Anonymous Authentication of Membership in Dynamic Groups

  • Stuart Schechter
  • Todd Parnell
  • Alexander Hartemink
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1648)


We present a series of protocols for authenticating an in- dividual’s membership in a group without revealing that individual’s identity and without restricting how the membership of the group may be changed. In systems using these protocols a single message to the authenticator may be used by an individual to replace her lost key or by a trusted third party to add and remove members of the group. Ap- plications in electronic commerce and communication can thus use these protocols to provide anonymous authentication while accommodating frequent changes in membership. We build these protocols on top of a new primitive: the verifiably common secret encoding. We show a con- struction for this primitive, the security of which is based on the existence of public-key cryptosystems capable of securely encoding multiple mes- sages containing the same plaintext. Because the size of our construct grows linearly with the number of members in the group, we describe techniques for partitioning groups to improve performance.


anonymity authentication key replacement identification verifiably common secret encoding 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anonymizer, Inc.,
  2. 2.
    M. Blum and S. Goldwasser, “An Efficient Probabilistic Public-Key Encryption Scheme which Hides All Partial Information,” Advances of Cryptology-CRYPTO’ 84 Proceedings, Springer-Verlag, pp. 289–299.Google Scholar
  3. 3.
    J. Camenisch and M. Stadler, “Efficient Group Signature Schemes for Large Groups,” Advances in Cryptology-CRYPTO’ 97 Proceedings, Springer-Verlag, v. 1294, pp. 410–424Google Scholar
  4. 4.
    D. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms,” Communications of the ACM, v. 24, n. 2, Feb 1981, pp. 84–88.CrossRefGoogle Scholar
  5. 5.
    D. Chaum, “Security without Identification: Card Computers to make Big Brother Obsolete,” Communications of the ACM, v. 28, n. 10, Oct 1985, pp.1030–1044.CrossRefGoogle Scholar
  6. 6.
    D. Chaum, A. Fiat, and M. Naor, “Untraceable Electronic Cash,” Advances in Cryptology-CRYPTO’ 88 Proceedings, Springer-Verlag, pp. 319–327.Google Scholar
  7. 7.
    D. Chaum and E. van Heyst, “Group signatures,” Advances in Cryptology-EUROCRYPT’ 91 Proceedings, Springer-Verlag, pp. 257–265.Google Scholar
  8. 8.
    D. Coppersmith, “Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities,” Journal of Cryptography, v. 10 n. 4, Autumn 1997, pp. 233–260.zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    R. Cramer, I. Damgard, B. Schoenmakers, “Proofs of partial knowledge and simplified design of witness hiding protocols,” Advances in Cryptology-CRYPTO’ 94 Proceedings, pp.174–187.Google Scholar
  10. 10.
    A. De Santis, G. Di Crescenzo, G. Persiano, “Communication-efficient anonymous group identification,” 5th ACM Conference on Computer and Communications Security, November 1998, pp.73–82.Google Scholar
  11. 11.
    A. De Santis, G. Di Crescenzo, G. Persiano, M. Yung, “On monotone formula closure of SZK,” FOCS’ 94.Google Scholar
  12. 12.
    S. Goldwasser and S. Micali, “Probabilistic Encryption,” Journal of Computer and Systems Sciences, v. 28 n. 2, Apr 1984, pp.270–299.zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    J. Hastad and A. Shamir, “On Using RSA with Low Exponent in a Public Key Network,” Advances in Cryptology-CRYPTO’ 85 Proceedings, Springer-Verlag, pp.403–408.Google Scholar
  14. 14.
    J. Hastad, “Solving Simultaneous Modular Equations of Low Degree,” SIAM Journal on Computing, v. 17 no. 2, Apr 1988, pp. 336–341.zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    J. Kilian and E. Petrank, “Identity Escrow,” Advances in Cryptology-CRYPTO’ 98 Proceedings, Springer-Verlag, pp.167–185.Google Scholar
  16. 16.
    M. Reed, P. Syverson, and D. Goldschlag, “Anonymous Connections and Onion Routing,” IEEE Journal on Selected Areas in Communication Special Issue on Copyright and Privacy Protection, 1998.Google Scholar
  17. 17.
    M. Reiter and A. Rubin, “Crowds: Anonymity for Web Transactions” DIMACS Technical Report 97-15, Apr 1997.Google Scholar
  18. 18.
    P. Syverson, S. Stubblebine, and D. Goldschlag. “Unlinkable Serial Transactions,” Financial Cryptography’ 97, Feb 1997.Google Scholar
  19. 19.
    The Wall Street Journal Online,

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Stuart Schechter
    • 1
  • Todd Parnell
    • 2
  • Alexander Hartemink
    • 2
  1. 1.Harvard UniversityHarvard
  2. 2.Massachusetts Institute of TechnologyMassachusetts

Personalised recommendations