Accountable Privacy in Online Communications
Advances in communication technologies change the way people communicate. For example, Internet brings together people who do not know each other before hand to engage in discussion of a certain topic. With cyber-physical systems, they also make daily life more convenient. People can make seamless payment using stored-value smartcard or auto-toll devices. One indispensable feature in these systems is privacy. However, perfect privacy may be abused, e.g., vandalism in discussion forum, money laundering, etc.

Anonymous credential offers a cryptographic authentication mechanism that aims to provideaccountability and privacy at the same time. They are useful in applications which just require a proof of certain attributes such as membership, instead of positive identification of the user. Normally, the users remain anonymous, yet they are still accountable for their actions after authentication, by the means of anonymity revocation. Years of research efforts have been made on balancing between privacy and accountability, which is also the main theme of this proposal.

Firstly, we aim to improve real-world anonymous credential realizations, such as Microsoft's U-Prove, which does not support revocation without compromising untraceability. We aim to develop a new, efficient, and modular mechanism for revocation. Techniques developed will also benefit other anonymous credential systems.

Secondly, we are particularly interested in application of anonymous credentials technologies in supporting privacy-preserving electronic payment. Realizing privacy-preserving payment systems is closely related to the problem of striking a balance in privacy and accountability which is the main focus of this work.

The final focus of this proposal is on anonymous blacklistable credentials for the Internet, which a trusted party for ensuring privacy is often absent. Apart from blacklisting bad behaviour, rewarding user contribution via reputation score is equally important. Existing mechanisms either requires costly authentication process or a timely evaluation of all authenticated sessions to see if blacklisting is required. We aim to propose a new framework to resolve all these problems simultaneously.

Improving any of these areas will make an impact on potentially millions of users worldwide. Underlying these key thrusts is privacy-enhancing cryptography, which the PI has been actively working on in recent years. The PI has also close collaboration with driving forces of anonymous credential systems such as Microsoft Research, Intel, and NTT R&D. The completion of this proposed project will result in new cryptographic building blocks and new paradigms of constructing cryptographic anonymous credential systems, which have a broad impact on cryptography, distributed systems, and privacy research communities.

List of Research Output (2012-)