Privacy Protection in PKIs: A Separation-of-Authority Approach

  • Taekyoung Kwon
  • Jung Hee Cheon
  • Yongdae Kim
  • Jae-Il Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4298)


Due to the growing number of privacy infringement problems, there are increasing demands for privacy enhancing techniques on the Internet. In the PKIs, authorized entities such as CA and RA may become, from the privacy concerns, a big brother even unintentionally since they can always trace the registered users with regard to the public key certificates. In this paper, we investigate a practical method for privacy protection in the existing PKIs by separating the authorities, one for verifying ownership and the other for validating contents, in a blinded manner. The proposed scheme allows both anonymous and pseudonymous certificates to be issued and used in the existing infrastructures in the way that provides conditional traceability and revocability based on the threshold cryptography and selective credential show by exploiting the extension fields of X.509 certificate version 3.


Signature Scheme Privacy Protection Blind Signature Real Identity Conditional Traceability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adams, C., Just, M.: PKI: Ten Years Later. In: The 3rd Annual PKI R&D Workshop, NIST (2004)Google Scholar
  2. 2.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Benjumea, V., Lopez, J., Montegegro, J., Troya, J.: A first approach to provide anonymity in attribute certificates. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 402–415. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Brands, S.: Rethinking public key infrastructures and digital certificates - Building in Privacy, PHD thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands (1999)Google Scholar
  5. 5.
    Brands, S.: A technical overview of digital credentials. Manuscript (2002)Google Scholar
  6. 6.
    Camenisch, J., Herreweghen, E.: Design and implementation of the Idemix anonymous credential system. In: ACM Conference on Computer and Communications Security, pp. 21–30. ACM Press, New York (2002)Google Scholar
  7. 7.
    Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2) (1981)Google Scholar
  9. 9.
    Chaum, D.: Blind signature system. In: CRYPTO ’83, p. 153. Plenum Press, New York (1984)Google Scholar
  10. 10.
    Chaum, D.: Security without identification: Transactions systems to make big brother obsolete. Communications of the ACM 28(10), 1035–1044 (1985), Revised version, Security without identification: Card computers to make big brother obsolete, available at CrossRefGoogle Scholar
  11. 11.
    Chaum, D., Evertse, J.: A secure and privacy-protecting protocol for transmitting personal information between organizations. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 118–167. Springer, Heidelberg (1987)Google Scholar
  12. 12.
    Chen, L.: Access with pseudonyms. In: Dawson, E.P., Golić, J.D. (eds.) Cryptography: Policy and Algorithms. LNCS, vol. 1029, pp. 232–243. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  13. 13.
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. In: ACM Conference on Computer and Communications Security, pp. 46–52. ACM Press, New York (1999)CrossRefGoogle Scholar
  14. 14.
    Damgård, I.: Payment systems and credential mechanism with provable security against abuse by individuals. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 328–335. Springer, Heidelberg (1990)Google Scholar
  15. 15.
    Friedman, E., Resnick, P.: The Social Cost of Cheap Pseudonyms. Journal of Economics and Management Strategy 10(1), 173–199 (2001)Google Scholar
  16. 16.
    Goldschlag, D., Reed, M., Syverson, P.: Onion routing for anonymous and private internet connections. Communications of the ACM 42(2), 84–88 (1999)CrossRefGoogle Scholar
  17. 17.
    Graaf, J., Carvalho, O.: Reflecting on X.509 and LDAP, or How separating identity and attributes could simplify a PKI. In: WSEG 2004, pp. 37–48 (2004)Google Scholar
  18. 18.
    Grimm, R., Aichroth, P.: Privacy Protection for Signed Media Files: A Separation-of-Duty Approach to the Lightweight DRM (LWDRM) System. In: ACM MM&Sec’04, pp. 93–99. ACM, New York (2004)Google Scholar
  19. 19.
    Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF Request for Comments 3280 (April 2002)Google Scholar
  20. 20.
    Lysyanskaya, A., Rivest, R., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. IETF Request for Comments 2560 (June 1999)Google Scholar
  22. 22.
    Pfitzmann, A., Pfitzmann, B., Waidner, M.: Isdnmixes: Untraceable communication with very small bandwidth overhead. Manuscript (1991)Google Scholar
  23. 23.
    Pfitzmann, A., Köhntopp, M.: Anonymity, Unobserbability, and Pseudonymity - A Proposal for Terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Rafaeli, S., Rennhard, M., Mathy, L., Plattner, B., Hutchison, D.: An Architecture for Pseudonymous e-Commerce. In: AISB’01 Symposium on Information Agents for Electronic Commerce, pp. 33–41 (2001)Google Scholar
  25. 25.
    Reiter, M., Rubin, A.: Crowds: anonymity for Web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  26. 26.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signature and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    Shoup, V.: Practical threshold signatures. In: Zhang, C., Lukose, D. (eds.) Distributed Artificial Intelligence - Architecture and Modelling. LNCS, vol. 1087, pp. 207–220. Springer, Heidelberg (1996)Google Scholar
  28. 28.
    Siebenlist, F.: Is there life after X.509? In: Security Workshop of the Globus World 2004 Conference (2004)Google Scholar
  29. 29.
    Verheul, E.: Self-blindable credential certificates from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 533–551. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. 30.
    X.509, Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509, March 2000. Also avaiable at ISO/IEC 9594-8 (2001)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Taekyoung Kwon
    • 1
  • Jung Hee Cheon
    • 2
  • Yongdae Kim
    • 3
  • Jae-Il Lee
    • 4
  1. 1.Dept. of Computer Engineering, Sejong University, Seoul 143-747Korea
  2. 2.Dept. of Mathematical Sciences, Seoul National Univ., Seoul 151-747Korea
  3. 3.Dept. of Computer Science, Univ. of Minnesota - Twin Cities, MNUSA
  4. 4.Korea Information Security Agency, SeoulKorea

Personalised recommendations