Skip to main content
SpringerLink
Log in

User-Generated Pseudonyms Through Merkle Trees

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12703))

Included in the following conference series:

Abstract

A pseudonymisation technique based on Merkle trees is described in this paper. More precisely, by exploiting inherent properties of the Merkle trees as cryptographic accumulators, we illustrate how user-generated pseudonyms can be constructed, without the need of a third party. Each such pseudonym, which depends on several user’s identifiers, suffices to hide these original identifiers, whilst the unlinkability property between any two different pseudonyms for the same user is retained; at the same time, this pseudonymisation scheme allows the pseudonym owner to easily prove that she owns a pseudonym within a specific context, without revealing information on her original identifiers. Compared to other user-generated pseudonymisation techniques which utilize public key encryption algorithms, the new approach inherits the security properties of a Merkle tree, thus achieving post-quantum security.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 786698. The work reflects only the authors’ view and the Agency is not responsible for any use that may be made of the information it contains.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Akil, M., Islami, L., Fischer-Hübner, S., Martucci, L.A., Zuccato, A.: Privacy-preserving identifiers for IoT: a systematic literature review. IEEE Access 8, 168470–168485 (2020). https://doi.org/10.1109/ACCESS.2020.3023659

    Article  Google Scholar 

  2. Alshammari, M., Simpson, A.: Towards a principled approach for engineering privacy by design. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds.) APF 2017. LNCS, vol. 10518, pp. 161–177. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67280-9_9

    Chapter  Google Scholar 

  3. Bernstein, D.J., Lange, T.: Post-quantum cryptography. Nature 549, 188–194 (2017). https://doi.org/10.1038/nature23461

    Article  Google Scholar 

  4. Brassard, G., Høyer, P., Tapp, A.: Quantum algorithm for the collision problem. In: Kao, M.Y. (ed.) Encyclopedia of Algorithms. Springer, New York (2016). https://doi.org/10.1007/978-1-4939-2864-4_304

    Chapter  Google Scholar 

  5. Aumasson, J.-P., et al.: SPHINCS+ - submission to the 2nd round of the NIST post-quantum project. Specificatin document (2019). https://sphincs.org/data/sphincs+-round2-specification.pdf

  6. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_1

    Chapter  Google Scholar 

  7. Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_36

    Chapter  Google Scholar 

  8. Berman, P., Karpinski, M., Nekrich, Y.: Optimal trade-off for Merkle tree traversal. Theor. Comput. Sci. 372(1), 22–36 (2007). https://doi.org/10.1016/j.tcs.2006.11.029

    Article  MathSciNet  MATH  Google Scholar 

  9. Buchmann, J., Dahmen, E., Hülsing, A.: XMSS - a practical forward secure signature scheme based on minimal security assumptions. PQCrypto 2011: Post-Quantum Cryptography, pp. 117–129 (2011)

    Google Scholar 

  10. Buchmann, J.A., Butin, D., Göpfert, F., Petzoldt, A.: Post-quantum cryptography: state of the art. In: Ryan, P.Y.A., Naccache, D., Quisquater, J.-J. (eds.) The New Codebreakers. LNCS, vol. 9100, pp. 88–108. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49301-4_6

    Chapter  MATH  Google Scholar 

  11. Buchmann, J., García, L.C.C., Dahmen, E., Döring, M., Klintsevich, E.: CMSS – an improved Merkle signature scheme. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 349–363. Springer, Heidelberg (2006). https://doi.org/10.1007/11941378_25

    Chapter  Google Scholar 

  12. Chatzistefanou, V., Limniotis, K.: On the (non-)anonymity of anonymous social networks. In: Katsikas, S.K., Zorkadis, V. (eds.) e-Democracy 2017. CCIS, vol. 792, pp. 153–168. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71117-1_11

    Chapter  Google Scholar 

  13. Dworkin, M.: Recommendation for block cipher modes of operation: galois/counter mode (GCM) and GMAC. NIST Special Publication 800–38D (2007)

    Google Scholar 

  14. European Union Agency for Cybersecurity: Algorithms, key sizeand parameters report (2014). https://doi.org/10.2824/36822

  15. European Union Agency for Cybersecurity: Recommendations on shaping technology according to GDPR provisions - an overview on data pseudonymisation (2018). https://doi.org/10.2824/74954

  16. European Union Agency for Cybersecurity: Pseudonymisation Techniques and Best Practices (2019). https://doi.org/10.2824/247711

  17. European Union Agency for Cybersecurity: Data Pseudonymisation: Advanced Techniques and use cases (2021). https://doi.org/10.2824/860099

  18. Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: a survey of recent developments. ACM Comput. Surv. 42, Article 14 (2010). https://doi.org/10.1145/1749603.1749605

  19. Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In Proceedings of the 2015 IEEE Security and Privacy Workshops (SPW 2015), pp. 159–166. IEEE (2015). https://doi.org/10.1109/SPW.2015.13

