CERTIFIED PSEUDONYMS COLLIGATED WITH MASTER
SECRET KEY
Vijayakrishnan Pasupathinathan, Josef Pieprzyk
ACAC, Department of Computing, Macquarie University, Sydney, Australia
Huaxiong Wang
Division of Mathematical Sciences, Nanyang Technological University, Singapore
Keywords:
Anonymity, Identification, Colligated pseudonyms, TPM.
Abstract:
A pseudonym provides anonymity by protecting the identity of a legitimate user. A user with a pseudonym
can interact with an unknown entity and be confident that his/her identity is secret even if the other entity is
dishonest. In this work, we present a system that allows users to create pseudonyms from a trusted master
public-secret key pair.
The proposed system is based on the intractability of factoring and finding square roots of a quadratic residue
modulo a composite number, where the composite number is a product of two large primes. Our proposal is
different from previously published pseudonym systems, as in addition to standard notion of protecting privacy
of an user, our system offers colligation between seemingly independent pseudonyms. This new property when
combined with a trusted platform that stores a master secret key is extremely beneficial to an user as it offers
a convenient way to generate a large number of pseudonyms using relatively small storage.
1 INTRODUCTION
The use of pseudonyms have been proposed as a
mechanism to hide a user’s identity by providing
anonymity, while being still suitable to authenticate
the holder of the pseudonym in a communication sys-
tem (Chaum, 1985). David Chaum argued that us-
ing pseudonyms provides a way that allows a user to
work anonymously, with multiple organisations, by
allowing the user to obtain a credential from one or-
ganisation using his/her pseudonym and obtain ser-
vices using that credential from another organisation
without revealing his/her true identity (Chaum, 1981;
Chaum, 1985). To this end, Chaum and Evertse de-
veloped a pseudonym system and proposed an RSA-
based implementation while relying on a trusted cen-
tre who must sign all credentials (Chaum and Evertse,
1986). Chen extended the scheme from (Chaum,
1985) and presented its discrete-logarithm version
that relies on a trusted centre (Chen, 1995). An ad-
vantage of these schemes is that, they allow the user to
generate pseudonyms, giving n user greater degree of
control over his/her identity. However, these schemes
have a common weakness. Although the identity of
the user is hidden, the credentials (such as certificates
of his/her public key) or pseudonyms can be easily
shared (unauthorised transfer) with other users.
Based on security of preserving a high-value
(master) secret key, Canettie et al. (Canetti et al.,
2000) and Lysayanskaya et al. (Lysyanskaya
et al., 1999) independently proposed non-transferable
pseudonym systems. Though credentials obtained on
pseudonyms can be used anonymously, the authors
of (Canetti et al., 2000) assume that, certification au-
thority (CA) grants credentials only when each user
reveals their true identity to them. This makes their
scheme prone to collusion between a CA and a ver-
ifier, as they can deduce the real identity associated
with the user pseudonym. The scheme from (Lysyan-
skaya et al., 1999) protectsagainst unauthorisedtrans-
fer of the user credentials, by forcing a user to reveal
the master secret key if they choose to share their cre-
dentials. But the scheme shares the same weakness as
in (Canetti et al., 2000), during the registration phase,
users are required to disclose their true identity (mas-
ter public key) to a CA.
190
Pasupathinathan V., Pieprzyk J. and Wang H. (2009).
CERTIFIED PSEUDONYMS COLLIGATED WITH MASTER SECRET KEY.
In Proceedings of the International Conference on Security and Cryptography, pages 190-197
DOI: 10.5220/0002226501900197
Copyright
c
SciTePress
1.1 Scope and Contribution
This paper presents a pseudonym system which is
based on the public key cryptosystem. The main idea
is to use a single trusted master secret key with many
matching public keys (pseudonyms). The proposed
system gives users the ability to generate multiple
pseudonyms (that are independent of the master pub-
lic key) from a trusted master secret key. An impor-
tant propertyof the system is that, it providesusers the
ability to generate signatures using the master secret
key, which are verifiable using certificates that were
issued against pseudonyms.
