Anonymous Communication

Schemes of anonymous communication enable entities to send or receive their messages without disclosing their identities to others including managers of communication systems and receivers or senders of the messages. Among various existing schemes this chapter introduces Crowds, DC net, Mix-net, ESEBM (Enhanced Symmetric key Encryption Based Mix-Net), and Onion Routing. Mechanisms to protect anonymous communication systems from malicious entities are also discussed.

Approaches to Developing Secure Anonymous Systems

This chapter summarizes approaches that are adopted in this book to satisfy various requirements of secure anonymous systems listed in the 1st chapter of Section 1. Homomorphic encryption functions are used to calculate functions of data without knowing their individual values, to detect dishonest deletions of data maintained by other entities, and to identify dishonest entities without knowing any secret of honest entities. Commutative encryption functions are also extensively exploited to maintain integrities of data owned by anonymous entities without knowing the data themselves, e.g. to convince entities that only and all data owned by eligible entities are honestly processed without knowing the values of the data or the identities of their owners.

Encryption Schemes for Anonymous Systems

As encryption schemes useful in developing secure anonymous systems, linear equation based encryption, probabilistic, commutative and verifiable re-encryption, and threshold ElGamal encryption schemes are introduced. Linear equation based encryption functions are additive, and they enable entities to calculate sums of data owned by others without knowing individual values, and probabilistic, commutative and verifiable re-encryption functions enable entities to encrypt data while concealing the correspondences between encrypted data and their decrypted forms from anyone including the owners of the data. Finally, threshold ElGamal encryption functions disable entities to decrypt encrypted data without the cooperation among t out of n authorities (t = n), while ensuring correct decryptions when at least t authorities are honest. All encryption schemes are extensively used in the following parts of this book, e.g. for developing anonymous communication systems, anonymous authentication systems, electronic payment, procurement, and voting systems.

Secure Anonymous Systems and Requirements

To understand the importance of secure anonymous system technologies, this chapter introduces communication, electronic payment, cloud computing, and electronic governance systems as their applications, and discusses roles of secure anonymous system technologies in these systems. To preserve privacies of individuals and to protect secrets of organizations, communication systems must enable users to send or receive messages without disclosing their identities even to managers of communication networks and receivers or senders of their messages, and credit card systems must enable cardholders to make their purchases without disclosing their identities while ensuring card companies to collect their exact expenditure amounts. Also, service providers in cloud computing must be able to calculate various functions of data owned by their clients without knowing values of individual data. Moreover, to protect voters from coercers who are forcing the voters to choose their supporting candidates, computerized voting systems must conceal correspondences between voters and their votes even from voters themselves. Secure anonymous system technologies enable developments of systems that satisfy these requirements.

Integrity of Anonymous Data

This chapter discusses schemes to confirm that data owned by anonymous entities are legitimate ones, in other words, to protect data owned by anonymous entities from their illegitimate modifications, forgeries, additions, and deletions. Blind Signature schemes enable entity P to obtain the signature of other entity on its data M without disclosing M, therefore later on P can prove the authenticity of M without disclosing its identity. Unlinkable signatures on data ensure that signers had honestly signed on only and all eligible data while disabling anyone including data owners and signers to know correspondences between the data and their signed forms, and implicit transaction links (ITLs) can be used to force entities not to delete their maintaining data without knowing the data themselves. These schemes enable developments of homomorphic anonymous tokens and anonymous credentials, where entities can prove their eligibilities while maintaining their anonymities by showing tokens or credentials. They also enable the identifications of dishonest entities, while preserving privacies of honest entities.

Encryption and Decryption

As the foundation of all security enhanced systems, encryptions and decryptions are defined, and homomorphic (additive or multiplicative), probabilistic, commutative, and verifiable features are extracted as the desirable ones of encryption and decryption algorithms for developing secure anonymous systems. Also encryption and decryption algorithms are classified and onetime pad, permutation and substitution, RSA, and ElGamal are introduced as typical algorithms. Among them, onetime pad, RSA, and ElGamal are extensively used to develop secure anonymous systems in the remainder of this book.

Anonymous Authentication Systems

As the first application of secure anonymous systems, after reviewing conventional schemes, this chapter develops anonymous token, ITL, and ID list based anonymous authentication systems that enable authorities to determine whether entities are eligible or not without knowing their identities. Anonymous token and ITL based systems have advantages in protecting systems from ineligible entities, i.e. different from password based systems in which eligible entities can tell their passwords to others, entities in these systems cannot give their secret to others without losing their eligibilities (in ITL based systems, entity cannot steal secrets of others). On the other hand, ID list based systems have advantages in handling entities those forget their secrets or those are expelled from systems. In the last section of this chapter, an anonymous credential system is also developed based on anonymous tags.

Anonymous Statistics Calculation

This chapter introduces schemes for anonymous statistics calculations, in which an entity or a set of entities calculate functions of data owned by other entities without knowing their values. Although schemes that can be applied to calculate general functions exist, they are not practical enough, therefore schemes applicable only to limited number of functions, e.g. averages, variances, auto-, and cross-correlations are discussed. They are blind sum/product calculation schemes, partial computation based multi party computation schemes, and re-encryption based multi party computation schemes.

Electronic Governance Systems

As one of applications in electronic governance, this chapter develops an electronic voting (e-voting) system. After discussing requirements for e-voting systems and reviewing existing approaches, an e-voting system is developed based on confirmation numbers and signature pairs. Here, e-voting systems must satisfy requirements intrinsically contradicting each other, e.g. they must convince anyone that votes from only and all eligible voters had been counted, but at the same time to protect voters from a coercer that forces voters to choose its supporting candidate, correspondences between voters and their votes must be concealed from anyone including election authorities and voters themselves. The developed e-voting system successfully satisfies these requirements. However, it must be noted that these requirement are satisfied under the assumption that at least one of mutually independent multiple authorities is honest.

Electronic Procurement Systems

As elements that constitute electronic procurement systems, anonymous auction, object delivery, and object monitoring systems are developed based on ITLs, anonymous tags and anonymous memories, respectively. The developed anonymous auction system enables entities to securely sell and/or buy their articles without disclosing their identities, and the anonymous object delivery system enables them to send or receive their articles to or from other entities also without disclosing their identities. The object monitoring system monitors running states of objects (e.g. home appliances) so that they can be used efficiently, safely, and environmentally friendlily while preserving privacies of their users. It also detects dishonest users (e.g. that discords their objects illegitimately) without invading privacies of honest users. Here, anonymous memories used in the monitoring system are memory sections by which users can securely and efficiently maintain their data without disclosing their identities.