Selectively traceable anonymous and unlinkable token-based transactions

Abstract

In this paper we propose an approach that provides a means for users to conduct transactions with a service provider such that those transactions can neither be linked to a specific user nor linked together. However, a service provider can be sure that only authorized users are able to conduct transactions. Our construction combines the concepts of anonymous authentication from public-key encryption, based on a novel paradigm denoted as post-active anonymity, and anonymous as well as unlinkable token based transactions from blind signature schemes. Thereby, this construction takes advantages of both concepts. Furthermore, in privacy-preserving protocols, unconditional anonymity is usually not desirable. Thus, we provide mechanism to revoke the anonymity of misbehaving anonymous users behind transactions in case of suspicion. More precisely, we realize selective traceability using ideas from searchable public-key encryption. This allows revocation of the anonymity of suspicious users along with the identification of all of their transactions without violating the privacy of all remaining users. © 2012 Springer-Verlag.