Let us consider an example. Consider a TPM
(Trusted Platform Module) chip that is integrated into
a computing platform (such as mobile phones, lap-
tops, etc.). The chip contains a certified public-secret
key pair. The public key is certified by its manu-
facturer and recorded on the TPM chip at the time
of manufacturing. The certified public key of the
chip can be used to authenticate the machine with the
TPM. The TPM is used to further certify public keys
of users associated with the machine. A verifier can
authenticate a user based on the certificate chain con-
sisting of the user certificate, the TPM certificate and
the manufacturer certificate. But, revealing the iden-
tity of the machine to every verifier would not only
compromise the anonymity of the machine but also
the anonymity of user(s) of the machine. It is pos-
sible to identify a user using their pseudonyms but,
the verifier trusts only the TPM chip’s certified public
key and not the operating system of the machine or
any newly generated pseudonyms. Therefore, we re-
quire a system that gives a user the ability to generate
and control the usage of multiple identities based on
a trusted master identity (TPM’s certified public key),
where the pseudonyms should not only be indepen-
dent of the master identity (anonymity), but also there
is a relation between all pseudonyms generated
1
and
the trusted master secret key stored in the chip (we
call this relation colligation).
Anonymity and colligation are in some sense con-
tradictory. Anonymity requires that, it is impos-
sible (at least computationally) for an entity with
knowledge of a pseudonym, to link that pseudonym
with either the master identity or any other gener-
ated pseudonym. Whereas, colligation requires that
the prover is guaranteed that there is an underly-
1
To a certifier it is essential that the system provides
guarantee that, all pseudonyms from a particular TPM can
be traced back to a single secret key, but a verifier needs
proof of this binding between the master secret key and only
the pseudonym that he/she is currently presented with. We
do not make this distinction here.
ing link that exists between all pseudonyms (that ap-
pear to be unrelated to each other) was generated
from the trusted master secret key. Previously pub-
lished proposals like, (Damgard, 1988; Lysyanskaya
et al., 1999; Camenisch and Lysyanskaya, 2002;
Chen, 1995; Canetti et al., 2000; Chaum, 1985) that
achieved anonymity have considered a user’s iden-
tity that consists of public-secret key pair as a sin-
gle unified structure. Under a such assumption it
is unfeasible to obtain both anonymity and colliga-
tion. We aim to segregate the structure and provide
anonymity to a user but still maintain colligation be-
tween pseudonyms generated using the user’s master
secret key. The implication of this structure is that,
a user’s master secret key becomes highly valuable,
as all his pseudonyms are linked directly to the secret
key.
Based on the security requirement of non reveal-
able master public key in a TPM, Brickell et al.
proposed a method for direct anonymous attestation
(DAA) (Brickell et al., 2004) that provides anonymity
to a user based on the Camenisch-Lysyanskaya cre-
dential system (Camenisch and Lysyanskaya, 2002).
Unfortunately, the scheme (Brickell et al., 2004) does
not provide secret key linkability for identities that are
generated. Consequently, in their scheme, the TPM
needs to maintain a database of those identities and
associated secret keys. The database can get quite
large if the TPM serves a large group of users. Also,
their DAA scheme does not support identity transfer
among machines. In this paper we limit ourselves to
the problem of achieving anonymity and colligation,
and we do not address the issue of identity transfer.
1.2 Organisation
Section 2 provides the background on anonymouscer-
tification system and cryptographic techniques em-
ployed. In Section 3 we provide our construction, and
in Section 4, we discuss its security. In Section 5, we
discuss integration of our proposal in a TPM based
setting and conclude in Section 6.
2 BACKGROUND
User anonymity and colligation between master se-
cret key and user generated identities is of paramount
importance. To provide anonymity to user gener-
ated identities (pseudonyms) our proposal will make
use of an anonymous certification scheme, such as,
a scheme with blind signatures. An anonymous cer-
tification system is necessary to provide anonymity
to a user and to prevent collusion between a certi-
CERTIFIED PSEUDONYMS COLLIGATED WITH MASTER SECRET KEY
191
fier and a verifier. To this end, we will employ a
modified blind signature scheme (refer Section 3.3)
proposed by Pointcheval (Pointcheval, 2000). Note
that any anonymous certification scheme that sup-
ports non-transferability and revocation of anonymity
can be employed with some necessary modifica-
tions. To provide colligation between the generated
pseudonyms and master secret key we can use any
one-way function. In our construction we use squar-
ing modulo a composite integer. In this section, first
we describe the model of an anonymous certification
scheme that is going to provide certificates for user
generated identities (pseudonyms). In the remaining
of this section we summarise the main cryptographic
building blocks that we use in our constructions.
2.1 Anonymous Certification System
Anonymous certification system (ACS) represents the
certification process of a public key by a certifier who
does not know the public key. This is essentially a
Chaum blind signature (Chaum, 1982) on the public
key of the user, i.e. it provides anonymity to the re-
ceiver
2
.
