Use the red “Join on YouTube” button above to join the livestream. If you cannot see this button, make sure you are logged in (see the upper-right corner of your screen).
Session Chair: Pedro Moreno-Sanchez
- Anonymous, Attribute Based, Decentralized, Secure, and Fair e-Donation
- Privacy-Preserving Payment Splitting
- Black-Box Wallets: Fast Anonymous Two-Way Payments for Constrained Devices
- P4TC - Provably-Secure yet Practical Privacy-Preserving Toll Collection
Osman Biçer (Koç University) and Alptekin Küpçü (Koç University)
Summary: E-cash and cryptocurrency schemes have been a focus of applied cryptography for a long time. However, we acknowledge the continuing need for a cryptographic protocol that provides global scale, decentralized, secure, and fair delivery of donations. Such a protocol would replace central trusted entities (e.g., charity organizations) and guarantee the privacy of the involved parties (i.e., donors and recipients of the donations). In this work, we target this online donation problem and propose a practical solution for it. First, we propose a novel decentralized e-donation framework, along with its operational components and security definitions. Our framework relies on a public ledger that can be realized via a distributed blockchain. Second, we instantiate our e-donation framework with a practical scheme employ-ing privacy-preserving cryptocurrencies and attribute-based signatures. Third, we provide implementation results showing that our operations have feasible computation and communication costs. Finally, we prove the security of our e-donation scheme via formal reductions to the security of the underlying primitives.
Saba Eskandarian (Stanford University), Mihai Christodorescu (Visa Research), and Payman Mohassel (Facebook)
Summary: Widely used payment splitting apps allow members of a group to keep track of debts between members by sending charges for expenses paid by one member on behalf of others. While offering a great deal of convenience, these apps gain access to sensitive data on users' financial transactions. In this paper, we present a payment splitting app that hides all transaction data within a group from the service provider, provides privacy protections between users in a group, and provides integrity against malicious users or even a malicious server.
Max Hoffmann (Ruhr-University Bochum), Michael Klooß (Karlsruhe Institute of Technology), Markus Raiber (Karlsruhe Institute of Technology), and Andy Rupp (Karlsruhe Institute of Technology)
Summary: Black-box accumulation (BBA) is a building block which enables a privacy-preserving implementation of point collection and redemption, a functionality required in a variety of user-centric applications including loyalty programs, incentive systems, and mobile payments. By definition, BBA+ schemes (Hartung et al. CCS ’17) offer strong privacy and security guarantees, such as unlinkability of transactions and correctness of the balance flows of all (even malicious) users. Unfortunately, the instantiation of BBA+ presented at CCS ’17 is, on modern smartphones, just fast enough for comfortable use. It is too slow for wearables, let alone smart-cards. Moreover, it lacks a crucial property: For the sake of efficiency, the user’s balance is presented in the clear when points are deducted. This may allow to track owners by just observing revealed balances, even though privacy is otherwise guaranteed. The authors intentionally forgo the use of costly range proofs, which would remedy this problem. We present an instantiation of BBA+ with some extensions following a different technical approach which significantly improves efficiency. To this end, we get rid of pairing groups, rely on different zero-knowledge and fast range proofs, along with a slightly modified version of Baldimtsi-Lysyanskaya blind signatures (CCS ’13). Our prototype implementation with range proofs (for 16 bit balances) outperforms BBA+ without range proofs by a factor of 2.5. Moreover, we give estimates showing that smart-card implementations are within reach.
Valerie Fetzer (Karlsruhe Institute of Technology), Max Hoffmann (Ruhr University Bochum), Matthias Nagel (Karlsruhe Institute of Technology), Rebecca Schwerdt (Karlsruhe Institute of Technology), and Andy Rupp (University of Luxembourg)
Summary: Electronic toll collection (ETC) is widely usedall over the world not only to finance our road infrastruc-tures, but also to realize advanced features like conges-tion management and pollution reduction by means ofdynamic pricing. Unfortunately, existing systems rely onuser identification and allow tracing a user’s movements.Several abuses of this personalized location data have al-ready become public. In view of the planned European-wide interoperable tolling system EETS and the newEU General Data Protection Regulation, location pri-vacy becomes of particular importance.In this paper, we propose a flexible security model andcrypto protocol framework designed for privacy-preserv-ing toll collection in the most dominant setting, i.e.,Dedicated Short Range Communication (DSRC) ETC.A major challenge in designing the framework at handwas to combine provable security and practicality, wherethe latter includes practical performance figures and asuitable treatment of real-world issues, like broken on-board units etc. To the best of our knowledge, our workis the first in the DSRC setting with a rigorous securitymodel and proof and arguably the most comprehensiveformal treatment of ETC security and privacy overall.Additionally, we provide a prototypical implementationon realistic hardware which already features fairly prac-tical performance figures. An interaction between an on-board unit and a road-side unit is estimated to take lessthan a second allowing for toll collection at full speedassuming one road-side unit per lane.