BNymble: More Anonymous Blacklisting at Almost No Cost (A Short Paper)

Lofgren, Peter; Hopper, Nicholas

doi:10.1007/978-3-642-27576-0_22

Cited by 10 publications

(7 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A different approach is taken by Nymble-like systems [36,19,18,26], which also rely on a trusted third party. The user obtains a pseudonym, a "nymble", from the trusted third party which is only valid for a certain time frame with one server.…”

Section: Membership Proofs Andmentioning

confidence: 99%

Zero-Knowledge Argument for Polynomial Evaluation with Application to Blacklists

Bayer

Groth

2013

Advances in Cryptology – EUROCRYPT 2013

View full text Add to dashboard Cite

Abstract. Verification of a polynomial's evaluation in a secret committed value plays a role in cryptographic applications such as non-membership or membership proofs. We construct a novel special honest verifier zero-knowledge argument for correct polynomial evaluation. The argument has logarithmic communication cost in the degree of the polynomial, which is a significant improvement over the state of the art with cubic root complexity at best. The argument is relatively efficient to generate and very fast to verify compared to previous work. The argument has a simple public-coin 3-move structure and only relies on the discrete logarithm assumption.The polynomial evaluation argument can be used as a building block to construct zero-knowledge membership and non-membership arguments with communication that is logarithmic in the size of the blacklist. Non-membership proofs can be used to design anonymous blacklisting schemes allowing online services to block misbehaving users without learning the identity of the user. They also allow the blocking of single users of anonymization networks without blocking the whole network.

show abstract

Section: Membership Proofs Andmentioning

confidence: 99%

Zero-Knowledge Argument for Polynomial Evaluation with Application to Blacklists

Bayer

Groth

2013

Advances in Cryptology – EUROCRYPT 2013

View full text Add to dashboard Cite

show abstract

“…We especially focused on the category of Nymble-like systems, since this relatively new approach to anonymous blacklisting systems has recently received a lot of attention from the research community. We believe that new schemes in this class are likely to be proposed in the near future (indeed, Lofgren and Hopper's BNymble [33] was accepted for publication just days before the submission of this paper) and we hope that our definitions and observations will assist in these endeavours. We conclude by discussing some open research problems in anonymous blacklisting.…”

Section: Discussionmentioning

confidence: 97%

“…Recently, Lofgren and Hopper proposed BNymble (i.e., Blinded Nymble) [33], which modifies the original Nymble design only slightly in order to satisfy the strong ZKverinym property. Similar to Jack and Nym, BNymble replaces pseudonyms based deterministically on users' IP addresses with blind RSA signatures on user-chosen randomness.…”

Section: Definition 14 ((Strong) Zk-verinym)mentioning

confidence: 99%

Formalizing Anonymous Blacklisting Systems

Henry

Goldberg

2011

2011 IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

Abstract-Anonymous communications networks, such as Tor, help to solve the real and important problem of enabling users to communicate privately over the Internet. However, in doing so, anonymous communications networks introduce an entirely new problem for the service providers-such as websites, IRC networks or mail servers-with which these users interact; in particular, since all anonymous users look alike, there is no way for the service providers to hold individual misbehaving anonymous users accountable for their actions. Recent research efforts have focused on using anonymous blacklisting systems (which are sometimes called anonymous revocation systems) to empower service providers with the ability to revoke access from abusive anonymous users. In contrast to revocable anonymity systems, which enable some trusted third party to deanonymize users, anonymous blacklisting systems provide users with a way to authenticate anonymously with a service provider, while enabling the service provider to revoke access from any users that misbehave, without revealing their identities. In this paper, we introduce the anonymous blacklisting problem and survey the literature on anonymous blacklisting systems, comparing and contrasting the architecture of various existing schemes, and discussing the tradeoffs inherent with each design. The literature on anonymous blacklisting systems lacks a unified set of definitions; each scheme operates under different trust assumptions and provides different security and privacy guarantees. Therefore, before we discuss the existing approaches in detail, we first propose a formal definition for anonymous blacklisting systems, and a set of security and privacy properties that these systems should possess. We also outline a set of new performance requirements that anonymous blacklisting systems should satisfy to maximize their potential for real-world adoption, and give formal definitions for several optional features already supported by some schemes in the literature.

show abstract

“…It should be carefully chosen to provide a good balance between privacy (if U learns a verinym, she can recognize blacklist entries corresponding to past owners of her unique resource) and functionality (the number of linkability windows determines the maximum duration of an inter-window revocation). 8 This is not possible in schemes like Jack [23] and BNymble [24] that base verinyms on user-chosen randomness; this seems to be an inherent limitation that comes with the unconditional unlinkability of such verinyms. Of course, these schemes could be adapted to use the approach of this section by sacrificing unconditional unlinkability in exchange for computational unlinkability with an honest-majority assumption using, e.g., our (t, n)-threshold verinym construction.…”

Section: Long-term Revocationmentioning

confidence: 99%

“…Since Nymble was first proposed in 2006, several schemes have appeared in the literature to solve the same problem, or one of several closely related problems. (For some examples, see [6], [20], [21], [23], [24], [33]- [35].) Three of these schemes operate within the same general framework as Nymble; they change only low-level details to weaken trust assumptions and to provide stronger privacy guarantees and some new functionality.…”

Section: Introductionmentioning

confidence: 99%

Extending Nymble-like Systems

Henry

Goldberg

2011

2011 IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

Abstract-We present several extensions to the Nymble framework for anonymous blacklisting systems. First, we show how to distribute the Verinym Issuer as a threshold entity. This provides liveness against a threshold Byzantine adversary and protects against denial-of-service attacks. Second, we describe how to revoke a user for a period spanning multiple linkability windows. This gives service providers more flexibility in deciding how long to block individual users. We also point out how our solution enables efficient blacklist transferability among service providers. Third, we augment the Verinym Acquisition Protocol for Tor-aware systems (that utilize IP addresses as a unique identifier) to handle two additional cases: 1) the operator of a Tor exit node wishes to access services protected by the system, and 2) a user's access to the Verinym Issuer (and the Tor network) is blocked by a firewall. Finally, we revisit the objective blacklisting mechanism used in Jack, and generalize this idea to enable objective blacklisting in other Nymble-like systems. We illustrate the approach by showing how to implement it in Nymble and Nymbler.

show abstract

BNymble: More Anonymous Blacklisting at Almost No Cost (A Short Paper)

Cited by 10 publications

References 8 publications

Zero-Knowledge Argument for Polynomial Evaluation with Application to Blacklists

Zero-Knowledge Argument for Polynomial Evaluation with Application to Blacklists

Formalizing Anonymous Blacklisting Systems

Extending Nymble-like Systems

Contact Info

Product

Resources

About