November 1-4, pp. 28–36 (1999)Google Scholar
  13. 13.
    Kiayias, A., Mitrofanova, A.: Testing Disjointness of Private Datasets. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 109–124. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Li, N., Du, W., Boneh, D.: Oblivious signature-based envelope. Distributed Computing 17(4), 293–302 (2005)CrossRefGoogle Scholar
  15. 15.
    Naor, M., Pinkas, B.: Oblivious Transfer with Adaptive Queries. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 573–590. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Narasimha, M., Solis, J., Tsudik, G.: Privacy-Preserving Revocation Checking. Int. J. Inf. Secur. 8(1), 61–75 (2009)CrossRefGoogle Scholar
  17. 17.
    Nasserian, S., Tsudik, G.: Revisiting Oblivious Signature-Based Envelopes. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 221–235. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Ogata, W., Kurosawa, K.: Oblivious keyword search. Journal of Complexity - Special issue on coding and cryptography 20(2-3), 356–371 (2004)MathSciNetzbMATHGoogle Scholar
  19. 19.
    Solis, J., Tsudik, G.: Simple and Flexible Revocation Checking with Privacy. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 351–367. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Ye, Q., Wang, H., Pieprzyk, J., Zhang, X.-M.: Efficient Disjointness Tests for Private Datasets. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 155–169. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Ye, Q., Wang, H., Pieprzyk, J., Zhang, X.-M.: Unconditionally secure disjointness tests for private datasets. IJACT 1(3), 225–235 (2009)MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Roel Peeters
    • 1
  • Andreas Pashalidis
    • 1
  1. 1.ESAT/SCD - COSIC & iMindsKU LEUVENHeverleeBelgium

Personalised recommendations