anonymous identification in ad hoc groups n.
Skip this Video
Download Presentation
Anonymous Identification in Ad Hoc Groups

Loading in 2 Seconds...

play fullscreen
1 / 16

Anonymous Identification in Ad Hoc Groups - PowerPoint PPT Presentation

  • Uploaded on

Anonymous Identification in Ad Hoc Groups. Yevgeniy Dodis, Antonio Nicolosi , Victor Shoup {dodis, nicolosi ,shoup} New York University. Aggelos Kiayias University of Connecticut. April 6 th , 2004. New York, NY, USA.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Anonymous Identification in Ad Hoc Groups' - zephr-cochran

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
anonymous identification in ad hoc groups

Anonymous Identification in Ad Hoc Groups

Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup


New York University

Aggelos Kiayias

University of Connecticut

April 6th, 2004

New York, NY, USA

enabling privacy aware access control
Enabling Privacy-Aware Access Control
  • Want to control access to many objects
    • Each with its own set of authorized users
  • For privacy concerns, users won’t reveal their identity when accessing an object
  • Solution:
    • Have one ad hoc group for each object
    • To access an object, users anonymously identify as members of corresponding group

Antonio Nicolosi — NYU

example access controlled blog
Example: Access-controlled Blog
  • Alice is keeping a cool blog about her poems
  • Since she’s shy, she only wants her friends to access it
  • But her friends are shy, too:
    • Maybe one of them is making too much reading …

 Solution: Ad Hoc Anonymous Identification scheme

Antonio Nicolosi — NYU

identification schemes
Identification Schemes

Antonio Nicolosi — NYU

anonymous identification
Anonymous Identification

Antonio Nicolosi — NYU

anonymous identification cont d
Anonymous Identification (cont’d)
  • Alice cannot tell whom she is talking to
    • Even in the case of two sessions with the same user (unlinkability)

Antonio Nicolosi — NYU

ad hoc groups
“Structured” Groupsvs.

E.g. organizations

Group Manager

Users need a different key per group

Ad Hoc Groups
  • Ad Hoc Groups
  • E.g. poetry clubs
  • No central authority
  • Can use same key for multiple groups

Antonio Nicolosi — NYU

ad hoc anonymous id syntax
Ad Hoc Anonymous ID: Syntax
  • Setup: system-wide initialization phase
  • Register: per-user initialization
    • Each user picks a secret key/public key pair
    • Run only once, regardless of # groups user joins
  • Make-GPK: combines a set of PKs into one GPK
  • Make-GSK: combines a user’s SK with a set of PKs, yielding a single GSK
  • Anon-ID: protocol between a group member (holding GSK) and a verifier (holding GPK)

Antonio Nicolosi — NYU

ad hoc anonymous id syntax cont d
Ad Hoc Anonymous ID: Syntax (cont’d)
  • Make-GPK (running time / to group size)
  • Make-GSK (running time / to group size)
  • Anon-ID (constant running time)

Antonio Nicolosi — NYU

background one way functions
Background: One-Way Functions
  • At the core of all modern Cryptography
    • Several instances are widely accepted …
    • … but nobody knows if they exist (in particular, cannot exist if P = NP)
  • Family of functions easy to compute, but very hard to invert at a random point





Antonio Nicolosi — NYU

background accumulators
Background: Accumulators
  • Intuition: Secure Dictionary ADT
    • Element Insertion/Membership Testing
  • Element Insertion
    • Adding to a set yields a different, larger set
  • Adding to an accumulator yields a different value of the same size + a witness

Antonio Nicolosi — NYU

background accumulators cont d
Background: Accumulators (cont’d)
  • Membership Testing
    • Sets are transparent: anybody can inspect their content
  • Accumulators are opaque:
    • Infeasible to check for membership …
  • … unless the proper witness is known
  • Hard to compute “fake witness’’

Antonio Nicolosi — NYU

constructing ad hoc anonymous id
Constructing Ad Hoc Anonymous ID
  • Register sets SK=random, PK=f( SK )
  • Make-GPK combines PKs by inserting them all into the accumulator
  • Make-GSK runs as Make-GPK, but also keeps track of SK and of the witness for PK
  • In the Anon-ID protocol, the user proves that
    • he knows the SK corresponding to some PK
    • PK has been added in the accumulator

Antonio Nicolosi — NYU

ad hoc anonymous id variations
Ad Hoc Anonymous ID: Variations
  • Identity Escrow
    • To prevent abuse of anonymity, possible to amend the scheme so that user identity can be recovered by a trusted party
  • Supporting large ad hoc groups
    • If group changes, need to build new value of GPK from scratch with Make-GPK
    • But if changes are just user additions, can compute new GPK (and GSK) efficiently

Antonio Nicolosi — NYU


We propose a novel cryptographic functionality (Ad Hoc Anonymous ID) enabling flexible, privacy-aware access control

  • We design an instance based on a new tool (One-Way Accumulators), efficiently constructible based on standard assumptions
  • We discuss possible variations to handle identity escrow and growingad hoc groups

Antonio Nicolosi — NYU

Any questions?

Thank you!

Antonio Nicolosi — NYU