A typical ACS consists of four entities and three
protocols. The entities are: a user U , a verifier V ,
a certifier C and a trustee (tracer) T . The protocol
suites include: a certification protocol, where U in-
teracts with C to obtain a certified pseudonym i.e. the
pseudonym is blindly signed. An identification proto-
col, where V interacts with U to authenticate U s cre-
dential and provide services. A trace protocol, where
T participates and is invoked to trace the real identity
associated with U s pseudonym.
2.1.1 System Setting
The user, U , chooses a modulus N
i
, such that a N
i
=
p
(i)
1
p
(i)
2
, is a product of two distinct large primes each
congruent to 3 (mod 4), (p
(i)
1
, p
(i)
2
are Blum integers
(Blum et al., 1986)), an element g Z
N
i
whose or-
der is φ(N
i
) = (p
(i)
1
1)(p
(i)
2
1) and where i is the
number of pseudonyms. We also require the modulus
for pseudonyms to be different, otherwise anonymity
can be compromised trivially by just maintaining a
list of modulus. The user chooses a master secret key
SK
U
0
Z
N
0
and publishes the master public key PK
U
0
= g
SK
U
0
mod N
0
(which represents the user’s true and
public identity). The certifier C publishes its pub-
lic key PK
C
= g
SK
C
mod N
c
while keeping the cor-
responding secret key private. The certifier also pub-
2
Whereas, group signature schemes as employed by
(Brickell et al., 2004) provide anonymity to the source.
lishes the public key of the Trustee T , (for tracing and
revocation) which would be of the form PK
T
= g
SK
T
1
mod N
T
, where g
1
Z
N
T
. Every user registers with
a certification authority to obtain a certificate of the
form
CERT
C
hPK
U
0
i.
2.1.2 Protocol Certify
The certification involves two steps: certifica-
tion of the master public key and certification of
pseudonyms. In an TPM based setting the mas-
ter public key is certified by the manufacturer,
and the following describes the certification of the
pseudonyms.
The user, U , generates pseudonyms of the form
(PK
U
1
, ..., PK
U
l
) using the identity generation pro-
cess described in Section 3.2. The user then identifies
himself/herself (using the master public key) to the
certifier and engages in a certify protocol to obtain a
certificate on a pseudonym PK
U
i
. The value of PK
U
i
is never revealed to the certifier. We shall express this
phase as
(PK
U
i
,
CERT
C
hPK
U
i
i) Certify(U , C ,
CERT
C
hPK
U
0
i)
i.e. U engages in the certify protocol with C
using
CERT
C
hPK
U
0
i to obtain a certificate on PK
U
i
,
CERT
C
hPK
U
i
i”.
2.1.3 Protocol Identify
A user U who wishes to avail services offered by a
verifier V , engages in a identification protocol to con-
vince that he/she possess the necessary credentials.
We shall express this phase as
h
PROOF
U
i
i Identi fy(U , V , PK
U
i
,
CERT
C
hPK
U
i
i, PK
T
)
i.e. U engages in an identification protocol
with a verifier V using the psuedonymn PK
U
i
and
CERT
C
hPK
U
i
i and which contains the encryption of
the identity under the public key PK
T
”.
2.1.4 Protocol Trace
A verifier who needs to trace the identity of the user
contacts the trustee T by providing with the transcript
from an identification protocol h
PROOF
U
i
i. We shall
express this phase as
(PK
U
0
) Trace(V , T , PK
U
i
,
CERT
C
hPK
U
i
i, h
PROOF
U
i
i)
i.e. V engages in the tracing protocol with T
using the values PK
U
i
,
CERT
C
hPK
U
i
i and proof of
identity use h
PROOF
U
i
i to obtain the master identity
PK
U
0
”.
SECRYPT 2009 - International Conference on Security and Cryptography
192
2.2 Assumptions
Our system relies on the following assumptions:
Assumption 1 (Factoring). A probabilistic
polynomial-time algorithm G exists which on in-
put 1
|N|
outputs N, where N is a composite of two
prime number, p
1
and q
1
, such that for any prob-
abilistic polynomial time algorithm A , the prob-
ability that A can factor N is negligible i.e. the
probability of success is smaller than
1
poly(|N|)
.
