Article

Blind, Auditable Membership Proofs

Authors:

Moti YungAuthors Info & Claims

FC '00: Proceedings of the 4th International Conference on Financial Cryptography

Pages 53 - 71

Published: 20 February 2000 Publication History

Abstract

Auditability is an important property in financial systems and architectures. Here we define the primitive of "blind auditable membership proof" (BAMP) which combines public auditability with privacy (i.e. user anonymity). In particular, one can use it as an auditable alternative to a "blind signature" component in unconditionally anonymous payment systems and in other systems requiring anonymity. We show that BAMP can be implemented quite efficiently (namely, without resorting to general zero-knowledge proofs of NP statements, which, in general, merely indicates plausibility).We then build an anonymous off-line payment system based on the implementation of BAMP. The system has the property that its security against counterfeiting relies on the integrity of a public (auditable) database and not on the secrecy of privately held keys. The system strongly defends against blackmailing and bank robbery attacks, in the same way the system in [21] does. However, the current system is a significant step towards practicality since, unlike the previous system, first, it does not use general protocols for zero knowledge proofs for NP , and second, the cost of the payment protocol is independent of the number of total coins withdrawn.

References

[1]

N. Baric and B. Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. Lecture Notes in Computer Science , 1233, 1997.

[2]

M. Bellare and P. Rogaway. Random oracles are practical: A pardigm for designing efficient protocols. In Victoria Ashby, editor, 1st ACM Conference on Computer and Communications Security , Fairfax, Virginia, November 1993. ACM Press. also appeared as IBM RC 19619 (87000) 6/22/94.

[3]

J. Benaloh and M. de Mare. One-way accumulators: A decentralized alternative to digital signatures (extended abstract). In Tor Helleseth, editor, Advances in Cryptology--EUROCRYPT 93 , volume 765 of Lecture Notes in Computer Science , pages 274-285. Springer-Verlag. 1994, 23-27 May, 1993.

[4]

D. Boneh and M. Franklin. Efficient generation of shared RSA keys. In Burt Kaliski, editor, Advances in Cryptology: CRYPTO '97 , volume 1233 of Lecture Notes in Computer Science , pages 425-439. Springer, 1997.

[5]

S. Brands. An efficient off-line electronic cash system based on the representation problem. In 246. Centrum voor Wiskunde en Informatica (CWI), ISSN 0169-118X, December 31 1993. AA (Department of Algorithmics and Architecture), CS-R9323, URL=ftp://ftp.cwi.nl/pub/CWIreports/AA/CS-R9323.ps.Z.

[6]

J. Camenisch and M. Michels. A group signature scheme with improved efficiency. Lecture Notes in Computer Science , 1514, 1998.

[7]

J. Camenisch and M. Michels. Proving in zero-knowledge that a number is the product of two safe primes. Lecture Notes in Computer Science , 1592, 1999.

[8]

J. L. Carter and M. N. Wegman. Universal classes of hash functions (extended abstract). In Conference Record of the Ninth Annual ACM Symposium on Theory of Computing , pages 106-112, Boulder, Colorado, 2-4 May 1977.

[9]

D. Chaum. Blind signatures for untraceable payments. In David Chaum, Ronald L. Rivest, and Alan T. Sherman, editors, Advances in Cryptology: Proceedings of Crypto 82 , pages 199-203 Plenum Press, New York and London, 1983, 23-25 August 1982.

[10]

J. D. Cohen and M. J. Fischer. A robust and verifiable cryptographically secure election scheme (extended abstract). In 26th Annual Symposium on Foundations of Computer Science , pages 372-382, Portland, Oregon, 21-23 October 1985. IEEE.

[11]

R. Cramer and V. Shoup. Signature schemes based on the strong RSA assumption. In Proceedings of the 6th ACM Conference on Computer and Communications Security . ACM Press, 1999.

[12]

A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew Michael Odlyzko, editor, Advances in cryptology: CRYPTO '86: proceedings , volume 263 of Lecture Notes in Computer Science , pages 181-187, Berlin, 1987 Springer-Verlag.

[13]

Y. Frankel, P. MacKenzie, and M. Yung. Robust efficient distributed RSA-Key generation. In Proceedings of the 30th Annual ACM Symposium on Theory of Computing (STOC-98) , pages 663-672, New York, May 23-26 1998. ACM Press.

[14]

Y. Frankel, Y. Tsiounis, and M. Yung. "Indirect discourse proofs": Achieving efficient fair off-line E-cash. In Kwangjo Kim and Tsutomu Matsumoto, editors, Advances in Cryptology--ASIACRYPT'96 , volume 1163 of Lecture Notes in Computer Science , pages 286-300, Kyongju, Korea, 3-7 November 1996. Springer-Verlag.

[15]

M. K. Franklin and M. Yung. Secure and efficient off-line digital money (extended abstract). In Svante Carlsson Andrzej Lingas, Rolf G. Karlsson, editor, Automata, Languages and Programming, 20th International Colloquium , volume 700 of Lecture Notes in Computer Science , pages 265-276, Lund, Sweden, 5-9 July 1993. Springer-Verlag.

