A Generic Construction of an Anonymous Reputation System and Instantiations from Lattices

With an anonymous reputation system one can realize the process of rating sellers anonymously in an online shop. While raters can stay anonymous, sellers still have the guarantee that they can be only be reviewed by raters who bought their product.We present the first generic construction of a reputation system from basic building blocks, namely digital signatures, encryption schemes, non-interactive zero-knowledge proofs, and linking indistinguishable tags. We then show the security of the reputation system in a strong security model. Among others, we instantiate the generic construction with building blocks based on lattice problems, leading to the first module lattice-based reputation system

A-MAKE: an efficient, anonymous and accountable authentication framework for WMNs

In this paper, we propose a framework, named as A-MAKE, which efficiently provides security, privacy, and accountability for communications in wireless mesh networks. More specifically, the framework provides an anonymous mutual authentication protocol whereby legitimate users can connect to network from anywhere without being identified or tracked. No single party (e.g., network operator) can violate the privacy of a user, which is provided in our framework in the strongest sense. Our framework utilizes group signatures, where the private key and the credentials of the users are generated through a secure three-party protocol. User accountability is implemented via user revocation protocol that can be executed by two semitrusted authorities, one of which is the network operator. The assumptions about the trust level of the network operator are relaxed. Our framework makes use of much more efficient signature generation and verification algorithms in terms of computation complexity than their counterparts in literature, where signature size is comparable to the shortest signatures proposed for similar purposes so far

Introducing Accountability to Anonymity Networks

Many anonymous communication (AC) networks rely on routing traffic through proxy nodes to obfuscate the originator of the traffic. Without an accountability mechanism, exit proxy nodes risk sanctions by law enforcement if users commit illegal actions through the AC network. We present BackRef, a generic mechanism for AC networks that provides practical repudiation for the proxy nodes by tracing back the selected outbound traffic to the predecessor node (but not in the forward direction) through a cryptographically verifiable chain. It also provides an option for full (or partial) traceability back to the entry node or even to the corresponding user when all intermediate nodes are cooperating. Moreover, to maintain a good balance between anonymity and accountability, the protocol incorporates whitelist directories at exit proxy nodes. BackRef offers improved deployability over the related work, and introduces a novel concept of pseudonymous signatures that may be of independent interest. We exemplify the utility of BackRef by integrating it into the onion routing (OR) protocol, and examine its deployability by considering several system-level aspects. We also present the security definitions for the BackRef system (namely, anonymity, backward traceability, no forward traceability, and no false accusation) and conduct a formal security analysis of the OR protocol with BackRef using ProVerif, an automated cryptographic protocol verifier, establishing the aforementioned security properties against a strong adversarial model

Anonymous Consecutive Delegation of Signing Rights: Unifying Group and Proxy Signatures

We define a general model for consecutive delegations of signing rights with the following properties: The delegatee actually signing and all intermediate delegators remain anonymous. As for group signatures, in case of misuse, a special authority can open signatures to reveal the chain of delegations and the signer\u27s identity. The scheme satisfies a strong notion of non-frameability generalizing the one for dynamic group signatures. We give formal definitions of security and show them to be satisfiable by constructing an instantiation proven secure under general assumptions in the standard model. Our primitive is a proper generalization of both group signatures and proxy signatures and can be regarded as non-frameable dynamic hierarchical group signatures

The Pareto Frontier for Random Mechanisms

We study the trade-offs between strategyproofness and other desiderata, such as efficiency or fairness, that often arise in the design of random ordinal mechanisms. We use approximate strategyproofness to define manipulability, a measure to quantify the incentive properties of non-strategyproof mechanisms, and we introduce the deficit, a measure to quantify the performance of mechanisms with respect to another desideratum. When this desideratum is incompatible with strategyproofness, mechanisms that trade off manipulability and deficit optimally form the Pareto frontier. Our main contribution is a structural characterization of this Pareto frontier, and we present algorithms that exploit this structure to compute it. To illustrate its shape, we apply our results for two different desiderata, namely Plurality and Veto scoring, in settings with 3 alternatives and up to 18 agents.Comment: Working Pape

Anonymous Single-Sign-On for n designated services with traceability

Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.Comment: 3

EarlyR: A Robust Gene Expression Signature for Predicting Outcomes of Estrogen Receptor–Positive Breast Cancer

Introduction Early stage estrogen receptor (ER)-positive breast cancer may be treated with chemotherapy in addition to hormone therapy. Currently available molecular signatures assess the risk of recurrence and the benefit of chemotherapy; however, these tests may have large intermediate risk groups, limiting their usefulness. Methods The EarlyR prognostic score was developed using integrative analysis of microarray data sets and formalin-fixed, paraffin-embedded–based quantitative real-time PCR assay and validated in Affymetrix data sets and METABRIC cohort using Cox proportional hazards models and Kaplan-Meier survival analysis. Concordance index was used to measure the probability of prognostic score agreement with outcome. Results The EarlyR score and categorical risk strata (EarlyR-Low, EarlyR-Int, EarlyR-High) derived from expression of ESPL1, MKI67, SPAG5, PLK1 and PGR was prognostic of 8-year distant recurrence-free interval in Affymetrix (categorical P = 3.5 × 10−14; continuous P = 8.8 × 10−15) and METABRIC (categorical P < 2.2 × 10−16; continuous P < 10−16) data sets of ER+ breast cancer. Similar results were observed for the breast cancer–free interval end point. At most 13% of patients were intermediate risk and at least 66% patients were low risk in both ER+ cohorts. The EarlyR score was significantly prognostic (distant recurrence-free interval; P < .001) in both lymph node–negative and lymph node–positive patients and was independent from clinical factors. EarlyR and surrogates of current molecular signatures were comparable in prognostic significance by concordance index. Conclusion The 5-gene EarlyR score is a robust prognostic assay that identified significantly fewer patients as intermediate risk and more as low risk than currently available assays. Further validation of the assay in clinical trial–derived cohorts is ongoing

Privacy-Preserving Electronic Ticket Scheme with Attribute-based Credentials

Electronic tickets (e-tickets) are electronic versions of paper tickets, which enable users to access intended services and improve services' efficiency. However, privacy may be a concern of e-ticket users. In this paper, a privacy-preserving electronic ticket scheme with attribute-based credentials is proposed to protect users' privacy and facilitate ticketing based on a user's attributes. Our proposed scheme makes the following contributions: (1) users can buy different tickets from ticket sellers without releasing their exact attributes; (2) two tickets of the same user cannot be linked; (3) a ticket cannot be transferred to another user; (4) a ticket cannot be double spent; (5) the security of the proposed scheme is formally proven and reduced to well known (q-strong Diffie-Hellman) complexity assumption; (6) the scheme has been implemented and its performance empirically evaluated. To the best of our knowledge, our privacy-preserving attribute-based e-ticket scheme is the first one providing these five features. Application areas of our scheme include event or transport tickets where users must convince ticket sellers that their attributes (e.g. age, profession, location) satisfy the ticket price policies to buy discounted tickets. More generally, our scheme can be used in any system where access to services is only dependent on a user's attributes (or entitlements) but not their identities.Comment: 18pages, 6 figures, 2 table