International Association for Cryptologic Research

International Association
for Cryptologic Research


Privacy-Preserving Blueprints

Markulf Kohlweiss , University of Edinburgh and IOHK
Anna Lysyanskaya , Brown University
An Nguyen , Brown University
DOI: 10.1007/978-3-031-30617-4_20 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: EUROCRYPT 2023
Abstract: In a world where everyone uses anonymous credentials for all access control needs, it is impossible to trace wrongdoers, by design. This makes legitimate controls, such as tracing illicit trade and terror suspects, impossible to carry out. Here, we propose a privacy-preserving blueprint capability that allows an auditor to publish an encoding pk_A of the function f(x, . ) for a publicly known function f and a secret input x. For example, x may be a secret watchlist, and f(x,y) may return y if y in x. On input her data y and the auditor's pk_A, a user can compute an escrow Z such that anyone can verify that Z was computed correctly from the user's credential attributes, and moreover, the auditor can recover f(x,y) from Z. Our contributions are: -- We define secure f-blueprint systems; our definition is designed to provide a modular extension to anonymous credential systems. -- We show that secure f-blueprint systems can be constructed for all functions $f$ from fully homomorphic encryption and NIZK proof systems. This result is of theoretical interest but is not efficient enough for practical use. -- We realize an optimal blueprint system under the DDH assumption in the random-oracle model for the watchlist function.
  title={Privacy-Preserving Blueprints},
  author={Markulf Kohlweiss and Anna Lysyanskaya and An Nguyen},