[16]

E. Fujisaki and T. Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In Burton S. Kaliski Jr., editor, Advances in Cryptology-- CRYPTO '97 , volume 1294 of Lecture Notes in Computer Science , pages 16-30. Springer-Verlag, 17-21 August 1997.

[17]

R. Gennaro, S. Halevi, and T. Rabin. Secure hash-and-sign signatures without the random oracle. Lecture Notes in Computer Science , 1592, 1999.

[18]

M. Jakobsson and M. Yung. Revokable and versatile electronic mony. In Clifford Neuman, editor, 3rd ACM Conference on Computer and Communications Security , pages 76-87, New Delhi, India, March 1996. ACM Press.

[19]

D. Pointcheval and J. Stern. Security proofs for signature schemes. In Ueli Maurer, editor, Advances in Cryptology--EUROCRYPT'96 , volume 1070 of Lecture Notes in Computer Science , pages 387-398. Springer-Verlag, 12-16 May 1996.

[20]

T. Sander. Efficient accumulators without trapdoor. In V. Varadharajan and Y. Mu, editors, Proceedings of 2nd International Conference on Information and Communication Security (ICICS'99) , volume 1726 of Lecture Notes in Computer Science . Springer-Verlag, 1999.

[21]

T. Sander and A. Ta-Shma. Auditable, anonymous electronic cash. In M. Wiener, editor, Advances in Cryptology--CRYPTO '99 , volume 1666 of Lecture Notes in Computer Science . Springer-Verlag, 1999.

[22]

A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung. How to share a function securely (extended summary). In Proceedings of the Twenty-Sixth Annual ACM Symposium on the Theory of Computing , pages 522-533, Montréal, Québec, Canada, 23-25 May 1994.

[23]

A. Shamir. On the generation of cryptographically strong pseudo-random sequences. In Shimon Even and Oded Kariv, editors, Automata, Languages and Programming, 8th Colloquium , volume 115 of Lecture Notes in Computer Science , pages 544-550, Acre (Akko), Israel,13-17 July 1981. Springer-Verlag.

[24]

S. von Solms and D. Naccache. On blind signatures and perfect crimes. Computers and Security , 11(6):581-583, October 1992.

Cited By

Hölzl MRoland MMir OMayrhofer RHaddad HWainwright RChbeir R(2018)Bridging the gap in privacy-preserving revocationProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167303(1601-1609)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3167132.3167303
Lipmaa H(2012)Secure accumulators from euclidean rings without trusted setupProceedings of the 10th international conference on Applied Cryptography and Network Security10.1007/978-3-642-31284-7_14(224-240)Online publication date: 26-Jun-2012
https://dl.acm.org/doi/10.1007/978-3-642-31284-7_14
Papamanthou CTamassia RTriandopoulos NNing PSyverson PJha S(2008)Authenticated hash tablesProceedings of the 15th ACM conference on Computer and communications security10.1145/1455770.1455826(437-448)Online publication date: 27-Oct-2008
https://dl.acm.org/doi/10.1145/1455770.1455826

Index Terms

Blind, Auditable Membership Proofs
1. Security and privacy
  1. Cryptography

Index terms have been assigned to the content through auto-classification.

Recommendations

Confidential and Auditable Payments
Financial Cryptography and Data Security
Abstract
In this paper, we construct the Confidential and Auditable Payments (CAP) scheme. We keep the transaction confidential by writing ciphertexts of transactions in a ledger. We realize the soundness of the CAP scheme by the soundness of the zero-...
Offline payments with auditable tracing
FC'02: Proceedings of the 6th international conference on Financial cryptography

Tracing is an important mechanism to prevent crimes in anonymous payment systems. However, it is also a threat to the customer's privacy as long as its application cannot be controlled. Relying solely on trusted third parties for tracing is inadequate, ...
PAPR: Publicly Auditable Privacy Revocation for Anonymous Credentials
Topics in Cryptology – CT-RSA 2023
Abstract
We study the notion of anonymous credentials with Publicly Auditable Privacy Revocation (PAPR). PAPR credentials simultaneously provide conditional user privacy and auditable privacy revocation. The first property implies that users keep their ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

FC '00: Proceedings of the 4th International Conference on Financial Cryptography

February 2000

378 pages

ISBN:3540427007

Editor:
Yair Frankel

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 20 February 2000

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hölzl MRoland MMir OMayrhofer RHaddad HWainwright RChbeir R(2018)Bridging the gap in privacy-preserving revocationProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167303(1601-1609)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3167132.3167303
Lipmaa H(2012)Secure accumulators from euclidean rings without trusted setupProceedings of the 10th international conference on Applied Cryptography and Network Security10.1007/978-3-642-31284-7_14(224-240)Online publication date: 26-Jun-2012
https://dl.acm.org/doi/10.1007/978-3-642-31284-7_14
Papamanthou CTamassia RTriandopoulos NNing PSyverson PJha S(2008)Authenticated hash tablesProceedings of the 15th ACM conference on Computer and communications security10.1145/1455770.1455826(437-448)Online publication date: 27-Oct-2008
https://dl.acm.org/doi/10.1145/1455770.1455826

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents