Anonymity revocation through standard infrastructures

Abstract

Anonymity in information systems has been a very active field of study in recent years. Indeed, it provides fundamental improvements in privacy by protecting users' identities. However, it also serves as a shield for malicious parties, since it makes tracing users difficult. Many anonymous signature schemes and systems have been proposed to overcome this problem through the incorporation of some kind of credential revocation. However, these revocation functions have been proposed at a theoretical level or, at the most, as part of highly customized systems. Moreover, another critical requirement for any practical information system is usability, which calls for the standardization of the underlying primitives. In the context of the distribution and management of digital identities the most widely known standard is X.509 Public Key Infrastructure (PKI). Several proposals have been made to extend X.509 certificates to support anonymous signature schemes. However, further work is required in order to succcessfully implement revocation functionalities in such environments. Since in X.509 the procedures for identity revocation mainly rely on either Certificate Revocation Lists (CRLs) or the Online Certificate Status Protocol (OCSP), we propose a set of extensions for both revocation standards in order to incorporate support for anonymous signature schemes.With these extensions, we achieve revocation functionality similar to that for current PKIs. © Springer-Verlag Berlin Heidelberg 2013.