  20. Huelsing, A., Butin, D. Gazdag, S.-L., Rijneveld, J., Mohaisen, A.: XMSS: eXtended Merkle Signature Scheme. RFC 8391 (2018). https://rfc-editor.org/rfc/rfc8391.txt

  21. Kandappu, T., Sivaraman, V., Boreli, R.: A novel unbalanced tree structure for low-cost authentication of streaming content on mobile and sensor devices. In: 9th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), Seoul, pp. 488–496 (2012). https://doi.org/10.1109/SECON.2012.6275816

  22. Lamport, L.: Constructing digital signatures from a one way function. Technical report SRI-CSL-98, SRI International Computer Science Laboratory (1979)

    Google Scholar 

  23. Latif, M.K., Jacinto, H.S., Daoud, L., Rafla, N.: Optimization of a quantum-secure sponge-based hash message authentication protocol. In: 2018 IEEE 61st International Midwest Symposium on Circuits and Systems (MWSCAS), Windsor, Canada, pp. 984–987 (2018). https://doi.org/10.1109/MWSCAS.2018.8623880

  24. Lehnhardt, J., Spalka, A.: Decentralized generation of multiple, uncorrelatable pseudonyms without trusted third parties. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2011. LNCS, vol. 6863, pp. 113–124. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22890-2_10

    Chapter  Google Scholar 

  25. Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-46513-8_14

    Chapter  Google Scholar 

  26. McGrew, D., Curcio, M., Fluhrer, S.: Leighton-Micali hash-based signatures. RFC 8554 (2019). https://rfc-editor.org/rfc/rfc8554.txt

  27. Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_32

    Chapter  Google Scholar 

  28. Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_21

    Chapter  Google Scholar 

  29. National Institute of Standards and Technology: The Keyed-Hash Message Authentication Code (HMAC). FIPS PUB 198–1 (2008). https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.198-1.pdf

  30. National Institute of Standards and Technology: Secure Hash Standard (SHS). FIPS PUB 80-4 (2015). https://doi.org/10.6028/NIST.FIPS.180-4

  31. National Institute of Standards and Technology: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. FIPS PUB 202 (2015). https://doi.org/10.6028/NIST.FIPS.202

  32. Ozcelik, I., Medury, S., Broaddus, J., Skjellum, A.: An overview of cryptographic accumulators. In: 7th International Conference on Information Systems Security and Privacy (ICISSP 2021), pp. 661–669 (2021)

    Google Scholar 

  33. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. TU Dresden, Dresden Germany, Technical report V0.34 (2010)

    Google Scholar 

  34. Schartner, P., Schaffer, M.: Unique user-generated digital pseudonyms. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 194–205. Springer, Heidelberg (2005). https://doi.org/10.1007/11560326_15

    Chapter  Google Scholar 

  35. Szydlo, M.: Merkle tree traversal in log space and time. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 541–554. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_32

    Chapter  MATH  Google Scholar 

  36. Tunaru, I., Denis, B, Uguen, B.: Location-based pseudonyms for identity reinforcement in wireless ad hoc networks. In: Proceedings of IEEE 81st Vehicular Technology Conference (VTC Spring), pp. 1–5 (2015). https://doi.org/10.1109/VTCSpring.2015.7145918

Download references

Acknowledgment

The authors would like to thank the anonymous reviewers for their very useful comments which helped to improve the paper.

Author information

Authors and Affiliations

  1. School of Pure and Applied Sciences, Open University of Cyprus, 2220, Latsia, Cyprus

    Georgios Kermezis & Konstantinos Limniotis

  2. Hellenic Data Protection Authority, Kifissias 1-3, 11523, Athens, Greece

    Konstantinos Limniotis

  3. Department of Informatics and Telecommunications, University of Peloponnese, Akadimaikou G.K. Vlachou Street, 22131, Tripolis, Greece

    Nicholas Kolokotronis

Authors
  1. Georgios Kermezis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Konstantinos Limniotis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicholas Kolokotronis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Konstantinos Limniotis .

Editor information

Editors and Affiliations

  1. University of Oslo, Oslo, Norway

    Nils Gruschka

  2. Department of Computer Science, University of Porto, Porto, Portugal

    Luís Filipe Coelho Antunes

  3. Goethe University Frankfurt, Frankfurt, Germany

    Kai Rannenberg

  4. ENISA, Athens, Greece

    Prokopios Drogkaris

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kermezis, G., Limniotis, K., Kolokotronis, N. (2021). User-Generated Pseudonyms Through Merkle Trees. In: Gruschka, N., Antunes, L.F.C., Rannenberg, K., Drogkaris, P. (eds) Privacy Technologies and Policy. APF 2021. Lecture Notes in Computer Science(), vol 12703. Springer, Cham. https://doi.org/10.1007/978-3-030-76663-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-76663-4_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-76662-7

  • Online ISBN: 978-3-030-76663-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation