Crypto-Book: An Architecture for Privacy Preserving Online Identities

Through cross-site authentication schemes such as OAuth and OpenID, users increasingly rely on popular social net-working sites for their digital identities–but use of these iden-tities brings privacy and tracking risks. We propose Crypto-Book, an extension to existing digital identity infrastructures that offers privacy-preserving, digital identities through the use of public key cryptography and ring signatures. Crypto-Book builds a privacy-preserving cryptographic layer atop existing social network identities, via third-party key servers that convert social network identities into public/private key-pairs on demand. Using linkable ring signatures, these key-pairs along with the public keys of other identities create unique pseudonyms untraceable back to the owner yet can resist anonymous abuse. Our proof-of-concept implementation of Crypto-Book cre-ates public/private key pairs for Facebook users, and includes a private key pickup protocol based on E-mail. We present Black Box, a case study application that uses Crypto-Book for accountable anonymous whistle-blowing. Black Box al-lows users to sign files deniably using ring signatures, using a list of arbitrary Facebook users – who need not consent or even be aware of this use – as an explicit anonymity set.