Anonymous Statistical Surveyof Attributes

Toru Nakanishi and Yuji Sugiyama

Okayama Univ., Japan

Background

Distributor(Seller)User(Customer)

Man or Woman ?Man or Woman ?Man or Woman ?Man or Woman ?

Young or Old?Young or Old?. . .. . .

AnonymouslyAnonymously

MarketingMarketing

Background(Cont’d)

Woman, 30, engineer

Maybe useful for identifying the user.Maybe useful for identifying the user.

Man, 15, Student

Man, 48, Dealer

Offering many attributes…

Some distributors want attributes for each user.

Background(Cont’d)

Female90% 10%Male

Statistical results

Some distributors want only statistical results of attributes for all users.

Survey system to generate only the statistical results is in demand.

Requirements in the survey system

Anonymity of users– No extra information beyond statistical results

Correctness of results

Anonymous statistical survey system of attributes

Related Work

Sako proposed a protocol to generate statistical results of attributes

TTP in charge of gender

EncryptMale

Female

90% 10%

Male

No extrainformation No cheating

Trusted not to leak

CorrectnessCorrectness

But, … Is single TTP really

trusted ?

Sako’s protocol may be simply applied to anonymous statistical survey.

Problem in simple application

Female90% 10%Male

Are users honest ?

Users cannot cheat.

Each TTP doesn’t have extra information.

Our anonymous statistical survey system of attributes

Assurance

Female

Trustees

Female90% 10%Male

trusted

Quorum is trusted

No extra information

Attribute Authority

Group

Tool 1: Camenisch-Stadler’s group signature

What’s a group signature ?

signature

Traceable by only TTP

Made by a group memberBut, who ?

Registration

Signing

Tool 1: Camenisch-Stadler’s group signature (Cont’d)

z, ID

Cert.

z

z Proof( )Cert.

z

Membership Authority

Tool 2: Threshold Cryptosystem

Only quorum of a group can decrypt a ciphertext.

Trustees

???

Not quorum Quorum

No cheating

Link is unknown unless quorum is corrupted

Tool 3: Shuffle

Trustees

Randomized and randomly permuted

Model

Registration

Offering Generating

User TrusteesDistributor

Attribute Authority

1. Registration in group signature is executed.1. Registration in group signature is executed.

2. z’s are published in lists of respective attributes.

Our survey system - Registration

z’s of malesz , z , ….1 4 z , z , ….

z’s of females

32

z, ID

Cert.

z

Female

UserAttribute Authority

1. The group signature is offered.

Our survey system - Offering

z

Proof( )Cert.

z

Anonymousz linked to correct attribute

is committed

No users’ cheating

Male

Female

Male

AfterwardLinked

1. Sent ciphertexts are shuffled.

Our survey system - Generating

Trustees

Link between ciphertext (offering) and attribute is unknown for even each trustee.

2. For each shuffled ciphertext, it’s linked to attribute, with no extra information of z.

a. Public z’s are shuffled by the same random r,

Our survey system – Generating (Cont’d)

( )r

Malesz , z , ….? ?

r r

Femalesz , z , ….? ?

r r

Malesz , z , ….1 4

Femalesz , z , ….2 3

Randomly permuted in each list

while the ciphertext is randomized by r.

3. Count revealed attributes, and calculate

statistic.

Our survey system – Generating (Cont’d)

b. Decrypt the ciphertext,

( )r

Malesz , z , ….? ?

r rFemalesz , z , ….? ?

r r

=

rz

rz

Search

FemaleNo extra information

of z’s for even each trustee

and search in lists of z’s.

Correctness

Security

AnonymityAnonymity in offering:

Anonymity of group signature

No extra information in generating:Shuffles, threshold cryptosystem

Correctness of offering:Proving certificate

Correctness of generating:No cheating in shuffles and decryption

Conclusion

An anonymous statistical survey system of attributes is proposed. No extra information for each trustee No cheating