Assumption 2 (Square Root). A probabilistic
polynomial-time algorithm A which on input N
and a, where N is a composite of two prime
numbers, p
1
and q
1
and a QR
N
is a quadratic
residue, the probability that A can output b, such
that b
2
a mod N is negligible, i.e. the probabil-
ity of success is smaller than
1
poly(|N|)
.
Assumption 3 (Square Decisional Diffie-
Hellmann). The square decisional Diffie-
Hellman (SDDH) problem is defined as follows.
Distinguish between distributions of the form
(g, g
a
, g
a
2
) from (g, g
a
, g
r
), where r is random and
uniformly chosen integer from {1, . . . , N 1}. We
assume that there is no probabilistic polynomial-
time algorithm G that can solve a random
instance of the SDDH problem with probability
1
2
+
1
poly(|N|)
.
We also use the Chaum and Pederson construction
(Chaum and Pedersen, 1992) as a sub-protocol for
a interactive proof of knowledge for the discrete log
problem (DL-EQ). Their protocol (Chaum and Peder-
sen, 1992) was designed for the case when group of
the exponents has prime order, whereas in our proto-
col the group of the exponents have composite order.
But as suggested by (Camenisch and Michels, 1999),
the proof of knowledge of discrete logarithm from
different groups (DL-EQ) holds even when working
over a cyclic sub-group of Z
N
. We combine the DL-
EQ with El-Gamal encryption over a composite mod-
ulus (Franklin and Haber, 1993) to encrypt the master
identity of the user under the public key of the trustee,
verifiable by the certification authority.
3 PROTOCOLS
We shall now present our scheme that consists of four
phases: identity generation, certification, identifica-
tion and trace.
3.1 System Setting
The system involves four entities. A user U who
holds a long term certified public key PK
U
0
(we shall
call it the master public key), and wishes to hide his
identity from a verifier V . The public keys are certi-
fied by a certification authority C and a trustee T re-
sponsible for tracing the pseudonym used by the user.
The U master public-secret key-pair is generated
as in Section 2.1.1. U then obtains a certificate on the
master public key PK
U
0
from a certification authority
C , which represents the U s true identity.
The public key of the certification authority is
PK
C
= g
SK
C
and the trustee is PK
T
= g
SK
T
1
, where
SK
C
and SK
T
are the corresponding secret keys for
the certification authority and the trustee respectively.
3.2 Identity Generation
U generates new identities using the following key
generation process, which takes the inputs, N
j
, g, a
counter value i (indicating the total number of new
identities being generated), identity level l (number
of identities generated previously) and the master
secret key SK
U
0
.
I-Generation
(g,i,l,SK
U
0
)
For
j = l,.. .,i
do
PK
U
j
= g
SK
2
j
U
0
mod N
j
EndFor
Return
(PK
U
l
,...,PK
U
j
)
During the first run the value of identity level l
would be 1 and counter value i is the number of new
identities U requires. Further calls to the key genera-
tion, the identity level would be the counter value that
was used during the previous run (l
= i). An implicit
requirement is that, U should keep track of the values
i and l as long as the master public key remains valid.
We could (and do) treat the identities generated as
public keys, that are of the form (PK
U
l
,...,PK
U
i
) =
(g
SK
2
l
U
0
, . . . , g
SK
2
i
U
0
)
3.3 Certification
The newly generated public keys (PK
U
1
, ..., PK
U
l
)
are required to be certified by C before they can be
used. It is possible to use a normal certification pro-
cedure as currently employed in public key crypto-
systems, where the public key PK
U
i
is signed by U
using the master secret key SK
U
0
and sent to C for
certification. C verifies the signature using the master
public key PK
U
0
, on a successful verification C dig-
itally signs using his private key SK
C
and sends the
certificate to U . This method is quite straightforward,
CERTIFIED PSEUDONYMS COLLIGATED WITH MASTER SECRET KEY
193
Certifier User
r
R
Z
N
0
x = PK
U
0
g
r
x
β, γ, s
R
Z
N
0
(X, Y ) = EncElg
P K
T
(P K
U
0
, s)
α = x · g
βSK
U
0
· P K
γ
C
δ = IHI(PK
U
i
k(X, Y )kα)
e = δ γ
e
y = r eSK
C
y
x
?
= g
y+SK
U
0
P K
e
C
ρ = y + β
Figure 1: Modified Blind Certification Protocol of
(Pointcheval, 2000) - The signature on PK
U
i
is (α, δ, ρ) and
a receiver can verify using the relation α
?
