L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, pp. 232-243. Springer-Verlag, 1995.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....this paper, we propose a new e#cient anonymous credential system, considerably superior to previously proposed ones. The communication and computation costs of our solution are small, thus introducing almost no overhead to realizing privacy in a credential system. An anonymous credential system [Cha85, CE87, Che95, Dam90, LRSW99] consists of users and organizations. Organizations know the users only by pseudonyms. Di#erent pseudonyms of the # Extended version of what is to appear in: Advances in Cryptology EUROCRYPT 2001. same user cannot be linked. Yet, an organization can issue a credential to a pseudonym, and the ....

....The scheme should also provide user privacy. An organization cannot find out anything about a user, apart from the fact of the user s ownership of some set of credentials, even if it cooperates with other organizations. In particular, two pseudonyms belonging to the same user cannot be linked [Bra99, Cha85, CE87, Che95, Dam90, LRSW99]. Finally, it is desirable that the system be e#cient. Besides requiring that it be based on e#cient protocols, we also require that each interaction involve as few entities as possible, and the rounds and amount of communication be minimal. In particular, if a user has a multiple show credential ....

[Article contains additional citation context not shown here]

Lidong Chen. Access with pseudonyms. In E. Dawson ann J. Golic, editor, Cryptography: Policy and Algorithms, volume 1029 of Lecture Notes in Computer Science, pages 232--243. Springer Verlag, 1995.

....schemes are secure under the so called Strong RSA assumption. In contrast to these stand alone solutions, our goal is to construct signature schemes that are suitable as building blocks for other applications. Consider the use of signature schemes for constructing an anonymous credential system [13 15, 19, 27, 7]. While such a system can be constructed from any signature scheme using general techniques for cryptographic protocol design, we observe that doing it in this fashion is very ine#cient. Let us explain this point in more detail. In a credential system, a user can obtain access to a resource only ....

L. Chen. Access with pseudonyms. In E. D. ann J. Golic, editor, Cryptography: Policy and Algorithms, volume 1029 of Lecture Notes in Computer Science, pages 232--243. Springer Verlag, 1995.

....the case of double spending, which allows in addition the prevention of double spending if the spender uses a tamper resistant device from the bank. 6.3. 4 Pseudonym systems The practical solution proposed by Chaum and Evertse [54] to Chaum s credential system [52] as well as some later schemes [73, 57], e ectively preserves the individual s privacy against colluding organizations, but does not protect the organizations against colluding individuals to share their credentials. The pseudonym system introduced by Anna Lysyanskaya, Ronald Rivest, Amit Sahai and Stefan Wolf [117] in 1999 ....

Lidong Chen. Access with pseudonyms. In Ed Dawson and Jovan Golic, editors, Cryptography: Policy and Algorithms, pages 232-243. Springer-Verlag, 1995. Lecture Notes in Computer Science No. 1029.

....n is orders of magnitude smaller than the bit length of keys used in public key cryptography. Our scheme is useful when several distinct groups or organizations must interact and exchange information about individuals while protecting the individuals privacy. Credential transfer systems (CTS) [14, 15, 19, 17, 23, 9] are examples of such environments that can be built via group signature schemes [9, 3] Real world scenarios for the use of CTS include the health care industry, electronic voting, and transportation systems. In such cases, the added manageability and improved optimization opportunities permitted ....

L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, pp. 232-243. Springer-Verlag, 1995.

....customers have some credentials. An anonymous credential system is also necessary in such a case. Anonymous credential systems were suggested by David Chaum [Cha85] The rst proposed solution was a proof of concept and involved a semi trusted third party [CE87] Later, Damg ard [Dam90] and Chen [Che95] worked on the problem. Their solutions did not have a trusted third party, but the notion of user s identity was not well developed, and therefore it was not clear how their systems could function in case malicious users shared their credentials with others. Both of these solution were not ....

....problem, an application that allows the individual to control the dissemination of personal information is needed. An anonymous credential system (also called pseudonym system) introduced by Chaum [Cha85] is the best known idea for such a system. An anonymous credential system [Cha85, CE87, Che95, Dam90, LRSW99] consists of users and organizations. Organizations know the users only by pseudonyms. Di erent pseudonyms of the same user cannot be linked even if all of the organizations cooperate. Yet, an organization can issue a credential to a pseudonym, and the corresponding user can prove ....

[Article contains additional citation context not shown here]

Lidong Chen. Access with pseudonyms. In E. Dawson ann J. Golic, editor, Cryptography: Policy and Algorithms, volume 1029 of Lecture Notes in Computer Science, pages 232-243. Springer Verlag, 1995.

....identity, providing unobservability against traffic analysis via anonymous communication network techniques. Other privacy enhancing techniques include: information protection within agents, protection of agent code from intentional or accidental damage, secure distributed logs, among others. In [4, 11, 20, 21, 29] several pseudonym techniques are proposed and developed. The primary goal of pseudonym techniques is to hide the user s identity using a pseudonym. Of course, pseudonym techniques have other advantages, e.g. authentication, abuse control, accountability, etc. Pseudonym techniques can be ....

