anonymous identification in ad hoc groups
Skip this Video
Download Presentation
Anonymous Identification in Ad Hoc Groups

Loading in 2 Seconds...

play fullscreen
1 / 16

Anonymous Identification in Ad Hoc Groups - PowerPoint PPT Presentation

  • Uploaded on

Anonymous Identification in Ad Hoc Groups. Yevgeniy Dodis, Antonio Nicolosi , Victor Shoup {dodis, nicolosi ,shoup} New York University. Aggelos Kiayias [email protected] University of Connecticut. April 6 th , 2004. New York, NY, USA.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Anonymous Identification in Ad Hoc Groups' - zephr-cochran

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
anonymous identification in ad hoc groups

Anonymous Identification in Ad Hoc Groups

Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup


New York University

Aggelos Kiayias

[email protected]

University of Connecticut

April 6th, 2004

New York, NY, USA

enabling privacy aware access control
Enabling Privacy-Aware Access Control
  • Want to control access to many objects
    • Each with its own set of authorized users
  • For privacy concerns, users won’t reveal their identity when accessing an object
  • Solution:
    • Have one ad hoc group for each object
    • To access an object, users anonymously identify as members of corresponding group

Antonio Nicolosi — NYU

example access controlled blog
Example: Access-controlled Blog
  • Alice is keeping a cool blog about her poems
  • Since she’s shy, she only wants her friends to access it
  • But her friends are shy, too:
    • Maybe one of them is making too much reading …

 Solution: Ad Hoc Anonymous Identification scheme

Antonio Nicolosi — NYU

identification schemes
Identification Schemes

Antonio Nicolosi — NYU

anonymous identification
Anonymous Identification

Antonio Nicolosi — NYU

anonymous identification cont d
Anonymous Identification (cont’d)
  • Alice cannot tell whom she is talking to
    • Even in the case of two sessions with the same user (unlinkability)

Antonio Nicolosi — NYU

ad hoc groups
“Structured” Groupsvs.

E.g. organizations

Group Manager

Users need a different key per group

Ad Hoc Groups
  • Ad Hoc Groups
  • E.g. poetry clubs
  • No central authority
  • Can use same key for multiple groups

Antonio Nicolosi — NYU

ad hoc anonymous id syntax
Ad Hoc Anonymous ID: Syntax
  • Setup: system-wide initialization phase
  • Register: per-user initialization
    • Each user picks a secret key/public key pair
    • Run only once, regardless of # groups user joins
  • Make-GPK: combines a set of PKs into one GPK
  • Make-GSK: combines a user’s SK with a set of PKs, yielding a single GSK
  • Anon-ID: protocol between a group member (holding GSK) and a verifier (holding GPK)

Antonio Nicolosi — NYU

ad hoc anonymous id syntax cont d
Ad Hoc Anonymous ID: Syntax (cont’d)
  • Make-GPK (running time / to group size)
  • Make-GSK (running time / to group size)
  • Anon-ID (constant running time)

Antonio Nicolosi — NYU

background one way functions
Background: One-Way Functions
  • At the core of all modern Cryptography
    • Several instances are widely accepted …
    • … but nobody knows if they exist (in particular, cannot exist if P = NP)
  • Family of functions easy to compute, but very hard to invert at a random point





Antonio Nicolosi — NYU

background accumulators
Background: Accumulators
  • Intuition: Secure Dictionary ADT
    • Element Insertion/Membership Testing
  • Element Insertion
    • Adding to a set yields a different, larger set
  • Adding to an accumulator yields a different value of the same size + a witness

Antonio Nicolosi — NYU

background accumulators cont d
Background: Accumulators (cont’d)
  • Membership Testing
    • Sets are transparent: anybody can inspect their content
  • Accumulators are opaque:
    • Infeasible to check for membership …
  • … unless the proper witness is known
  • Hard to compute “fake witness’’

Antonio Nicolosi — NYU

constructing ad hoc anonymous id
Constructing Ad Hoc Anonymous ID
  • Register sets SK=random, PK=f( SK )
  • Make-GPK combines PKs by inserting them all into the accumulator
  • Make-GSK runs as Make-GPK, but also keeps track of SK and of the witness for PK
  • In the Anon-ID protocol, the user proves that
    • he knows the SK corresponding to some PK
    • PK has been added in the accumulator

Antonio Nicolosi — NYU

ad hoc anonymous id variations
Ad Hoc Anonymous ID: Variations
  • Identity Escrow
    • To prevent abuse of anonymity, possible to amend the scheme so that user identity can be recovered by a trusted party
  • Supporting large ad hoc groups
    • If group changes, need to build new value of GPK from scratch with Make-GPK
    • But if changes are just user additions, can compute new GPK (and GSK) efficiently

Antonio Nicolosi — NYU


We propose a novel cryptographic functionality (Ad Hoc Anonymous ID) enabling flexible, privacy-aware access control

  • We design an instance based on a new tool (One-Way Accumulators), efficiently constructible based on standard assumptions
  • We discuss possible variations to handle identity escrow and growingad hoc groups

Antonio Nicolosi — NYU

Any questions?

Thank you!

Antonio Nicolosi — NYU