= g
ρ
PK
δ
C
.
but certain applications (e.g. applications based on
TPM) require the new identities to be protected even
from the certifier. So, we propose a modification to
the certification scheme based on a blind signature
scheme using a composite modulus by Pointcheval
(Pointcheval, 2000). The blind signature scheme now
includes the master public key of the user which is
used by the certifier to form the commitment and is
later verified by the user.
The certification process is represented by:
(PK
U
i
,
CERT
C
hPK
U
i
i)
Certify(U , C ,
CERT
C
hPK
U
0
, (X, Y)i)
where,
CERT
C
hPK
U
i
i is the valid blind signature
(PK
U
i
, α, δ, ρ) by C on PK
U
i
and (X, Y), accom-
plished by the three-pass protocol depicted in Figure
1. The security proof of the modified protocol triv-
ially follows the proof presented in Pointcheval’s pa-
per (Pointcheval, 2000).
3.4 Identification
The Identification protocol (Figure 2) is based
on Pointcheval optimised identification scheme
(Pointcheval, 2000) of Girault’s identification scheme
(Girault, 1991), but it now also includes the DL-EQ
log
g
X = log
PK
T
Y. In this protocol a user U uses his
certified pseudonym to identify himself/herself with a
verifier V and at the end of the protocol the verifier
obtains an undeniable proof of U participation in the
protocol. The identification process is represented by
h
PROOF
U
i
i Identi fy(U , V , PK
U
i
,
CERT
C
hPK
U
i
i, PK
T
)
3.5 Tracing
The trace protocol (Figure 3) is invoked by a veri-
fier V after U has misused a pseudonym and runs
User Verifier
k, w
R
Z
N
i
a
1
= g
w
; a
2
= (PK
T
· PK
U
0
)
w
h = IHI(g
2
k
)
h,(a
1
,a
2
),(X,Y )
c
1
R
Z
N
i
c
2
= IHI(X, Y, a
1
, a
2
)
c
1
,c
2
z
1
= 2
k
c
1
· SK
2
i
U
0
z
2
= w s · c
2
z
1
,z
2
,CERT
C
hP K
U
i
i
Verify CERT
C
hP K
U
i
i
and obtain (α, δ)
δ
?
= IHI(PK
U
i
k(X, Y )kα)
a
1
?
= g
z
2
X
c
2
; a
2
= PK
z
2
T
Y
c
2
h
?
= IHI(g
z
P K
c
U
i
)
Figure 2: Identification Protocol.
between the verifier V and the trustee T . To trigger
the protocol V has to provide proof of protocol par-
ticipation by U . We shall express this phase as
(PK
U
0
) Trace(V , T , PK
U
i
,
CERT
C
hPK
U
i
i, h
PROOF
U
i
i)
Verifier Trustee
σ = SIGN
V
hc, z, hi
σ,α,δ,ρ,PK
U
i
,PK
C
CERT
C
hP K
U
i
i
VERIFY
PK
V
hσi
h
?
= IHI(g
z
PK
c
U
i
)
α
?
= g
ρ
PK
δ
C
Verify CERT
C
hP K
U
i
i
Obtain (X, Y ) from hPROOF
U
i
i
P K
U
0
= DecElg
SK
T
(X, Y )
Figure 3: Tracing Protocol.
4 SECURITY
4.1 Adversary Goals
We assume an active adversary A , who is capable of
eavesdropping and injecting messages in the commu-
nication medium. We also assume that an adversary
may be also be a legitimate (but dishonest) participant
in a protocol, i.e. either the certifier or the verifier or
both may be dishonest.
As in (Damgard, 1988; Lysyanskaya et al., 1999),
we want our pseudonym system to be secure against
the following attacks, i.e. an adversary’s goal is to
mount any of following attacks:
Pseudonym forgery: An adversary tries to forge a
pseudonym for some user, possibly in association
with other participants, including the certifier.
That is the attack can be either:
SECRYPT 2009 - International Conference on Security and Cryptography
194
1. An adversary in possession of a valid proof
tuple (PK
U
i
,
CERT
C
hPK
U
i
i) issued to an-
other user or for a tuple of the form
(PK
U
i
,
CERT
C
hPK
A
i) is successfully able to ex-
ecute an identification protocol with a verifier
identifying as U
i
.
2. An adversary successfully identifying him-
self/herself by executing an identifica-
tion protocol with a tuple of the form
(PK
A
,
CERT
C
hPK
U
i
i).
