Stuart G. Stubblebine
Abstract
We present a protocol for unlinkable serial transactions suitable for a variety of network-based subscription services. It is the first protocol to use cryptographic blinding to enable subscription services. The protocol prevents the service from tracking the behavior of its customers, while protecting the service vendor from abuse due to simultaneous or cloned use by a single subscriber. Our basic protocol structure and recovery protocol are robust against failure in protocol termination. We evaluate the security of the basic protocol and extend the basic protocol to include auditing, which further deters subscription sharing. We describe other applications of unlinkable serial transactions for pay-per-use trans subscription, third-party subscription management, multivendor coupons, proof of group membership, and voting.
- 1997. Anonymizer. www.anonymizer.com.]]Google Scholar
- BRICKELL, E., GEMMELL, P., AND KRAVITZ, D. 1995. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms (San Francisco, CA, Jan.) ACM Press, New York, NY, 457-466.]] Google Scholar
- CAMP, L. J., HARKAVEY, M., YEE, B., AND TYGAR, J. D. 1996. Anonymous Atomic Transactions. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce (Nov.), USENIX Assoc., Berkeley, CA.]]Google Scholar
- CHANDY, K. M. AND MISRA, J. 1988. Parallel Program Design: A Foundation. Addison-Wesley Longman Publ. Co., Inc., Reading, MA.]] Google Scholar
- CHAUM, D. 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 2 (Feb. 1981), 84-88.]] Google Scholar
- CHAUM, D. 1983. Blind signatures for untraceable payments. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '82, Santa Barbara, CA), D. Chaum, R. L. Rivest, and A. T. Sherman, Eds. Plenum Press, New York, NY, 199-203.]]Google Scholar
- CHAUM, D. 1985. Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28, 10 (Oct. 1985), 1030-1044.]] Google Scholar
- CHAUM, D., FIAT, A., AND NAOR, M. 1990. Untraceable electronic cash. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '88, Santa Barbara, CA, USA, Aug. 21-25, 1988), S. Goldwasser, Ed. Springer Lecture Notes in Computer Science Springer-Verlag, New York, NY, 319-327.]] Google Scholar
- CORTTRELL, L. 1994. Mixmaster and remailer attacks. www.obscura.com/loki/remailer-essay.html.]]Google Scholar
- CRANNOR, L. 1996. Electronic voting. Crossroads 2, 4 (Apr.). x]] Google Scholar
- FASBENDER, A., KESDOGAN, D., AND KUBITZ, O. 1996. Variable and scalable security: Protection of location information in mobile ip. In Proceedings of the 46th IEEE Conference on Vehicular Technology (Atlanta, GA, Mar.)]]Google Scholar
- FRANKLIN, M. K. AND REITER, M. K. 1997. Fair exchange with a semi-trusted third party (extended abstract). In Proceedings of the 4th ACM Conference on Computer and Communications Security (CCS '97, Zurich, Switzerland, Apr. 1-4, (1997), R. Graveman, P. Janson, C. Neumann, and L. Gong, Eds. ACM Press, New York, NY, 1-5.]] Google Scholar
- FRANKLIN, M. AND YUNG, M. 1992. Towards provably secure efficient electronic cash. Tech. Rep. CUCS-018092. Columbia Univ., New York, NY.]]Google Scholar
- FUJIOKA, A., OKAMOTO, T., AND OHTA, K. 1993. A practical secret voting scheme for large scale elections. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '92, Santa Barbara, CA), E. F. Brickell, Ed. Springer-Verlag, New York, 244-251.]] Google Scholar
- GABBER, E., GIBBONS, P., KRISTOL, D., MATIAS, Y., AND MAYER, A. 1999. On secure and pseudonymous client-relationships with multiple servers. ACM Trans. Inf. Syst. Secur. 2, 4 (Nov.).]] Google Scholar
- GOLDSCHLAG, D., REED, M., AND SYVERSON, P. 1999. Onion routing for anonymous and private internet connections. Commun. ACM 42, 2 (Feb.), 39-41.]] Google Scholar
- GONG, L. AND SYVERSON, P. 1998. Fail-stop protocols: An approach to designing secure protocols. In Proceedings of the 5th IFIP International Working Conference on Dependable Computing for Critical Applications (Urbana-Champaign, IL, Sept. 1995), R. K. Iyer, M. Morganti, W. K. Fuchs, and V. Gligor, Eds. IEEE Computer Society Press, Los Alamitos, CA, 79-99.]]Google Scholar
- GULCU, C. AND TSUDIK, G. 1996. Mixing email with Babel. In Proceedings of the 1996 Internet Society Symposium on Network and Distributed System Security (San Diego, CA, Feb.), 2-16.]] Google Scholar
- GUNTHER, C. 1987. An identity-based key-exchange protocol. In Proceedings of the Conference on Advances in Cryptology (EUROCRYPT '89) Springer-Verlag, New York, 29-37.]] Google Scholar
- HALLER, N. 1994. The s/key one-time password system. In Proceedings of the ISOC Symposium on Network and Distributed System Security (San Diego, CA, Feb. 1994).]]Google Scholar
- MENEZES, A. J., VAN OORSCHOT, P. C., AND VANSTONE, S. A. 1997. Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton, FL.]] Google Scholar
