TWC: Small: Empowering Anonymity

TWC：小型：增强匿名性

• 批准号: 1422361
• 负责人: Anna Lysyanskaya
• 金额: $ 50万
• 依托单位: Brown University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-10-01 至 2017-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1422361&HistoricalAwards=false
• 关键词: TWC; Small; Empowering; Anonymity

An anonymous credential system allows a user to prove that he/she is authorized without revealing his/her identity, and, further, to obtain additional credentials without revealing additional information. In a traditional anonymous credential system, when demonstrating possession of a credential, it is necessary to reveal its issuer. This can be a problem: putting together the information about where the user lives (based on who issued, say, his/her driver's license) together with who his/her employer is (based on who authorized him/her to, say, park in a particular garage) together with his/her age (which might be revealed in the context of a particular transaction) may lead to the identification of this particular user, even though he/she is using anonymous credentials! A delegatable anonymous credential system eliminates this problem. It allows users to delegate their anonymous credentials; for example, a company employee can use his/her employee credential to issue a guest pass to a company visitor, who can in turn issue a credential to a taxi service that comes to pick him/her up; the various participants (the employee, his/her guest, and his/her driver) need not reveal any persistent identifiers - or in fact anything - about themselves. This project aims to demonstrate the following thesis: Everything that can be done with non-anonymous credentials can also be done with delegatable anonymous credentials. That includes useful additional features such as credential attributes (such as expiration dates), attribute and identity escrow, conditional anonymity (so that violating terms of service leads to identification) and revocation of credentials.

匿名凭证系统允许用户在不泄露他/她的身份的情况下证明他/她被授权，并且进一步在不泄露额外信息的情况下获得额外的凭证。在传统的匿名凭证系统中，当证明拥有凭证时，有必要透露其颁发者。这可能是一个问题：将有关用户居住地的信息（基于谁颁发的，例如他/她的驾驶执照）与他/她的雇主是谁（基于谁授权他/她停车）放在一起在特定车库中）连同他/她的年龄（可能在特定交易的上下文中显示）可能会导致该特定用户的身份识别，即使他/她使用的是匿名凭据！可委托的匿名凭证系统消除了这个问题。它允许用户委托他们的匿名凭证；例如，公司员工可以使用其员工凭证向公司访客发放访客通行证，公司访客又可以向前来接他/她的出租车服务机构发放凭证；各个参与者（员工、他/她的客人和他/她的司机）不需要透露任何关于他们自己的持久标识符——或者事实上任何东西。该项目旨在论证以下论点：可以使用非匿名凭证完成的所有事情也可以使用可委托的匿名凭证完成。其中包括有用的附加功能，例如凭证属性（例如到期日期）、属性和身份托管、有条件匿名（以便违反服务条款导致身份识别）和凭证撤销。