Abstract
We present a protocol for unlinkable serial transactions suitable for a variety of network-based subscription services. It is the first protocol to use cryptographic blinding to enable subscription services. The protocol prevents the service from tracking the behavior of its customers, while protecting the service vendor from abuse due to simultaneous or cloned use by a single subscriber. Our basic protocol structure and recovery protocol are robust against failure in protocol termination. We evaluate the security of the basic protocol and extend the basic protocol to include auditing, which further deters subscription sharing. We describe other applications of unlinkable serial transactions for pay-per-use trans subscription, third-party subscription management, multivendor coupons, proof of group membership, and voting.
- 1997. Anonymizer. www.anonymizer.com.]]Google Scholar
- BRICKELL, E., GEMMELL, P., AND KRAVITZ, D. 1995. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms (San Francisco, CA, Jan.) ACM Press, New York, NY, 457-466.]] Google Scholar
- CAMP, L. J., HARKAVEY, M., YEE, B., AND TYGAR, J. D. 1996. Anonymous Atomic Transactions. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce (Nov.), USENIX Assoc., Berkeley, CA.]]Google Scholar
- CHANDY, K. M. AND MISRA, J. 1988. Parallel Program Design: A Foundation. Addison-Wesley Longman Publ. Co., Inc., Reading, MA.]] Google Scholar
- CHAUM, D. 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 2 (Feb. 1981), 84-88.]] Google Scholar
- CHAUM, D. 1983. Blind signatures for untraceable payments. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '82, Santa Barbara, CA), D. Chaum, R. L. Rivest, and A. T. Sherman, Eds. Plenum Press, New York, NY, 199-203.]]Google Scholar
- CHAUM, D. 1985. Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28, 10 (Oct. 1985), 1030-1044.]] Google Scholar
- CHAUM, D., FIAT, A., AND NAOR, M. 1990. Untraceable electronic cash. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '88, Santa Barbara, CA, USA, Aug. 21-25, 1988), S. Goldwasser, Ed. Springer Lecture Notes in Computer Science Springer-Verlag, New York, NY, 319-327.]] Google Scholar
- CORTTRELL, L. 1994. Mixmaster and remailer attacks. www.obscura.com/loki/remailer-essay.html.]]Google Scholar
- CRANNOR, L. 1996. Electronic voting. Crossroads 2, 4 (Apr.). x]] Google Scholar
- FASBENDER, A., KESDOGAN, D., AND KUBITZ, O. 1996. Variable and scalable security: Protection of location information in mobile ip. In Proceedings of the 46th IEEE Conference on Vehicular Technology (Atlanta, GA, Mar.)]]Google Scholar
- FRANKLIN, M. K. AND REITER, M. K. 1997. Fair exchange with a semi-trusted third party (extended abstract). In Proceedings of the 4th ACM Conference on Computer and Communications Security (CCS '97, Zurich, Switzerland, Apr. 1-4, (1997), R. Graveman, P. Janson, C. Neumann, and L. Gong, Eds. ACM Press, New York, NY, 1-5.]] Google Scholar
- FRANKLIN, M. AND YUNG, M. 1992. Towards provably secure efficient electronic cash. Tech. Rep. CUCS-018092. Columbia Univ., New York, NY.]]Google Scholar
- FUJIOKA, A., OKAMOTO, T., AND OHTA, K. 1993. A practical secret voting scheme for large scale elections. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '92, Santa Barbara, CA), E. F. Brickell, Ed. Springer-Verlag, New York, 244-251.]] Google Scholar
- GABBER, E., GIBBONS, P., KRISTOL, D., MATIAS, Y., AND MAYER, A. 1999. On secure and pseudonymous client-relationships with multiple servers. ACM Trans. Inf. Syst. Secur. 2, 4 (Nov.).]] Google Scholar
- GOLDSCHLAG, D., REED, M., AND SYVERSON, P. 1999. Onion routing for anonymous and private internet connections. Commun. ACM 42, 2 (Feb.), 39-41.]] Google Scholar
