Black-Box Accumulation: Collecting Incentives in a Privacy-Preserving Way

Open access


We formalize and construct black-box accumulation (BBA), a useful building block for numerous important user-centric protocols including loyalty systems, refund systems, and incentive systems (as, e.g., employed in participatory sensing and vehicle-to-grid scenarios). A core requirement all these systems share is a mechanism to let users collect and sum up values (call it incentives, bonus points, reputation points, etc.) issued by some other parties in a privacy-preserving way such that curious operators may not be able to link the different transactions of a user. At the same time, a group of malicious users may not be able to cheat the system by pretending to have collected a higher amount than what was actually issued to them.

As a first contribution, we fully formalize the core functionality and properties of this important building block. Furthermore, we present a generic and non-interactive construction of a BBA system based on homomorphic commitments, digital signatures, and non-interactive zero-knowledge proofs of knowledge. For our construction, we formally prove security and privacy properties. Finally, we propose a concrete instantiation of our construction using Groth-Sahai commitments and proofs as well as the optimal structure-preserving signature scheme of Abe et al. and analyze its efficiency.


  • [1] The German Big Brother Award.

  • [2] The Nectar loyalty program., 2015.

  • [3] The Payback loyalty program., 2015.

  • [4] The Coop Supercard loyalty program., 2015.

  • [5] M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo. Structure-preserving signatures and commitments to group elements. In Proceedings of CRYPTO 2010, number 6223 in Lecture Notes in Computer Science, pages 209-236. Springer, 2010.

  • [6] M. Abe, J. Groth, K. Haralambiev, and M. Ohkubo. Optimal structure-preserving signatures in asymmetric bilinear groups. In Proceedings of CRYPTO 2011, number 6841 in Lecture Notes in Computer Science, pages 649-666. Springer, 2011.

  • [7] M. H. Au, W. Susilo, and Y. Mu. Constant-size dynamic k-taa. IACR Cryptology ePrint Archive, 2008:136, 2008.

  • [8] P. S. L. M. Barreto and M. Naehrig. Pairing-friendly elliptic curves of prime order. In Proceedings of Selected Areas in Cryptography 2005, number 3897 in Lecture Notes in Computer Science, pages 319-331. Springer, 2005.

  • [9] D. Boneh and X. Boyen. Short signatures without random oracles. In , Advances in Cryptology - EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004, Proceedings, volume 3027 of Lecture Notes in Computer Science, pages 56-73. Springer, 2004.

  • [10] D. Boneh, B. Lynn, and H. Shacham. Short signatures from the weil pairing. In ASIACRYPT, volume 2248 of LNCS, pages 514-532. Springer, 2001.

  • [11] J. Camenisch, R. Chaabouni, and A. Shelat. Efficient protocols for set membership and range proofs. In , Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings, volume 5350 of Lecture Notes in Computer Science, pages 234-252. Springer, 2008.

  • [12] J. Camenisch, M. Dubovitskaya, and G. Neven. Unlinkable priced oblivious transfer with rechargeable wallets. In , Financial Cryptography and Data Security, 14th International Conference, FC 2010, Tenerife, Canary Islands, January 25-28, 2010, Revised Selected Papers, volume 6052 of Lecture Notes in Computer Science, pages 66-81. Springer, 2010.

  • [13] D. Christin, A. Reinhardt, S. S. Kanhere, and M. Hollick. A survey on privacy in mobile participatory sensing applications. Journal of Systems and Software, 84(11):1928-1946, 2011.

  • [14] P. Dutta, P. M. Aoki, N. Kumar, A. M. Mainwaring, C. Myers, W. Willett, and A. Woodruff. Common sense: participatory urban sensing using a network of handheld air quality monitors. In SenSys, pages 349-350. ACM, 2009.

  • [15] M. Enzmann and M. Schneider. A privacy-friendly loyalty system for electronic marketplaces. In 2004 IEEE International Conference on e-Technology, e-Commerce, and e- Services (EEE 04), 29-31 March 2004, Taipei, Taiwan, pages 385-393. IEEE Computer Society, 2004.

  • [16] A. Escala, G. Herold, E. Kiltz, C. Ràfols, and J. L. Villar. An algebraic framework for Diffie-Hellman assumptions. In Proceedings of CRYPTO (2) 2013, number 8043 in Lecture Notes in Computer Science, pages 129-147. Springer, 2013.

  • [17] Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance - 9th International Workshop, DPM 2014, 7th International Workshop, SETOP 2014, and 3rd International Workshop, QASA 2014, Wroclaw, Poland, September 10-11, 2014. Revised Selected Papers, volume 8872 of Lecture Notes in Computer Science, 2015. Springer.

  • [18] Y. Gong, Y. Cai, Y. Guo, and Y. Fang. A privacy-preserving scheme for incentive-based demand response in the smart grid. IEEE Transactions on Smart Grid, 2015.

  • [19] G. Grewal, R. Azarderakhsh, P. Longa, S. Hu, and D. Jao. Efficient implementation of bilinear pairings on ARM processors. In Proceedings of Selected Areas in Cryptography 2012, number 7707 in Lecture Notes in Computer Science, pages 149-165. Springer, 2012.

  • [20] J. Groth and A. Sahai. Efficient non-interactive proof systems for bilinear groups. In Proceedings of EUROCRYPT 2008, number 4965 in Lecture Notes in Computer Science, pages 415-432. Springer, 2008.

  • [21] R. Johnson, D. Molnar, D. X. Song, and D. Wagner. Homomorphic signature schemes. In Proceedings of CT-RSA 2002, number 2271 in Lecture Notes in Computer Science, pages 244-262. Springer, 2002.

  • [22] W. Kempton and J. Tomic. Vehicle-to-grid power fundamentals: Calculating capacity and net revenue. Elsevier Journal of Power Sources, 144(1):268-279, 2005.

  • [23] E. Kiltz, J. Pan, and H. Wee. Structure-preserving signatures from standard assumptions, revisited. In , Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, Part II, volume 9216 of Lecture Notes in Computer Science, pages 275-295. Springer, 2015.

  • [24] Q. Li and G. Cao. Providing efficient privacy-aware incentives for mobile sensing. In IEEE 34th International Conference on Distributed Computing Systems, ICDCS 2014, Madrid, Spain, June 30 - July 3, 2014, pages 208-217. IEEE Computer Society, 2014.

  • [25] M. Milutinovic, I. Dacosta, A. Put, and B. De Decker. ucentive: An efficient, anonymous and unlinkable incentives scheme. In IEEE TrustCom-15, 2015.

  • [26] A. Rupp, F. Baldimtsi, G. Hinterwälder, and C. Paar. Cryptographic theory meets practice: Efficient and privacypreserving payments for public transport. ACM Trans. Inf. Syst. Secur., 17(3):10:1-10:31, 2015.

  • [27] V. Shoup. Lower bounds for discrete logarithms and related problems. In Proceedings of EUROCRYPT 1997, number 1233 in Lecture Notes in Computer Science, pages 256-266. Springer, 1997.

  • [28] Z. Yang, S. Yu, W. Lou, and C. Liu. P2: Privacy-preserving communication and precise reward architecture for v2g networks in smart grid. IEEE Trans. Smart Grid, 2(4):697-706, 2011.

Journal Information


All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 23 23 23
PDF Downloads 4 4 4