....cannot combine their database to build up a dossier on the user. A user can obtain a credential from one organization using one of his pseudonyms, and demonstrate possession of the credential to another organization, without revealing his first pseudonym to the second organization. In [4, 11, 20, 21, 29] some models for pseudonym systems are developed. In these models, a certification authority (CA) is needed only to enable a user to prove to an organization that his pseudonym actually corresponds to a public key of a real user. As well, there must be some stake in the secrecy of the ....

[Article contains additional citation context not shown here]

L.Chen. Access with pseudonyms. In Ed Dawson and Jovan Golic, editors, Cryptography: Policy and Algorithms, Volume 1029 of Lecture Notes in Computer Science, pages 232-243, Springer-Verlag, 1995.

....against traffic analysis using anonymous communication network techniques. Other privacy enhancing techniques include: information protection within agents, protection of agent code from intentional or accidental damage, secure distributed logs, among others. Pseudonym Techniques In [4, 11, 20, 21, 29] several pseudonym techniques are proposed and developed. The primary goal of pseudonym techniques is for the hiding of the user s identity in the application data, i.e. using pseudonym instead of identity. Of course, pseudonym techniques have other advantages, e.g. authentication, abuse control, ....

L.Chen. Access with pseudonyms. In Ed Dawson and Jovan Golic, editors, Cryptography: Policy and Algorithms, Volume 1029 of Lecture Notes in Computer Science, pages 232-243, Springer-Verlag, 1995.

....to previously proposed ones. The communication and computation costs of our solution are small, thus introducing almost no overhead to realizing privacy in a credential system. Extended version of what is to appear in: Advances in Cryptology EUROCRYPT 2001. 1 An anonymous credential system [Cha85, CE87, Che95, Dam90, LRSW99] consists of users and organizations. Organizations know the users only by pseudonyms. Different pseudonyms of the same user cannot be linked. Yet, an organization can issue a credential to a pseudonym, and the corresponding user can prove possession of this credential to another organization (who ....

....The scheme should also provide user privacy. An organization cannot nd out anything about a user, apart from the fact of the user s ownership of some set of credentials, even if it cooperates with other organizations. In particular, two pseudonyms belonging to the same user cannot be linked [Bra99, Cha85, CE87, Che95, Dam90, LRSW99]. Finally, it is desirable that the system be ecient. Besides requiring that it be based on ecient protocols, we also require that each interaction involve as few entities as possible, and the rounds and amount of communication be minimal. In particular, if a user has a multiple show credential ....

[Article contains additional citation context not shown here]

Lidong Chen. Access with pseudonyms. In E. Dawson ann J. Golic, editor, Cryptography: Policy and Algorithms, volume 1029 of Lecture Notes in Computer Science, pages 232-243. Springer Verlag, 1995. 26

....to some valid user. The drawback, however, is that Damg ard s result is not meant to be implemented in practice: it is based on zero knowledge proof constructions, which are ine cient. We will describe Damg ard s scheme in more detail in the section dedicated for theoretical constructions. Chen[13] presents a practical discrete logarithm based scheme for Damg ard s model. In her scheme, a trusted center has to validate all the pseudonyms, but does not participate in the credential transfer. One of this scheme s main disadvantages is that it requires honest behavior of the CA: A malicious CA ....

....model, as well as its numerous extensions, are realizable. On the other hand, we present a practical and easily implementable construction of the basic model under 3 reasonable number theoretic assumptions. 1.3. 1 Discussion of the model The main distinction of our model from its predecessors [11, 13, 15] is that the notion of a user is well de ned. We base our proposed scheme on the presumption that each user has a master public key whose corresponding master secret key the user is highly motivated to keep secret. This master public key might be registered as his legal digital signature key, so ....

[Article contains additional citation context not shown here]

Lidong Chen. Access with pseudonyms. In Ed Dawson and Jovan Golic, editors, Cryptography: Policy and Algorithms, pages 232-243. Springer-Verlag, 1995. Lecture Notes in Computer Science No. 1029.

No context found.

L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, pp. 232-243. Springer-Verlag, 1995.

No context found.

L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, pp. 232-243. Springer-Verlag, 1995.

No context found.

L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, pp. 232-243. Springer-Verlag, 1995.

No context found.

L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, Proceedings of an International Conference, volume 1029 of Lecture Notes in Computer Science, pages 232--243, 1995. 18

No context found.

Chen, L. Access with pseudonyms. In Cryptography: Policy and Algorithms (1995.

No context found.

L. Chen. Access with pseudonyms. In E. Dawson and J. D. Golic, editors, Cryptography: Policy and Algorithms, International Conference, Brisbane, Queensland, Australia, July 3-5, 1995, Proceedings, number 1029 in Lecture Notes in in Computer Science, pages 232--243. Springer Verlag, Berlin, 1995.

No context found.

L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, Proceedings of an International Conference, volume 1029 of Lecture Notes in Computer Science, pages 232--243, 1995. 18

No context found.

L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, pp. 232-243. Springer-Verlag, 1995.

No context found.

L.Chen. Access with pseudonyms. In Ed Dawson and Jovan Golic, editors, Cryptography: Policy and Algorithms, Volume 1029 of Lecture Notes in Computer Science, pages 232-243, Springer-Verlag, 1995.

No context found.

L.Chen. Access with pseudonyms. In Ed Dawson and Jovan Golic, editors, Cryptography: Policy and Algorithms, Volume 1029 of Lecture Notes in Computer Science, pages 232-243, Springer-Verlag, 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC