[Brown CS Talks] Brown CS Seminar: Anna Lysyanskaya in Lubrano on 4/15/02 at noon

talks-admin@list.cs.brown.edu talks-admin@list.cs.brown.edu
Thu, 11 Apr 2002 16:08:18 -0400 

			      CS Seminar
		  
		  The Department of Computer Science
			   BROWN UNIVERSITY

			      
			       presents

			   Anna Lysyanskaya

			    MIT Laboratory

		    Monday, April 15, 2002 at noon
	       Lubrano Conference Room (CIT 4th floor)
	       Refreshments will be served at 11:45 am
			       

			   ANONYMOUS CREDENTIALS  
 

			       Abstract

In order to obtain access to a resource, a credential is usually
required.  For example, one needs a driver's license to rent a car, or
a library card to borrow a book.  As paper-based transactions are
being replaced by electronic ones, credentials are also taking
electronic form.

Hand-in-hand with the convenience of electronic credentials, comes the
danger that all transactions can be easily recorded and analyzed.  To
be sure, the recording happens in the paper-based world, as well;
however, electronic records make searching and aggregating information
practical on a large scale.  Thus, electronic credentials make it ever
so easy to collect too much personal information.  For example, by
observing a person's use of a driver's license, one can trace this
person's itinerary.

I will present an ``anonymous credential'' system designed to solve this
problem.  In this system, a user (credential owner) can prove
possession of a credential without revealing more than this single bit
of information, and can obtain a credential without revealing more
information than required by the issuing authority.  As a result, the
user's identity remains hidden, and, moreover, transactions carried
out by the same user cannot be linked.  Our system thus guarantees
privacy of users.

Ours is the first anonymous credential system suitable for practical
use: it requires no involvement of trusted third parties, and all the
protocols are efficient.  In addition to ensuring privacy of users,
our system enables credentials that have expiration dates and other
attributes, and ensures that they are non-transferable and revocable.
Moreover, a user's anonymity can be revoked in case of emergency.

A commercial product based on this technology is currently being
developed by IBM.


		     Host:  Professor Steve Reiss