A Practical System for Globally Revoking the Unlinkable Pseudonyms of Unknown Users

We propose the first single sign-on system in which a user can access services using unlinkable digital pseudonyms that can all be revoked in case he or she abuses any one service. Our solution does not rely on key escrow: each user needs to trust only her own computing device with following our protocols in order to be assured of the unconditional untraceability and unlinkability of her pseudonyms. In applications where users hook pseudonyms up to legacy identifiers or legacy accounts at service providers, our system guarantees that service providers (even if they collude with the pseudonym issuer) do not gain any correlation powers over users. Our solution involves two novel ingredients: a technique for invisibly chaining all of a user’s pseudonyms in a manner that permits the revocation of all of them on the basis of any one of them (without knowing the user’s identity with the issuer) and a sublinear-time proof that a committed number is not on a blacklist without revealing additional information about the number. Our solution is highly practical. CR Subject Classification : E.3 [Data]: Data Encryption – Public key cryptosystems. A practical system for globally revoking the unlinkable pseudonyms of unknown users Stefan Brands Credentica & McGill School of Comp. Sc. 740 Notre Dame St. W., Suite 1500 Montreal (QC), Canada H3C 3X6 brands@{credentica.com,cs.mcgill.ca} www.credentica.com Liesje Demuynck K.U.Leuven, Dept. of Comp. Sci. Celestijnenlaan 200A B-3001 Heverlee, Belgium [email protected] www.cs.kuleuven.be Bart De Decker K.U.Leuven, Dept. of Comp. Sci. Celestijnenlaan 200A B-3001 Heverlee, Belgium [email protected] www.cs.kuleuven.be