- OKAMOTO, T. AND OHTA, K. 1992. Universal electronic cash. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '91) Springer-Verlag, New York, NY, 324-337.]] Google Scholar
- PFITZMANN, A., PFITZMANN, B., AND WAIDNER, M. 1991. ISDN-mixes: Untraceable communication with very small bandwidth overhead. In Proceedings of the GI/ITG Conference on Communication in Distributed Systems (Feb., Mannheim, Germany) 451-463.]] Google Scholar
- POINTCHEVAL, D. AND STERN, J. 1996. Provably secure blind signature schemes. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '96, Santa Barbara, CA), N. Koblitz, Ed. Springer-Verlag, New York, 252-265. 1999. ProxyMate. www.proxymate.com.]] Google Scholar
- REITER, M. K. AND RUBIN, A. D. 1998. Crowds: anonymity for Web transactions. ACM Trans. Inf. Syst. Secur. 1, 1, 66-92.]] Google Scholar
- SCHECHTER, S., PARNELL, T., AND HARTEMINK, A. 1999. Anonymous authentication of membership in dynamic groups. In Proceedings of the Conference on Financial Cryptography (Anguilla, British West Indies, Feb. 99), M. Franklin, Ed. Springer-Verlag, New York, 184-195.]] Google Scholar
- SCHNEIDER,S.AND SIDIROPOULOS, A. 1996. Csp and anonymity. In Proceedings of the Conference on Computer Security (ESORICS 96, Rome, Italy), E. Bertino, H. Kurth, G. Martella, and E. Montolivo, Eds. Springer-Verlag, New York, 198-218.]] Google Scholar
- SET, 1999. SET Secure Electronic Transaction LL. www.setco.org]]Google Scholar
- SIMONE, D. 1997. Anonymous communication and anonymous cash. In Proceedings of the Conference on Advances in Cryptology (EUROCRYPT '97) Springer-Verlag, New York, 61-73.]] Google Scholar
- SYVERSON,P.AND STUBBLEBINE, S. 1999. Group principals and the formalization of anonymity. In Proceedings of the Conference on Formal Methods (Toulouse, France, Sept.), J. Wing, J. Woodcock, and J. Davies, Eds. Springer-Verlag, New York, 814-833.]] Google Scholar
- SYVERSON, P., STUBBLEBINE, S., AND GOLDSCHLAG, D. 1997. Unlinkable serial transactions. In Proceedings of the Conference on Financial Cryptography Springer-Verlag, New York, NY, 39-55.]] Google Scholar
Index Terms
- Unlinkable serial transactions: protocols and applications
Recommendations
Resource Fairness and Composability of Cryptographic Protocols
We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to ...
More Efficient Oblivious Transfer Extensions
Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large-scale OT ...
A Full Proof of the BGW Protocol for Perfectly Secure Multiparty Computation
In the setting of secure multiparty computation, a set of n parties with private inputs wish to jointly compute some functionality of their inputs. One of the most fundamental results of secure computation was presented by Ben-Or, Goldwasser, and ...
Reviews
Ernst L. Leiss
Unlinkable transactions are related to anonymity. Users may want to keep their searches confidential. Anonymity may also be desired within the framework of a subscription (anonymous proof of membership) or for applications in (confidential) voting. This paper presents the first protocol for unlinkable serial transactions. The approach prevents the service provider from tracking the behavior of the customer, while protecting the service provider from abuse by the customer. The approach is based on single-use tokens whose acquisition and use are separated: when acquiring a token, the customer's identity need not be concealed, and when using the token, the user's identity is protected. In particular, registration, token use, termination of a subscription, and recovery from broken connections are addressed. These methods are then extended to pay-per-use transactions within a subscription, third-party subscription management, multi-vendor coupons, proof of group membership, and voting. Operating assumptions are carefully stated, since they may have major implications. In particular, certain aspects of (excessive) collusion must be excluded in order for the protocols to work as stated. Under these assumptions, the authors show that fraud (such as subscription sharing and illegitimate subscriptions) can be eliminated, that the method is immune to active and passive attacks, and that the contracted service is guaranteed to the customer. This work is related to digital cash (e-cash); net issues involving authentication, authorization, and payment for services; and anonymity services in general. This well-written paper is an interesting contribution to net privacy, a concern of increasing importance. An earlier version appeared in 1997, in a conference on financial cryptography [1]. While this archival journal paper is more likely to be read by net programmers, it took two years to appear in print, a long time in this fast-moving field.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments