Ivan Bjerre Damgard. Payment systems and credential mechanism with provable security against abuse by individuals. In Shafi Goldwasser, editor, Advances in Cryptology --- CRYPTO '88, volume 403 of Lecture Notes in Computer Science, pages 328--335. Springer Verlag, 1990.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....this paper, we propose a new e#cient anonymous credential system, considerably superior to previously proposed ones. The communication and computation costs of our solution are small, thus introducing almost no overhead to realizing privacy in a credential system. An anonymous credential system [Cha85, CE87, Che95, Dam90, LRSW99] consists of users and organizations. Organizations know the users only by pseudonyms. Di#erent pseudonyms of the # Extended version of what is to appear in: Advances in Cryptology EUROCRYPT 2001. same user cannot be linked. Yet, an organization can issue a credential to a pseudonym, and the ....

....The scheme should also provide user privacy. An organization cannot find out anything about a user, apart from the fact of the user s ownership of some set of credentials, even if it cooperates with other organizations. In particular, two pseudonyms belonging to the same user cannot be linked [Bra99, Cha85, CE87, Che95, Dam90, LRSW99]. Finally, it is desirable that the system be e#cient. Besides requiring that it be based on e#cient protocols, we also require that each interaction involve as few entities as possible, and the rounds and amount of communication be minimal. In particular, if a user has a multiple show credential ....

[Article contains additional citation context not shown here]

Ivan Bjerre Damgard. Payment systems and credential mechanism with provable security against abuse by individuals. In Shafi Goldwasser, editor, Advances in Cryptology --- CRYPTO '88, volume 403 of Lecture Notes in Computer Science, pages 328--335. Springer Verlag, 1990.

....the case of double spending, which allows in addition the prevention of double spending if the spender uses a tamper resistant device from the bank. 6.3. 4 Pseudonym systems The practical solution proposed by Chaum and Evertse [54] to Chaum s credential system [52] as well as some later schemes [73, 57], e ectively preserves the individual s privacy against colluding organizations, but does not protect the organizations against colluding individuals to share their credentials. The pseudonym system introduced by Anna Lysyanskaya, Ronald Rivest, Amit Sahai and Stefan Wolf [117] in 1999 ....

Ivan B. Damgard. Payment systems and credential mechanisms with provable security against abuse by individuals. In S. Goldwasser, editor, Proc. CRYPTO 88, pages 328{ 335. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.

....that their customers have some credentials. An anonymous credential system is also necessary in such a case. Anonymous credential systems were suggested by David Chaum [Cha85] The rst proposed solution was a proof of concept and involved a semi trusted third party [CE87] Later, Damg ard [Dam90] and Chen [Che95] worked on the problem. Their solutions did not have a trusted third party, but the notion of user s identity was not well developed, and therefore it was not clear how their systems could function in case malicious users shared their credentials with others. Both of these ....

....an application that allows the individual to control the dissemination of personal information is needed. An anonymous credential system (also called pseudonym system) introduced by Chaum [Cha85] is the best known idea for such a system. An anonymous credential system [Cha85, CE87, Che95, Dam90, LRSW99] consists of users and organizations. Organizations know the users only by pseudonyms. Di erent pseudonyms of the same user cannot be linked even if all of the organizations cooperate. Yet, an organization can issue a credential to a pseudonym, and the corresponding user can prove ....

[Article contains additional citation context not shown here]

Ivan Bjerre Damgard. Payment systems and credential mechanism with provable security against abuse by individuals. In Sha Goldwasser, editor, Advances in Cryptology | CRYPTO '88, volume 403 of Lecture Notes in Computer Science, pages 328-335. Springer Verlag, 1990.

....to previously proposed ones. The communication and computation costs of our solution are small, thus introducing almost no overhead to realizing privacy in a credential system. Extended version of what is to appear in: Advances in Cryptology EUROCRYPT 2001. 1 An anonymous credential system [Cha85, CE87, Che95, Dam90, LRSW99] consists of users and organizations. Organizations know the users only by pseudonyms. Different pseudonyms of the same user cannot be linked. Yet, an organization can issue a credential to a pseudonym, and the corresponding user can prove possession of this credential to another organization (who ....

....The scheme should also provide user privacy. An organization cannot nd out anything about a user, apart from the fact of the user s ownership of some set of credentials, even if it cooperates with other organizations. In particular, two pseudonyms belonging to the same user cannot be linked [Bra99, Cha85, CE87, Che95, Dam90, LRSW99]. Finally, it is desirable that the system be ecient. Besides requiring that it be based on ecient protocols, we also require that each interaction involve as few entities as possible, and the rounds and amount of communication be minimal. In particular, if a user has a multiple show credential ....

[Article contains additional citation context not shown here]

Ivan Bjerre Damgard. Payment systems and credential mechanism with provable security against abuse by individuals. In Sha Goldwasser, editor, Advances in Cryptology | CRYPTO '88, volume 403 of Lecture Notes in Computer Science, pages 328-335. Springer Verlag, 1990.

....di erence. In their scenario, a trusted center conducts the operation of transferring a user s credential from one organization to another. The pseudonyms in their model are information theoretically unlinkable. The heavy reliance on a trusted center is the main weakness of this work. Damg ard[15] constructed a scheme that implements a pseudonym system that does not rely on a trusted third party as much. His scheme is based on multi party computations and bit commitments. The advantages of his scheme is that it provably protects organizations from credential forgery by malicious users and ....

....model, as well as its numerous extensions, are realizable. On the other hand, we present a practical and easily implementable construction of the basic model under 3 reasonable number theoretic assumptions. 1.3. 1 Discussion of the model The main distinction of our model from its predecessors [11, 13, 15] is that the notion of a user is well de ned. We base our proposed scheme on the presumption that each user has a master public key whose corresponding master secret key the user is highly motivated to keep secret. This master public key might be registered as his legal digital signature key, so ....

[Article contains additional citation context not shown here]

Ivan Bjerre Damgard. Payment systems and credential mechanisms with provable security against abuse by individuals (extended abstract). In Advances in Cryptology|CRYPTO '88, pages 328-335. Springer-Verlag, 1988.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC