We formalize and construct black-box accumulation (BBA), a useful building block for numerous important user-centric protocols including loyalty systems, refund systems, and incentive systems (as, e.g., employed in participatory sensing and vehicle-to-grid scenarios). A core requirement all these systems share is a mechanism to let users collect and sum up values (call it incentives, bonus points, reputation points, etc.) issued by some other parties in a privacy-preserving way such that curious operators may not be able to link the different transactions of a user. At the same time, a group of malicious users may not be able to cheat the system by pretending to have collected a higher amount than what was actually issued to them.
As a first contribution, we fully formalize the core functionality and properties of this important building block. Furthermore, we present a generic and non-interactive construction of a BBA system based on homomorphic commitments, digital signatures, and non-interactive zero-knowledge proofs of knowledge. For our construction, we formally prove security and privacy properties. Finally, we propose a concrete instantiation of our construction using Groth-Sahai commitments and proofs as well as the optimal structure-preserving signature scheme of Abe et al. and analyze its efficiency.
 The German Big Brother Award. https://bigbrotherawards.de/en.
 The Nectar loyalty program. https://www.nectar.com/, 2015.
 The Payback loyalty program. https://www.payback.de/, 2015.
 The Coop Supercard loyalty program. https://www.coop.ch/pb/site/supercard/node/80441723/Lde/index.html?secure=true, 2015.
 M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo. Structure-preserving signatures and commitments to group elements. In Proceedings of CRYPTO 2010, number 6223 in Lecture Notes in Computer Science, pages 209-236. Springer, 2010.
 M. Abe, J. Groth, K. Haralambiev, and M. Ohkubo. Optimal structure-preserving signatures in asymmetric bilinear groups. In Proceedings of CRYPTO 2011, number 6841 in Lecture Notes in Computer Science, pages 649-666. Springer, 2011.
 M. H. Au, W. Susilo, and Y. Mu. Constant-size dynamic k-taa. IACR Cryptology ePrint Archive, 2008:136, 2008.
 P. S. L. M. Barreto and M. Naehrig. Pairing-friendly elliptic curves of prime order. In Proceedings of Selected Areas in Cryptography 2005, number 3897 in Lecture Notes in Computer Science, pages 319-331. Springer, 2005.
 D. Boneh and X. Boyen. Short signatures without random oracles. In , Advances in Cryptology - EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004, Proceedings, volume 3027 of Lecture Notes in Computer Science, pages 56-73. Springer, 2004.
 D. Boneh, B. Lynn, and H. Shacham. Short signatures from the weil pairing. In ASIACRYPT, volume 2248 of LNCS, pages 514-532. Springer, 2001.
 J. Camenisch, R. Chaabouni, and A. Shelat. Efficient protocols for set membership and range proofs. In , Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings, volume 5350 of Lecture Notes in Computer Science, pages 234-252. Springer, 2008.
 J. Camenisch, M. Dubovitskaya, and G. Neven. Unlinkable priced oblivious transfer with rechargeable wallets. In , Financial Cryptography and Data Security, 14th International Conference, FC 2010, Tenerife, Canary Islands, January 25-28, 2010, Revised Selected Papers, volume 6052 of Lecture Notes in Computer Science, pages 66-81. Springer, 2010.
 D. Christin, A. Reinhardt, S. S. Kanhere, and M. Hollick. A survey on privacy in mobile participatory sensing applications. Journal of Systems and Software, 84(11):1928-1946, 2011.
 P. Dutta, P. M. Aoki, N. Kumar, A. M. Mainwaring, C. Myers, W. Willett, and A. Woodruff. Common sense: participatory urban sensing using a network of handheld air quality monitors. In SenSys, pages 349-350. ACM, 2009.
 M. Enzmann and M. Schneider. A privacy-friendly loyalty system for electronic marketplaces. In 2004 IEEE International Conference on e-Technology, e-Commerce, and e- Services (EEE 04), 29-31 March 2004, Taipei, Taiwan, pages 385-393. IEEE Computer Society, 2004.
 A. Escala, G. Herold, E. Kiltz, C. Ràfols, and J. L. Villar. An algebraic framework for Diffie-Hellman assumptions. In Proceedings of CRYPTO (2) 2013, number 8043 in Lecture Notes in Computer Science, pages 129-147. Springer, 2013.
 Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance - 9th International Workshop, DPM 2014, 7th International Workshop, SETOP 2014, and 3rd International Workshop, QASA 2014, Wroclaw, Poland, September 10-11, 2014. Revised Selected Papers, volume 8872 of Lecture Notes in Computer Science, 2015. Springer.
 Y. Gong, Y. Cai, Y. Guo, and Y. Fang. A privacy-preserving scheme for incentive-based demand response in the smart grid. IEEE Transactions on Smart Grid, 2015.
 G. Grewal, R. Azarderakhsh, P. Longa, S. Hu, and D. Jao. Efficient implementation of bilinear pairings on ARM processors. In Proceedings of Selected Areas in Cryptography 2012, number 7707 in Lecture Notes in Computer Science, pages 149-165. Springer, 2012.
 J. Groth and A. Sahai. Efficient non-interactive proof systems for bilinear groups. In Proceedings of EUROCRYPT 2008, number 4965 in Lecture Notes in Computer Science, pages 415-432. Springer, 2008.
 R. Johnson, D. Molnar, D. X. Song, and D. Wagner. Homomorphic signature schemes. In Proceedings of CT-RSA 2002, number 2271 in Lecture Notes in Computer Science, pages 244-262. Springer, 2002.
 W. Kempton and J. Tomic. Vehicle-to-grid power fundamentals: Calculating capacity and net revenue. Elsevier Journal of Power Sources, 144(1):268-279, 2005.
 E. Kiltz, J. Pan, and H. Wee. Structure-preserving signatures from standard assumptions, revisited. In , Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, Part II, volume 9216 of Lecture Notes in Computer Science, pages 275-295. Springer, 2015.
 Q. Li and G. Cao. Providing efficient privacy-aware incentives for mobile sensing. In IEEE 34th International Conference on Distributed Computing Systems, ICDCS 2014, Madrid, Spain, June 30 - July 3, 2014, pages 208-217. IEEE Computer Society, 2014.
 M. Milutinovic, I. Dacosta, A. Put, and B. De Decker. ucentive: An efficient, anonymous and unlinkable incentives scheme. In IEEE TrustCom-15, 2015.
 A. Rupp, F. Baldimtsi, G. Hinterwälder, and C. Paar. Cryptographic theory meets practice: Efficient and privacypreserving payments for public transport. ACM Trans. Inf. Syst. Secur., 17(3):10:1-10:31, 2015.
 V. Shoup. Lower bounds for discrete logarithms and related problems. In Proceedings of EUROCRYPT 1997, number 1233 in Lecture Notes in Computer Science, pages 256-266. Springer, 1997.
 Z. Yang, S. Yu, W. Lou, and C. Liu. P2: Privacy-preserving communication and precise reward architecture for v2g networks in smart grid. IEEE Trans. Smart Grid, 2(4):697-706, 2011.