This chapter summarizes approaches that are adopted in this book to satisfy various requirements of secure anonymous systems listed in the 1st chapter of Section 1. Homomorphic encryption functions are used to calculate functions of data without knowing their individual values, to detect dishonest deletions of data maintained by other entities, and to identify dishonest entities without knowing any secret of honest entities. Commutative encryption functions are also extensively exploited to maintain integrities of data owned by anonymous entities without knowing the data themselves, e.g. to convince entities that only and all data owned by eligible entities are honestly processed without knowing the values of the data or the identities of their owners.
TopHomomorphic Encryption Functions And Blind Calculations
Blind calculations are processes where an entity or a set of entities calculates functions of data owned by other entity or entities without knowing their individual values, e.g. in an anonymous credit card system, a credit card company calculates the total expenditure of each cardholder without knowing its individual purchases.
When calculations are additions or multiplications of data (only additions of data are considered in this section, but it is possible to blindly carry out other kinds of calculations as discussed later in this section (Goldreich, 1987)), these blind calculation schemes can be easily implemented by exploiting homomorphic property of encryption functions. For example if an additive encryption function is used, although the above card company gives individual purchase records to cardholders while encrypting them by its secret key to disable cardholders to illegitimately modify their records, the card company can know the total expenditure of each cardholder without knowing its individual purchases by decrypting the sum of encrypted records that is calculated by the cardholder itself.
Here, it must be noted that purchase records in the above credit card system are encrypted and decrypted by the same entity, i.e. by the card company. Therefore, secret key encryption functions such as linear equation based schemes with the perfect additive feature become available, without worrying about their cumbersome secret key exchanging procedures. However there are 2 difficulties to use the above scheme. Firstly, although the card company can protect individual purchase records from illegitimate modifications and forgeries by encrypting them while using its secret key, cardholders can easily delete their maintaining records, and secondly, the card company can encrypt purchase records dishonestly because cardholders do not know either the encryption key or the decryption key of the card company.