We formalize and construct black-box accumulation (BBA), a useful building block for numerous important user-centric protocols including loyalty systems, refund systems, and incentive systems (as, e.g., employed in participatory sensing and vehicle-to-grid scenarios). A core requirement all these systems share is a mechanism to let users collect and sum up values (call it incentives, bonus points, reputation points, etc.) issued by some other parties in a privacy-preserving way such that curious operators may not be able to link the different transactions of a user. At the same time, a group of malicious users may not be able to cheat the system by pretending to have collected a higher amount than what was actually issued to them.
As a first contribution, we fully formalize the core functionality and properties of this important building block. Furthermore, we present a generic and non-interactive construction of a BBA system based on homomorphic commitments, digital signatures, and non-interactive zero-knowledge proofs of knowledge. For our construction, we formally prove security and privacy properties. Finally, we propose a concrete instantiation of our construction using Groth-Sahai commitments and proofs as well as the optimal structure-preserving signature scheme of Abe et al. and analyze its efficiency.
If the inline PDF is not rendering correctly, you can download the PDF file here.
 The German Big Brother Award. https://bigbrotherawards.de/en.
 The Nectar loyalty program. https://www.nectar.com/ 2015.
 The Payback loyalty program. https://www.payback.de/ 2015.
 The Coop Supercard loyalty program. https://www.coop.ch/pb/site/supercard/node/80441723/Lde/index.html?secure=true 2015.
 M. Abe G. Fuchsbauer J. Groth K. Haralambiev and M. Ohkubo. Structure-preserving signatures and commitments to group elements. In Proceedings of CRYPTO 2010 number 6223 in Lecture Notes in Computer Science pages 209-236. Springer 2010.
 M. Abe J. Groth K. Haralambiev and M. Ohkubo. Optimal structure-preserving signatures in asymmetric bilinear groups. In Proceedings of CRYPTO 2011 number 6841 in Lecture Notes in Computer Science pages 649-666. Springer 2011.
 M. H. Au W. Susilo and Y. Mu. Constant-size dynamic k-taa. IACR Cryptology ePrint Archive 2008:136 2008.
 P. S. L. M. Barreto and M. Naehrig. Pairing-friendly elliptic curves of prime order. In Proceedings of Selected Areas in Cryptography 2005 number 3897 in Lecture Notes in Computer Science pages 319-331. Springer 2005.
 D. Boneh and X. Boyen. Short signatures without random oracles. In Advances in Cryptology - EUROCRYPT 2004 International Conference on the Theory and Applications of Cryptographic Techniques Interlaken Switzerland May 2-6 2004 Proceedings volume 3027 of Lecture Notes in Computer Science pages 56-73. Springer 2004.
 D. Boneh B. Lynn and H. Shacham. Short signatures from the weil pairing. In ASIACRYPT volume 2248 of LNCS pages 514-532. Springer 2001.
 J. Camenisch R. Chaabouni and A. Shelat. Efficient protocols for set membership and range proofs. In Advances in Cryptology - ASIACRYPT 2008 14th International Conference on the Theory and Application of Cryptology and Information Security Melbourne Australia December 7-11 2008. Proceedings volume 5350 of Lecture Notes in Computer Science pages 234-252. Springer 2008.
 J. Camenisch M. Dubovitskaya and G. Neven. Unlinkable priced oblivious transfer with rechargeable wallets. In Financial Cryptography and Data Security 14th International Conference FC 2010 Tenerife Canary Islands January 25-28 2010 Revised Selected Papers volume 6052 of Lecture Notes in Computer Science pages 66-81. Springer 2010.
 D. Christin A. Reinhardt S. S. Kanhere and M. Hollick. A survey on privacy in mobile participatory sensing applications. Journal of Systems and Software 84(11):1928-1946 2011.
 P. Dutta P. M. Aoki N. Kumar A. M. Mainwaring C. Myers W. Willett and A. Woodruff. Common sense: participatory urban sensing using a network of handheld air quality monitors. In SenSys pages 349-350. ACM 2009.
 M. Enzmann and M. Schneider. A privacy-friendly loyalty system for electronic marketplaces. In 2004 IEEE International Conference on e-Technology e-Commerce and e- Services (EEE 04) 29-31 March 2004 Taipei Taiwan pages 385-393. IEEE Computer Society 2004.
 A. Escala G. Herold E. Kiltz C. Ràfols and J. L. Villar. An algebraic framework for Diffie-Hellman assumptions. In Proceedings of CRYPTO (2) 2013 number 8043 in Lecture Notes in Computer Science pages 129-147. Springer 2013.
 Data Privacy Management Autonomous Spontaneous Security and Security Assurance - 9th International Workshop DPM 2014 7th International Workshop SETOP 2014 and 3rd International Workshop QASA 2014 Wroclaw Poland September 10-11 2014. Revised Selected Papers volume 8872 of Lecture Notes in Computer Science 2015. Springer.
 Y. Gong Y. Cai Y. Guo and Y. Fang. A privacy-preserving scheme for incentive-based demand response in the smart grid. IEEE Transactions on Smart Grid 2015.
 G. Grewal R. Azarderakhsh P. Longa S. Hu and D. Jao. Efficient implementation of bilinear pairings on ARM processors. In Proceedings of Selected Areas in Cryptography 2012 number 7707 in Lecture Notes in Computer Science pages 149-165. Springer 2012.
 J. Groth and A. Sahai. Efficient non-interactive proof systems for bilinear groups. In Proceedings of EUROCRYPT 2008 number 4965 in Lecture Notes in Computer Science pages 415-432. Springer 2008.
 R. Johnson D. Molnar D. X. Song and D. Wagner. Homomorphic signature schemes. In Proceedings of CT-RSA 2002 number 2271 in Lecture Notes in Computer Science pages 244-262. Springer 2002.
 W. Kempton and J. Tomic. Vehicle-to-grid power fundamentals: Calculating capacity and net revenue. Elsevier Journal of Power Sources 144(1):268-279 2005.
 E. Kiltz J. Pan and H. Wee. Structure-preserving signatures from standard assumptions revisited. In Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference Santa Barbara CA USA August 16-20 2015 Proceedings Part II volume 9216 of Lecture Notes in Computer Science pages 275-295. Springer 2015.
 Q. Li and G. Cao. Providing efficient privacy-aware incentives for mobile sensing. In IEEE 34th International Conference on Distributed Computing Systems ICDCS 2014 Madrid Spain June 30 - July 3 2014 pages 208-217. IEEE Computer Society 2014.
 M. Milutinovic I. Dacosta A. Put and B. De Decker. ucentive: An efficient anonymous and unlinkable incentives scheme. In IEEE TrustCom-15 2015.
 A. Rupp F. Baldimtsi G. Hinterwälder and C. Paar. Cryptographic theory meets practice: Efficient and privacypreserving payments for public transport. ACM Trans. Inf. Syst. Secur. 17(3):10:1-10:31 2015.
 V. Shoup. Lower bounds for discrete logarithms and related problems. In Proceedings of EUROCRYPT 1997 number 1233 in Lecture Notes in Computer Science pages 256-266. Springer 1997.
 Z. Yang S. Yu W. Lou and C. Liu. P2: Privacy-preserving communication and precise reward architecture for v2g networks in smart grid. IEEE Trans. Smart Grid 2(4):697-706 2011.