Identity compromise: An adversary in association
with other participants tries to obtain information
regarding the user’s master public-secret key-pair,
i.e. and adversary with the knowledge of all user
generated public keys (PK
U
1
, ..., PK
U
l
), it should
be computationally infeasible for an adversary to
either obtain the master public key PK
U
0
.
Pseudonym linking and colligation: An adver-
sary tries to obtain information that links a pair of
pseudonyms to the same user or to a user’s master
public key. The goal is that even with the knowl-
edge of all user generated public keys (PK
U
1
, ...,
PK
U
l
), it should be computationally infeasible for
an adversary to prove that any of the PK’s in the
set (PK
U
1
, ..., PK
U
l
), are related.
We now present our claims on the security of our
proposal.
Claim 4.1. If the Square Decisional Diffie-Hellman
(SDDH) problem is hard, then public keys generated
from the master public key are indistinguishable.
The public keys generated are of the form g
SK
2
i
where, i 0, . . . , l. For an adversary A to distinguish
between a newly generated public key from a master
or another newly generated public key, A should solve
the square Diffie-Hellman decision problem, i.e., ef-
ficiently distinguish between two distributions of the
form (g, g
SK
, g
SK
2
) and (g, g
SK
, g
c
), which is assumed
to be hard.
Claim 4.2. It is computationally infeasible to obtain
the master public key of a user by an adversary even
with the knowledge of all newly generated public key.
Proof (Sketch) : For an adversary to obtain the
master public key (PK
U
0
) from a pseudonym (PK
U
i
)
presented, the adversary needs to solve, first the dis-
crete log problem to obtain SK
U
i
and then solve the
square root problem to obtain the value i. This vio-
lates our security assumptions. It is also a well known
fact that, assuming the factoring of Blum Integers is
intractable, the function f
N
= SK
2
i
U
0
mod N
i
is a trap-
door (one-way) permutation (Goldreich, 1999).
Claim 4.3. It is computationally infeasible to obtain
the master public key of a user by a verifier or a cer-
tifier even if the certifier and verifier collude.
Proof (Sketch) : Both C and V have knowl-
edge of the public parameters. In addition, C has
the knowledge of the user’s master public key PK
U
0
,
whereas, a verifier has the knowledge of the cipher-
text obtain from the El-Gamal encryption (X, Y), the
pseudonym of the user PK
U
i
, the signature value on
both the pseudonym and the cipher-text (α, ρ, δ, PK
C
).
For a dishonest certifier
b
C and a dishonest veri-
fier
b
V to obtain the master public key PK
U
0
of a user,
either independently or in collusion, any one of the
following cases need to be satisfied.
Case 1. The blind signature protocol during the certi-
fication process leaks information about the iden-
tity of the user.
Case 2. A verifier is able to deduce the master iden-
tity from the pseudonym presented during the
identification protocol.
Case 3. The certifier and a verifier with their com-
bined knowledge, are able to identify the colli-
gation that exists between a pseudonym and the
master secret key.
The security of Case 1 trivially follows the proof
of security of blind signature protocol by Pointcheval
in (Pointcheval, 2000). For Case 2, a verifier can
obtain the master public key if the proof of DL-EQ
log
g
X = log
PK
T
Y leaks any information regarding the
master public key. A way of proving the security
of the scheme is via the oracle replay technique for-
malised by Pointcheval and Stem (Pointcheval and
Stern, 1996). In particular, the Schnorr signature with
composite modulus has been proved secure in the ran-
dom oracle model (Bellare and Rogaway, 1993) by
Poupard and Stem (Poupard and Stern, 1998). They
showed that if an adversary is able to forge a signa-
ture under an adaptively chosen message attack, then
he/she is able to compute discrete logarithms in G.
The security of Case 3 is based on the inability
of
b
V and
b
C to obtain any information that links the
user when he/she interacts in the identification and
the certification protocols. There are only two pos-
sibilities which can identify a user that he/she partici-
pated in both the protocols. (a) The pseudonym leaks
value about the true identity and (b) the El-Gamal
cipher-text (X, Y) which is used in both the certifi-
cation and identification protocols can be linked to
PK
U
0
. If
b
C and
b
V in collusion are able to identify
that the same (X,Y) which was presented in the iden-
tification protocol was used in the certification pro-
tocol, then they can positively establish a connection
CERTIFIED PSEUDONYMS COLLIGATED WITH MASTER SECRET KEY
195
between the pseudonym presented during the identi-
fication protocol with the master identity used in the
certification protocol.