- GONG, L. AND SYVERSON, P. 1998. Fail-stop protocols: An approach to designing secure protocols. In Proceedings of the 5th IFIP International Working Conference on Dependable Computing for Critical Applications (Urbana-Champaign, IL, Sept. 1995), R. K. Iyer, M. Morganti, W. K. Fuchs, and V. Gligor, Eds. IEEE Computer Society Press, Los Alamitos, CA, 79-99.]]Google Scholar
- GULCU, C. AND TSUDIK, G. 1996. Mixing email with Babel. In Proceedings of the 1996 Internet Society Symposium on Network and Distributed System Security (San Diego, CA, Feb.), 2-16.]] Google Scholar
- GUNTHER, C. 1987. An identity-based key-exchange protocol. In Proceedings of the Conference on Advances in Cryptology (EUROCRYPT '89) Springer-Verlag, New York, 29-37.]] Google Scholar
- HALLER, N. 1994. The s/key one-time password system. In Proceedings of the ISOC Symposium on Network and Distributed System Security (San Diego, CA, Feb. 1994).]]Google Scholar
- MENEZES, A. J., VAN OORSCHOT, P. C., AND VANSTONE, S. A. 1997. Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton, FL.]] Google Scholar
- OKAMOTO, T. AND OHTA, K. 1992. Universal electronic cash. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '91) Springer-Verlag, New York, NY, 324-337.]] Google Scholar
- PFITZMANN, A., PFITZMANN, B., AND WAIDNER, M. 1991. ISDN-mixes: Untraceable communication with very small bandwidth overhead. In Proceedings of the GI/ITG Conference on Communication in Distributed Systems (Feb., Mannheim, Germany) 451-463.]] Google Scholar
- POINTCHEVAL, D. AND STERN, J. 1996. Provably secure blind signature schemes. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '96, Santa Barbara, CA), N. Koblitz, Ed. Springer-Verlag, New York, 252-265. 1999. ProxyMate. www.proxymate.com.]] Google Scholar
- REITER, M. K. AND RUBIN, A. D. 1998. Crowds: anonymity for Web transactions. ACM Trans. Inf. Syst. Secur. 1, 1, 66-92.]] Google Scholar
- SCHECHTER, S., PARNELL, T., AND HARTEMINK, A. 1999. Anonymous authentication of membership in dynamic groups. In Proceedings of the Conference on Financial Cryptography (Anguilla, British West Indies, Feb. 99), M. Franklin, Ed. Springer-Verlag, New York, 184-195.]] Google Scholar
- SCHNEIDER,S.AND SIDIROPOULOS, A. 1996. Csp and anonymity. In Proceedings of the Conference on Computer Security (ESORICS 96, Rome, Italy), E. Bertino, H. Kurth, G. Martella, and E. Montolivo, Eds. Springer-Verlag, New York, 198-218.]] Google Scholar
- SET, 1999. SET Secure Electronic Transaction LL. www.setco.org]]Google Scholar
- SIMONE, D. 1997. Anonymous communication and anonymous cash. In Proceedings of the Conference on Advances in Cryptology (EUROCRYPT '97) Springer-Verlag, New York, 61-73.]] Google Scholar
- SYVERSON,P.AND STUBBLEBINE, S. 1999. Group principals and the formalization of anonymity. In Proceedings of the Conference on Formal Methods (Toulouse, France, Sept.), J. Wing, J. Woodcock, and J. Davies, Eds. Springer-Verlag, New York, 814-833.]] Google Scholar
- SYVERSON, P., STUBBLEBINE, S., AND GOLDSCHLAG, D. 1997. Unlinkable serial transactions. In Proceedings of the Conference on Financial Cryptography Springer-Verlag, New York, NY, 39-55.]] Google Scholar
Index Terms
- Unlinkable serial transactions: protocols and applications
Recommendations
Resource Fairness and Composability of Cryptographic Protocols
We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to ...
More Efficient Oblivious Transfer Extensions
Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large-scale OT ...
A Full Proof of the BGW Protocol for Perfectly Secure Multiparty Computation
In the setting of secure multiparty computation, a set of n parties with private inputs wish to jointly compute some functionality of their inputs. One of the most fundamental results of secure computation was presented by Ben-Or, Goldwasser, and ...
Comments