As records of individuals' activities become increasingly computerized and linked, privacy becomes an ever more challenging problem. It is especially challenging when legitimate security needs require the ability to link different transactions and even obtain details about the individuals involved. The focus of this project is on cryptographic technologies that achieve a compromise: transaction records should be anonymous until special circumstances (such as wrong-doing on the part of a particular individual, or an emergency that requires special measures) arise. One wants to specify these circumstances before a transaction takes place, so an individual can choose not to participate in a transaction that does not provide him or her with sufficient privacy guarantees. The project considers several trade-offs between anonymity and accountability. Conditional anonymity/conditional disclosure means that an individual user is anonymous until her activities violate a certain condition, at which point some piece of information about her becomes known. Revocable anonymity means that a user is anonymous to all but a special anonymity-revoking trustee that only becomes involved in case of emergency. Traceable anonymity means that, under special circumstances, it is possible to quickly trace all of a particular user's transactions; this can be a form of conditional anonymity where the circumstances are due to the user's misbehavior or revocable anonymity where a trustee decides when to run the trace algorithm. This project investigates techniques that allow one to develop and enforce anonymity contracts between individuals and organizations that spell out what can become known about the individual user and under what circumstances.
CT-ISG: Crypto Algorithms for an Integrated Approach to Conditional, Revocable and Traceable Anonymity