From Theorem 4.2, we can conclude that it is
computationally infeasible for
b
V or
b
C to obtain the
master identity from a given pseudonym. As for pos-
sibility two, the hash value δ computed with cipher-
text (X, Y), the pseudonym PK
U
i
and the value α as
inputs, is blindly signed and never revealed to the cer-
tifier.
Claim 4.4. If the El-Gamal encryption is secure, then
only the corresponding trustee can obtain information
about the user from the encrypted cipher-text.
The proof of this theorem directly follows the
proof in (Franklin and Haber, 1993). The authors
showed that the security of the composite El-Gamal
reduces to computing quadratic residue over a com-
posite modulus that is a product of two primes. And
since the master public key is encrypted using the pu-
bic key of the trustee, only the trustee can successfully
decrypt the cipher-text.
Remark 1. The protocol also provide guarantees of
honest participation of a user. The cipher-text con-
taining the master public key is signed (blindly) by
the certifier. A verifier computes the hash value of
the cipher-text (X, Y), the pseudonym and α again to
verify against the signed hash value in the blind cer-
tificate, thus confirming that the user has performed
an El-Gamal encryption over the same values, which
was used during the certification process.
5 APPLICATION
In this section, we present a brief summary about how
the protocols can be applied in an Trusted Platform
Module (TPM) based setting. We are considering a
TPM setting because of tamper resistant protection
offered to the master secret key, but the protocols can
be applied to other structures like directory based ser-
vices (e.g. active directory, LDAP).
The Trusted Platform Module (TPM) is the basis
of trusted computing, promoted by the Trusted Com-
puting Group. A TPM consists of an unique endorse-
ment key (EK) pair, that is built into the hardware
module during manufacturing. The public part of EK
is certified by the manufacturer and the secret part is
sealed inside the TPM and is never revealed to the
outside. A primary function of the TPM is attestation
i.e. the TPM provides guarantees to a remote service
that the platform is not tampered with and therefore
secure. A TPM can also provide other security ser-
vices like secure boot and sealed storage. We refer
the reader to (TCG, 2001; TCG, 2007) for more in-
formation about TPMs.
The deployment of TPM raises some valid pri-
vacy concerns. Authentication based on directly us-
ing the TPM’s EK, will compromise anonymity of
the module as all transactions performed by the same
TPM can be linked. Further more, it will compro-
mise the anonymity of the user associated with the
module. Privacy protection in TPM currently involves
two mechanism: Privacy CA based attestation (TPM
v1.1) (TCG, 2001) and Direct Anonymous Attesta-
tion (TPM v1.2)(Brickell et al., 2004; TCG, 2007).
We do not propose a replacement to current TPM au-
thentication standards. We merely wish to highlight
the use of TPM as an application for our proposal, and
as mentioned before our protocols can be integrated
into other systems like directory based services.
TPM BASED SETTING: The endorsement key
(EK) in a TPM will be of the form (PK
U
0
,SK
U
0
). The
EK is certified by the manufacturer and embedded
into the TPM. A user who wishes to obtain services
from an application software on a machine generates
a pseudonym of the form (PK
U
i
,SK
U
i
) as described in
Section 3.2. The application software and the TPM
then perform an identification protocol as in Section
3.4. At the end of the identification protocol the ap-
plication software is provided a guarantee on the iden-
tity of the user and the associated TPM, but the system
still protects the identity of both the TPM and the user
associated with it.
6 CONCLUSIONS
The aim of a pseudonym is to hide the identity of
legitimate users by providing confidentiality to the
identity, thereby providing anonymity. A pseudonyms
also need to be traced in case of misuse and therefore
needs to provide only restricted anonymity. In this pa-
per, we have presented an pseudonym system by us-
ing the property of preserving a high value secret key.
The system not only provides restricted anonymity
but also supports colligation between a trusted high
value secret key and generated pseudonyms.
Compared to other pseudonym schemes, our
scheme has an efficient identification protocol, thus
computation can be carried out on a devices that are
constrained of processing power. Computations may
be performed on the module itself, whereas the DAA
scheme (Brickell et al., 2004; TCG, 2007) requires
computation to be distributed among the TPM and the
host computer. Our scheme is also ideally suited for
storage constraint devices. Because, there are no new
secret key to be generated for each pseudonyms, only
SECRYPT 2009 - International Conference on Security and Cryptography
196
counter values of the pseudonym, thus there is no ap-
preciable increase in storage requirement even when
the number of pseudonyms required are high.
