Abstract
Interactions in electronic media require mutual trust to be established, preferably through the release of certified information. Disclosing certificates for provisioning the required information often leads to the disclosure of additional information not required for the purpose of the interaction. For instance, ordinary certificates unnecessarily reveal their binary representation.
We propose a certificate-based framework comprising protocol definitions and abstract interface specifications for controlled, that is well-specified, release of data. This includes controlled release during the certification of data and controlled release of certified data. The protocols are based on proofs of knowledge of certificates and relations over the attributes, ensuring that no side information but only the specified data are revealed. Furthermore, the protocols allow one to release certified data in plain or encrypted form and to prove general expressions over the data items. Our framework can be seen as a generalization of anonymous credential systems, group signature, traceable signature, and e-cash schemes. The framework encompasses a specification language that allows one to precisely specify what data to release and how to release them in the protocols. We outline how our framework can be implemented cryptographically. The key application of our framework is the user-controlled release of attributes. Leveraging ideas of public key infrastructures, a privacy PKI (pPKI) can be built on top of the framework. We consider our framework a central building block to achieve privacy on the Internet.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bangerter, E., Camenisch, J., and Lysyanskaya, A. A cryptographic framework for the controlled release of certified data. In Twelfth International Workshop on Security Protocols 2004 (2004), LNCS, Springer Verlag.
Boudot, F. Efficient proofs that a committed number lies in an interval. In EUROCRYPT 2000, vol. 1807 of LNCS, Springer Verlag, pp. 431–444.
Brands, S. Rapid demonstration of linear relations connected by boolean operators. In EUROCRYPT’ 97 (1997), vol. 1233 of LNCS, Springer Verlag, pp. 318–333.
Brands, S. Rethinking Public Key Infrastructure and Digital Certificates— Building in Privacy. PhD thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands, 1999.
Brickell, E., Camenisch, J., and Chen, L. Direct anonymous attestation. In ACM CCS’ 04, ACM Press, pp. 132–145.
Camenisch, J., and Damgård, I. Verifiable encryption, group encryption, and their applications to group signatures and signature sharing schemes. In ASIACRYPT 2000, vol. 1976 of LNCS, Springer Verlag, pp. 331–345.
Camenisch, J., and Lysyanskaya, A. A signature scheme with efficient protocols. In Third Conference on Security in Communication Networks (2002), vol. 2576 of LNCS, Springer Verlag, pp. 274–295.
Camenisch, J., and Lysyanskaya, A. Signature schemes and anonymous credentials from bilinear maps. In CRYPTO 2004, Springer Verlag.
Camenisch, J., and Michels, M. Proving in zero-knowledge that a number n is the product of two safe primes. In EUROCRYPT’ 99, vol. 1592 of LNCS, Springer Verlag, pp. 107–122.
Camenisch, J., and Michels, M. Separability and efficiency for generic group signature schemes. In CRYPTO’ 99 (1999), vol. 1666 of LNCS, Springer Verlag, pp. 413–430.
Camenisch, J., and Shoup, V. Practical verifiable encryption and decryption of discrete logarithms. In CRYPTO 2003, LNCS.
Camenisch, J., and Sommer, D. Tech. Rep. Research Report RZ 3646, IBM Zurich Research Laboratory, 2006.
Camenisch, J., Sommer, D., and Zimmermann, R. A general certification framework with applications to privacy-enhancing certificate infrastructures. Tech. Rep. 3629, IBM Zurich Research Laboratory, November 2005.
Camenisch, J. L. Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. PhD thesis, ETH Zürich, 1998. Diss. ETH No. 12520, Hartung Gorre Verlag, Konstanz.
Chan, A., Frankel, Y., and Tsiounis, Y. Easy come — easy go divisible cash. In EUROCRYPT’ 98 (1998), vol. 1403 of LNCS, Springer Verlag, pp. 561–575.
Chaum, D. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24, 2 (Feb. 1981), 84–88.
Chaum, D. Blind signature systems. In CRYPTO’ 83, Plenum Press, p. 153.
Chaum, D., and Pedersen, T. P. Wallet databases with observers. In CRYPTO’ 92, vol. 740 of LNCS, Springer-Verlag, pp. 89–105.
Chaum, D., and van Heyst, E. Group signatures. In EUROCRYPT’ 91 (1991), vol. 547 of LNCS, Springer-Verlag, pp. 257–265.
Cramer, R., Damgård, I., and Schoenmakers, B. Proofs of partial knowledge and simplified design of witness hiding protocols. In CRYPTO’ 94 (1994), vol. 839 of LNCS, Springer Verlag, pp. 174–187.
Damgård, I. Efficient concurrent zero-knowledge in the auxiliary string model. In EUROCRYPT 2000, vol. 1807 of LNCS, Springer Verlag, pp. 431–444.
Damgård, I., and Fujisaki, E. An integer commitment scheme based on groups with hidden order. In ASIACRYPT 2002, vol. 2501 of LNCS, Springer.
Fiat, A., and Shamir, A. How to prove yourself: Practical solutions to identification and signature problems. In CRYPTO’ 86, vol. 263 of LNCS, Springer Verlag, pp. 186–194.
Fujisaki, E., and Okamoto, T. Statistical zero knowledge protocols to prove modular polynomial relations. In CRYPTO’ 97, vol. 1294 of LNCS, Springer Verlag, pp. 16–30.
Kiayias, A., Tsiounis, Y., and Yung, M. Traceable signatures. In EUROCRYPT, vol. 3027 of LNCS, Springer, pp. 571–589.
Kilian, J., and Petrank, E. Identity escrow. Theory of Cryptography Library, Record Nr. 97-11, http://theory.lcs.mit.edu/~tcryptol, Aug. 1997.
Pedersen, T. P. Non-interactive and information-theoretic secure verifiable secret sharing. In CRYPTO’ 91, vol. 576 of LNCS, Springer Verlag, pp. 129–140.
PRIME project. www.prime-project.eu.org.
Rivest, R., Shamir, A., and Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 2 (Feb. 1978), 120–126.
Schnorr, C. P. Efficient signature generation for smart cards. Journal of Cryptology 4, 3 (1991), 239–252.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Camenisch, J., Sommer, D., Zimmermann, R. (2006). A General Certification Framework with Applications to Privacy-Enhancing Certificate Infrastructures. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds) Security and Privacy in Dynamic Environments. SEC 2006. IFIP International Federation for Information Processing, vol 201. Springer, Boston, MA. https://doi.org/10.1007/0-387-33406-8_3
Download citation
DOI: https://doi.org/10.1007/0-387-33406-8_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-33405-9
Online ISBN: 978-0-387-33406-6
eBook Packages: Computer ScienceComputer Science (R0)