Anonymous Identification in Ad Hoc Groups - PowerPoint PPT Presentation

Anonymous identification in ad hoc groups
1 / 16

  • Uploaded on
  • Presentation posted in: General

Anonymous Identification in Ad Hoc Groups. Yevgeniy Dodis, Antonio Nicolosi , Victor Shoup {dodis, nicolosi ,shoup} New York University. Aggelos Kiayias University of Connecticut. April 6 th , 2004. New York, NY, USA.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Anonymous Identification in Ad Hoc Groups

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Anonymous identification in ad hoc groups

Anonymous Identification in Ad Hoc Groups

Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup


New York University

Aggelos Kiayias

University of Connecticut

April 6th, 2004

New York, NY, USA

Enabling privacy aware access control

Enabling Privacy-Aware Access Control

  • Want to control access to many objects

    • Each with its own set of authorized users

  • For privacy concerns, users won’t reveal their identity when accessing an object

  • Solution:

    • Have one ad hoc group for each object

    • To access an object, users anonymously identify as members of corresponding group

Antonio Nicolosi — NYU

Example access controlled blog

Example: Access-controlled Blog

  • Alice is keeping a cool blog about her poems

  • Since she’s shy, she only wants her friends to access it

  • But her friends are shy, too:

    • Maybe one of them is making too much reading …

 Solution: Ad Hoc Anonymous Identification scheme

Antonio Nicolosi — NYU

Identification schemes

Identification Schemes

Antonio Nicolosi — NYU

Anonymous identification

Anonymous Identification

Antonio Nicolosi — NYU

Anonymous identification cont d

Anonymous Identification (cont’d)

  • Alice cannot tell whom she is talking to

    • Even in the case of two sessions with the same user (unlinkability)

Antonio Nicolosi — NYU

Ad hoc groups

“Structured” Groupsvs.

E.g. organizations

Group Manager

Users need a different key per group

Ad Hoc Groups

  • Ad Hoc Groups

  • E.g. poetry clubs

  • No central authority

  • Can use same key for multiple groups

Antonio Nicolosi — NYU

Ad hoc anonymous id syntax

Ad Hoc Anonymous ID: Syntax

  • Setup: system-wide initialization phase

  • Register: per-user initialization

    • Each user picks a secret key/public key pair

    • Run only once, regardless of # groups user joins

  • Make-GPK: combines a set of PKs into one GPK

  • Make-GSK: combines a user’s SK with a set of PKs, yielding a single GSK

  • Anon-ID: protocol between a group member (holding GSK) and a verifier (holding GPK)

Antonio Nicolosi — NYU

Ad hoc anonymous id syntax cont d

Ad Hoc Anonymous ID: Syntax (cont’d)

  • Make-GPK (running time / to group size)

  • Make-GSK (running time / to group size)

  • Anon-ID (constant running time)

Antonio Nicolosi — NYU

Background one way functions

Background: One-Way Functions

  • At the core of all modern Cryptography

    • Several instances are widely accepted …

    • … but nobody knows if they exist (in particular, cannot exist if P = NP)

  • Family of functions easy to compute, but very hard to invert at a random point





Antonio Nicolosi — NYU

Background accumulators

Background: Accumulators

  • Intuition: Secure Dictionary ADT

    • Element Insertion/Membership Testing

  • Element Insertion

    • Adding to a set yields a different, larger set

  • Adding to an accumulator yields a different value of the same size + a witness

Antonio Nicolosi — NYU

Background accumulators cont d

Background: Accumulators (cont’d)

  • Membership Testing

    • Sets are transparent: anybody can inspect their content

  • Accumulators are opaque:

    • Infeasible to check for membership …

  • … unless the proper witness is known

  • Hard to compute “fake witness’’

Antonio Nicolosi — NYU

Constructing ad hoc anonymous id

Constructing Ad Hoc Anonymous ID

  • Register sets SK=random, PK=f( SK )

  • Make-GPK combines PKs by inserting them all into the accumulator

  • Make-GSK runs as Make-GPK, but also keeps track of SK and of the witness for PK

  • In the Anon-ID protocol, the user proves that

    • he knows the SK corresponding to some PK

    • PK has been added in the accumulator

Antonio Nicolosi — NYU

Ad hoc anonymous id variations

Ad Hoc Anonymous ID: Variations

  • Identity Escrow

    • To prevent abuse of anonymity, possible to amend the scheme so that user identity can be recovered by a trusted party

  • Supporting large ad hoc groups

    • If group changes, need to build new value of GPK from scratch with Make-GPK

    • But if changes are just user additions, can compute new GPK (and GSK) efficiently

Antonio Nicolosi — NYU


  • We propose a novel cryptographic functionality (Ad Hoc Anonymous ID) enabling flexible, privacy-aware access control

  • We design an instance based on a new tool (One-Way Accumulators), efficiently constructible based on standard assumptions

  • We discuss possible variations to handle identity escrow and growingad hoc groups


Antonio Nicolosi — NYU

Anonymous identification in ad hoc groups

Any questions?

Thank you!

Antonio Nicolosi — NYU

  • Login