Optimal Key-Trees for Tree-Based Private Authentication

  • Levente Buttyán
  • Tamás Holczer
  • István Vajda
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4258)


Key-tree based private authentication has been proposed by Molnar and Wagner as a neat way to efficiently solve the problem of privacy preserving authentication based on symmetric key cryptography. However, in the key-tree based approach, the level of privacy provided by the system to its members may decrease considerably if some members are compromised. In this paper, we analyze this problem, and show that careful design of the tree can help to minimize this loss of privacy. First, we introduce a benchmark metric for measuring the resistance of the system to a single compromised member. This metric is based on the well-known concept of anonymity sets. Then, we show how the parameters of the key-tree should be chosen in order to maximize the system’s resistance to single member compromise under some constraints on the authentication delay. In the general case, when any member can be compromised, we give a lower bound on the level of privacy provided by the system. We also present some simulation results that show that this lower bound is quite sharp. The results of this paper can be directly used by system designers to construct optimal key-trees in practice; indeed, we consider this as the main contribution of our work.


Springer LNCS Authentication Delay Privacy Enhance Technology Automate Fare Collection Potential Prover 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in RFID systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)Google Scholar
  3. 3.
    Camenisch, J., Lysyanskaya, A.: A Efficient Non-transferable Anonymous Multi-show Credential System with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Chaum, D.: The Dining Cryptographers Problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1(1), 65–75 (1988)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
  7. 7.
    IKE, The Internet Key Exchange, RFC 2409,
  8. 8.
    ISO 9798-2. Mechanisms using symmetric encipherment algorithms,
  9. 9.
    Juels, A.: RFID security and privacy: a research survey. manuscript, condensed version will appear in the IEEE Journal on Selected Areas in Communication (September 2005)Google Scholar
  10. 10.
  11. 11.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: Proceedings of the ACM Conference on Computer and Communications Security (2004)Google Scholar
  12. 12.
    Nohara, Y., Inoue, S., Baba, K., Yasuura, H.: Quantitative Evaluation of Unlinkable ID Matching Schemes. In: Workshop on Privacy in the Electronic Society, WPES (2005)Google Scholar
  13. 13.
    Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability and pseudonymity – a proposal for terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Proceedings of the Privacy Enhancing Technologies (PET) Workshop. LNCS, Springer, Heidelberg (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Levente Buttyán
    • 1
  • Tamás Holczer
    • 1
  • István Vajda
    • 1
  1. 1.Laboratory of Cryptography and System Security (CrySyS), Department of TelecommunicationsBudapest University of Technology and EconomicsHungary

Personalised recommendations