Finally, in terms of anonymity, our proposal pro-
vides a excellent benefit to users, as not only appli-
cations on a single computer can be associated with
a different pseudonym but also every web based ap-
plication used by a user can be associated with a
pseudonym.
REFERENCES
Bellare, M. and Rogaway, P. (1993). Random oracles are
practi- cal: A paradigm for designing efficient proto-
cols. ACM Conference on Computer and Communi-
cations Security’93, pages 62—73.
Blum, L., Blum, M., and Shub, M. (1986). A simple un-
predictable pseudo random number generator. SIAM
J. Computing, 15(2):364–383.
Brickell, E., Camenisch, J., and Chen, L. (2004). Direct
anonymous attestation. In 11th ACM Conference on
Computer and Communications Security. ACM Press.
Camenisch, J. and Lysyanskaya, A. (2002). Dynamic ac-
cumulators and application to efficient revocation of
anonymous credentials. Advances in Cryptology -
CRYPTO’02, LNCS 2442:101–120.
Camenisch, J. and Michels, M. (1999). Separa-
bility and efficiency for generic group signature
schemes. Advances in Cryptology -CRYPTO’99,
LNCS 1666:413—430.
Canetti, R., Charikar, M. S., Rajagopalan, S., Raviku-
mar, S., Sahai, A., and Tomkins, A. S. (2000).
Non-transferable anonymous credentials. Patent No:
7222362.
Chaum, D. (1981). Untraceable electronic mail, return ad-
dresses, and digital pseudonymns. Communications
of the ACM, 24(2):84–88.
Chaum, D. (1982). Blind signatures for untraceable pay-
ments. Advances in Cryptology -CRYPTO’82, pages
199–203.
Chaum, D. (1985). Security without identification: Trans-
action systems to make big brother obsolete. Commu-
nications of the ACM, 28(10):1030–1044.
Chaum, D. and Evertse, J.-H. (1986). A secure and privacy-
protecting protocol for tranmitting personal informa-
tion between organisation. In Advances in Cryptology
- CRYPTO’86, pages 118–167. Springer-Verlag.
Chaum, D. and Pedersen, T. (1992). Transferred cash grows
in size. Advances in Cryptology -EUROCRYPT’92,
LNCS 658:390–407.
Chen, L. (1995). Access with pseudonyms. In Dawson,
E. and Golic, J., editors, Cryptography: Policy and
Algorithms, number 1029, pages 232–243. Springer-
Verlag.
Damgard, I. (1988). Payment systems and credential mech-
anisms with provable security against abuse by indi-
viduals. Advances in Cryptology -CRYPTO’88, LNCS
403:328–335.
Franklin, M. and Haber, S. (1993). Joint encryption and
message-efficient secure computation. Advances in
Cryptology -CRYPTO’93, LNCS 773:266 – 277.
Girault, M. (1991). Self-certified public keys. In Ad-
vances in Cryptology - EUROCRYPT’91, volume 547
of Lecture Notes in Computer Science, pages 490–
497. Springer-Verlag.
Goldreich, O. (1999). Modern Cryptoraphy, Probabilistic
Proofs and Pseudo-randomness. Springer.
Lysyanskaya, A., Rivest, R. L., Sahai, A., and Wolf, S.
(1999). Pseudonym systems (extended abstract). Se-
lected Areas in Cryptography’99, LNCS 1758:184
199.
Pointcheval, B. and Stern, J. (1996). Security proofs
for signature schemes. Advances in Cryptology -
EUROCRYPT’96, LNCS 1070:387–398.
Pointcheval, D. (2000). The composite discrete logarithm
and secure authentication. In Imai, H. and Zheng, Y.,
editors, International Workshop on Practice and Tho-
ery in Public Key Cryptography - PKC’2000, volume
1751 of Lecture Notes in Computer Science, pages
113–128, Melbourne, Australia. Springer-Verlag.
Poupard, G. and Stern, J. (1998). Security analy-
sis of a practical “on the fly” authentication and
signature generation. Advances in Cryptology -
EUROCRYPT’98, LNCS 1403:422–436.
TCG (2001). Trusted computing group main specification
v1.1.
TCG (2007). Trusted computing group main specification
v1.2.
CERTIFIED PSEUDONYMS COLLIGATED WITH MASTER SECRET KEY
197