1. Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

2.  Advanced applications for e-ID cards  Basic Research project funded by IWT  Focus on security and privacy  Belgian e-ID based on PKI with X509 certificates  Hard to build privacy friendly applications  E-Government  Hard to find applications where anonymity is arguably necessary

3.  Formal request addressed to an authority and signed by numerous individuals  Typically citizens provide  Unique identifier (name, national ID number)  Signature  Verification:  Validating that the signatures correspond to the identifiers  Discarding multiple/invalid signatures

4.  Benefits of going electronic:  Many resources are needed in order to physically collect the signatures  Manual signature verification is a costly and tedious process  Drawbacks  Easy to cheat (e.g., knowledge of other people’s name and ID number)  Countermeasures may “disenfranchise” petition signers (e.g., IP detection)  Good example of ICT enabling participatory e- democracy

5.  Have users sign the petitions with their e-ID 1. Select petition 2. Sign using the e-ID (2-factor authentication) 3. Validate signature and check that the petition has not yet been signed with that e-ID 4. Count (or discard) the signature  Privacy risks  Leak sensitive information on political beliefs, religious inclinations, etc. (this may prevent some people from signing)  Through unique identifiers, petition signatures can be linked to other data

6.  Basic requirements  Authentication: citizen is who claims to be (i.e., no impersonation)  Authorization: citizen is entitled to sign (e.g., age > 18)  Integrity, Confidentiality  Multiple signing prevention  Verifiability: all valid signatures are counted  Privacy requirements  Signer anonymity: citizen unlinkable to petition (i.e., not possible to identify who are the signers)

7.  Active area of research in cryptography  They rely on cryptographic protocols and Zero- Knowlege proofs to reduce to the bare minimum the amount of information disclosed  Flexible protocols, many options possible  Example:  CI issues a credential to U that encodes U’s age  U can prove to V that his age is above/below a threshold  V can check that this is certified by CI  V does not learn U’s exact age

8. o Signed by a trusted issuer o Certification of attributes o Authentication (secret key) o Double-signing detection o No data minimization o Users are identifiable o Users can be tracked (Signature linkable to other contexts where e-ID is used) o Signed by a trusted issuer o Certification of attributes o Authentication (secret key) o Double-signing detection o Data minimization o Users are anonymous o Users are unlinkable in different contexts PKIAnonymous credentials

10.  Only citizens entitled to sign can do so  Possession of e-ID + knowledge of PIN  Attribute verification (e.g., age, locality)  One credential per citizen  Citizens can sign only once (multiple signing is detectable so that repeated signatures can be deleted)  Collusion of credential issuer and e-Petition server does not reveal the identity of a signer  Verifiability through publishing the protocol transcripts

11.  Summary of the paper  Motivation for privacy preserving e-petitions  Requirement study  Introduction to anonymous credentials  Architectural design combining existing technologies  Legal issues  To be added: details of the protocols and implementation  Proof-of-concept  We can satisfy seemingly contradictory requirements  Security properties can be achieved without identifiability  National ID can be user to bootstrap privacy friendlier IDM, while preventing Sybil attacks