Anonymity in Cryptographic Protocols

Maintaining user anonymity is desirable in a variety of electronic commerce applications. For example, if you were to vote electronically, you probably would not want anyone to know the candidate for whom you voted; or if you were to use electronic cash to purchase a product, you may not want your identity to be known since this information could be used to trace your spending patterns, and perhaps spam you with junk mail. Although achieving anonymity can be an important design criterion in cryptographic systems, it comes at a cost. If the systems are not carefully designed, the overall security of the system could be compromised. Our goal is to develop mathematical techniques that enable anonymity in cryptographic systems without compromising the security. Recent results include the design of Pseudonym Systems and the construction of Group Blind Digital Signatures. Group members include Anna Lysyanskaya, Ronald L. Rivest, Amit Sahai, and Stefan Wolf.  

  • Pseudonym Systems

    Pseudonym systems allow users to interact with multiple organizations anonymously, using pseudonyms. The pseudonyms cannot be linked, but are formed in such a way that a user can prove to one organization a statement about his relationship with another. Such a statement is called a credential. Previous work in this area did not protect the system agains dishonest users who collectively use their pseudonyms and credientials, i.e. share an identity. Previous practical schemes also relied heavily on the involvement of a trusted center. We provide a formal definition of pseudonym systems where users are motivated not to share their identity, and in which the trusted center's involvement is minimal. We give theoretical constructions for such systems based on any one-way function. We also suggest an efficient and easy to implement practical scheme. 

  • Group Blind Digital Signatures

    We introduce a new cryptographic construct called a Group Blind Digital Signature. This construct combines the already existing notions of a Group Digital Signature and a Blind Digital Signature. A group blind signature allows individual members of a possibly large group to digitally sign a message on behalf of the entire group in a cryptographically secure manner. In addition to being hard to forge, the resulting digital signatures are anonymous and unlinkable, and only a pre-specified group manager can determine the identity of the signer. Finally, the signatures have a blindness property, so if the signer later sees a message he has signed, he will not be able to determine when or for whom he signed it. Group Blind Digital Signatures are useful for various aspects of electronic commerce. In particular, through the use of such signatures we can design protocols for secure distributed electronic banking, and secure online voting with multiple voting centers. We show, for the first time, how to construct such signatures based on number-theoretic assumptions. We also examine the implications to Electronic Cash and Online Voting.

    Relevant Papers
  • Anna Lysyanskaya, Zulfikar Ramzan. Group Blind Digital Signatures: A Scalable Solution to Electronic Cash. In Ray Hirschfeld, EditorProceedings of the Second International Conference on Financial Cryptography 1998, Lecture Notes in Computer Science, Volume 1465, Springer Verlag, Berlin. 

    A more thorough and extensive treatment of the above paper can be obtained from: 

  • Zulfikar Ramzan. Group Blind Digital Signatures: Theory and Applications. Master's Thesis.