Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [unlinkability]

Unlinkability of two items means that an adversary cannot determine if the items are related. It is often a goal in systems dealing with anonymity and other forms of privacy.

The unlinkability of two items is defined by Pfitzmann et al. to mean that "within the system (comprising these and possibly other items), the attacker cannot sufficiently distinguish whether these [items] are related or not." (Pfitzmann et al., Def. 4).

This could for example mean that an attacker could not determine if two texts were written by the same person or two transactions involved the same person. As such, it is mostly relevant for systems trying to ensure anonymity and related security goals.

8 questions
6
votes
1 answer

How secure is a blind signature?

From Wikipedia: Blind signatures can also be used to provide unlinkability, which prevents the signer from linking the blinded message it signs to a later un-blinded version that it may be called upon to verify. In this case, the signer's…
jornane
  • 539
  • 1
  • 4
  • 5
3
votes
0 answers

Unlinkability of Merkle-Damgård hash function results

Question: Are multiple outputs of a Merkle-Damgård hash function (or specifically SHA-256, if this can only be said for a specific algorithm) on unknown data unlinkable? If yes: Can this be formally proven or only said "from experience" / on a basis…
malexmave
  • 1,461
  • 2
  • 14
  • 26
2
votes
2 answers

Choice of bilinear group for implementation of BLS signature with NIWI proof?

I am trying to sign the multiple (millions of) different readings but the receiver should not be able to link multiple signed readings together (unlinkability) or with the identity of the signer (anonymity). As a potential solution, the sender…
Ihtesham Haider
  • 71
  • 4
1
vote
1 answer

Separate Messages Encryption

In a public key system, Alice sends Bob separate messages telling him information about the time T and place P they would meet, encrypted with Bob's public key. What is the most secured protocol: A --> B : {T},{P} or A --> B : {T,P} ? In other…
Ali_Habeeb
  • 113
  • 3
1
vote
1 answer

Algorithm for anonymous but associated communications from a set of verified communicants?

Let's say that I'm selling a product, and I want to get authentic feedback from my customers. However, I have the following two constraints: My customers must be able to give [at least some of] their feedback anonymously (and, due to practical…
JamesTheAwesomeDude
  • 968
  • 7
  • 23
1
vote
1 answer

blind signature

Reading this paper, I have some questions about blind signatures What is the meaning for unlinkability of blind signatures? I searched wiki, but still cannot understand exactly. In blind signatures (like RSA), if there is a valid origin signatures…
Laura
  • 377
  • 2
  • 11
1
vote
0 answers

Linkable ECDSA like signature

In our process of digital checks for banking - which needs to work online and offline - the receiver needs to know the chain of all generated signatures without consulting an Internet service. In this scheme the sender gets offline in order to…
user1004847
  • 49
  • 1
  • 3
1
vote
0 answers

Key binding with hidden public key

In my scenario we have the Issuer I, Verifier V and Prover P. Now the prover send some messages to I and I signs these messages with I's private key. These messages can be easily sent from P to V and be verified by V. Now i want to bind these…
JNies
  • 11
  • 1