Linking Anonymous Transactions: The Consistent View Attack

  • Andreas Pashalidis
  • Bernd Meyer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4258)


In this paper we study a particular attack that may be launched by cooperating organisations in order to link the transactions and the pseudonyms of the users of an anonymous credential system. The results of our analysis are both positive and negative. The good (resp. bad) news, from a privacy protection (resp. evidence gathering) viewpoint, is that the attack may be computationally intensive. In particular, it requires solving a problem that is polynomial time equivalent to ALLSAT . The bad (resp. good) news is that a typical instance of this problem may be efficiently solvable.


Polynomial Time Boolean Circuit Information Security Management Polynomial Time Reduction Setup Algorithm 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates — Building in Privacy. The MIT Press, Cambridge, Massachusetts (2000)Google Scholar
  2. 2.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Chaum, D.: Showing credentials without identification: Transferring signatures between unconditionally unlinkable pseudonyms. In: Seberry, J., Pieprzyk, J.P. (eds.) AUSCRYPT 1990. LNCS, vol. 453, pp. 246–264. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  5. 5.
    Chen, L.: Access with pseudonyms. In: Dawson, E., Golic, J.D. (eds.) Cryptography: Policy and Algorithms, International Conference, Proceedings, Brisbane, Queensland, Australia, July 3-5. LNCS, vol. 1029, pp. 232–243. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  6. 6.
    Damgård, I.B.: Payment systems and credential mechanisms with provable security against abuse by individuals. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 328–335. Springer, Heidelberg (1990)Google Scholar
  7. 7.
    Jin, H., Somenzi, F.: Prime clauses for fast enumeration of satisfying assignments to boolean circuits. In: DAC 2005: Proceedings of the 42nd Annual Conference on Design Automation, pp. 750–753. ACM Press, New York (2005)CrossRefGoogle Scholar
  8. 8.
    Kesdogan, D., Agrawal, D., Penz, S.: Limits of anonymity in open environments. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 53–69. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Mano, M.: Digital Design, 3rd edn. Prentice-Hall, Englewood Cliffs (2001)Google Scholar
  11. 11.
    Pashalidis, A., Mitchell, C.J.: A security model for anonymous credential systems. In: J., S., Deswarte, Y., Cuppens, F., Wang, L. (eds.) Information Security Management, Education and Privacy, Proceedings of the 3rd Working Conference on Privacy and Anonymity in Networked and Distributed Systems (I-NetSec 2004), August 2004, pp. 183–199. Kluwer Academic Publishers, Dordrecht (2004)Google Scholar
  12. 12.
    Persiano, G., Visconti, I.: An efficient and usable multi-show non-transferable anonymous credential system. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 196–211. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Sipser, M.: Introduction to the Theory of Computation. PWS Publishing Company (1997)Google Scholar
  14. 14.
    Steinbrecher, S., Köpsell, S.: Modelling unlinkability. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 32–47. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Verheul, E.R.: Self-blindable credential certificates from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 533–551. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Zhang, L., Malik, S.: The quest for efficient boolean satisfiability solvers. In: Voronkov, A. (ed.) CADE 2002. LNCS (LNAI), vol. 2392, pp. 295–313. Springer, Heidelberg (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Andreas Pashalidis
    • 1
  • Bernd Meyer
    • 1
  1. 1.Siemens AG, Corporate TechnologyMunichGermany

Personalised recommendations