Markus Jakobsson Publication bstract

Abstract
In many cryptographic settings, there is a trade-off between privacy and authenticity. We analyze this trade-off in the context of electronic commerce: On one hand, we have schemes whose perfect and un-revokable privacy makes them susceptible to attacks such as blackmail and money-laundry. On the other hand, we have schemes where the authenticity of the funds (in the sense of ownership) is guaranteed by sacrificing user privacy in its entirety. In this work, we propose a model and protocols balancing the needs for privacy against those of authenticity. In our proposed e-money system, all users enjoy full privacy, but both value of funds and user anonymity can be revoked or suspended unconditionally, by the cooperation of a quorum of banks and consumer rights organizations. Our method employs diffusion of a task into distributed modules; doing so, it enables a stronger and more realistic adversarial setting, and achieves increased security, privacy, availability and functionality without introducing any noticeable disadvantage. The result is a scheme that protects against privacy aided attacks, such as blackmail and money-laundry, as well as the "ultimate crime," where an active attacker gets the bank's secret key or forces the bank to give "unmarked bank notes". Our system, unlike all previous anonymous systems, can prevent all such crimes from successfully being perpetrated, and employs revocation to do so. One important building block implements the desired balance between privacy and authenticity for digital signatures. We introduce magic ink signatures; such signatures re-quire a quorum of servers to be produced, and a (possibly different) quorum to be unblinded. We present and use an efficient and robust scheme for magic ink DSS signatures. The mechanisms introduced to balance the need for anonymity against the need to be able to revoke it, together with the notion of challenge semantics that we introduce, provide us with a very versatile system, a second important goal of our investigation. The proposed scheme is efficient and allows for numerous modes of payments.