Online privacy is an increasingly important problem, as many services are now offered in a digital form. Privacy (or the lack thereof) is of a special concern in subscriptions to large data repositories with heterogeneous information, where the service provider can easily profile its users and sell that information to third parties. In this work we present the design and implementation of a system that closely resembles the current practice of subscriptions to many services such as newspapers, digital libraries, music collections, etc., but at the same time offers anonymous access to the service. As with current practice, in our solution a user subscribes to the service obtaining access to it for a certain period of time, at the end of which the subscription expires.

In our system user access is always anonymous and no two transactions by the same user can be linked together. Moreover, the system assures a high level of protection to the service provider, as a user cannot share her subscription credentials with others without denying herself access to the service. We present experimental results showing that the design of our system results in only small computation overheads, in addition to having very low communication requirements. The main objective of this work is thus to illustrate the practically of integrating anonymity into today's subscription-based services.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	G. Ateniese, D. Song, and G. Tsudik. Quasi-efficient revocation of group signatures. In Financial Cryptography (FC'02), pages 183--197, 2002.
	2	Michael Backes , Jan Camenisch , Dieter Sommer, Anonymous yet accountable access control, Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November 07-07, 2005, Alexandria, VA, USA  [doi>10.1145/1102199.1102208]
	3	M. Belenkiy, M. Chase, M. Kohlweiss, and A. Lysyanskaya. Non-interactive anonymous credentials. In To appear in Theory of Cryptography Conference (TCC'08), 2008.
	4	D. Boneh, X. Boyen, and H. Shacham. Short group signatures. In Advances in Cryptology - CRYPTO'04, volume 3152 of LNCS, pages 41--55, 2004. Full version availalbe at http://crypto.stanford.edu/~dabo/abstracts/groupsigs.pdf.
	5	F. Boudot. Efficient proofs that a committed number lies in an interval. In Advances in Cryptology - EUROCRYPT'00, volume 1807 of LNCS, pages 431--444, 2000.
	6	S. Brands. A technical overview of digital credentials. Unpublished manuscript. Available from http://www.credentica.com/whitepapers.php.
	7	Stefan A. Brands, An Efficient Off-line Electronic Cash System Based On The Representation Problem., CWI (Centre for Mathematics and Computer Science), Amsterdam, The Netherlands, 1993
	8	Stefan Brands, Untraceable off-line cash in wallet with observers, Proceedings of the 13th annual international cryptology conference on Advances in cryptology, p.302-318, January 1994, Santa Barbara, California, United States
	9	Emmanuel Bresson , Jacques Stern, Efficient Revocation in Group Signatures, Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography, p.190-206, February 13-15, 2001
	10	Emmanuel Bresson , Jacques Stern, Proofs of Knowledge for Non-monotone Discrete-Log Formulae and Applications, Proceedings of the 5th International Conference on Information Security, p.272-288, September 30-October 02, 2002
	11	J. Camenisch and J. Groth. Group signatures: Better efficiencey and new theoretical results. In Conference on Security in Communication Networks (SCN'04), volume 3352 of LNCS, pages 120--133, 2005.
	12	Jan Camenisch , Susan Hohenberger , Markulf Kohlweiss , Anna Lysyanskaya , Mira Meyerovich, How to win the clonewars: efficient periodic n-times anonymous authentication, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180405.1180431]
	13	Jan Camenisch , Anna Lysyanskaya, Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials, Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, p.61-76, August 18-22, 2002
	14	J. Camenisch and A. Lysyanskaya. A signature scheme with efficient protocols. In Conference on Security in Communication Networks (SCN'02), volume 2576 of LNCS, pages 268--289, 2002.
	15	J. Camenisch and A. Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In Advances in Cryptology - CRYPTO'04, pages 56--72, 2004.
	16	J. Camenisch and M. Michels. Proving in zero-knowledge that a number is the product of two safe primes. In Advances in Cryptology - EUROCRYPT'99, volume 1592 of LNCS, pages 107--122, 1999.
	17	J. Camenisch, D. Sommer, and R. Zimmermann. A general certification framework with applications to privacy-enhancing certificate infrastructures. In IFIP International Information Security Conference (SEC'06), May 2006.
	18	Jan Camenisch , Markus Stadler, Efficient Group Signature Schemes for Large Groups (Extended Abstract), Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, p.410-424, August 17-21, 1997
	19	J. Camenisch and M. Stadler. Proof systems for general statements about discrete logarithms. Technical Report No. 260, ETH Zurich, 1997.
	20	David Chaum , Jan-Hendrik Evertse , Jeroen van de Graaf , René Peralta, Demonstrating possession of a discrete logarithm without revealing it, Proceedings on Advances in cryptology---CRYPTO '86, p.200-212, January 1987, Santa Barbara, California, United States
	21	D. Chaum, J.-H. Evertse, and J. van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In Advances in Cryptology - EUROCRYPT'87, volume 304 of LNCS, pages 127--141, 1988.
	22	Ronald Cramer , Ivan Damgård , Berry Schoenmakers, Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols, Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology, p.174-187, August 21-25, 1994
	23	A. De Santis, G. Di Crescenzo, G. Persiano, and M. Yung. On monotone formula closure in SZK. In Symposium on Foundations of Computer Science (FOCS'94), pages 454--465, 1994.
	24	Xuhua Ding , Gene Tsudik , Shouhuai Xu, Leak-Free Group Signatures with Immediate Revocation, Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04), p.608-615, March 24-26, 2004
	25	Roger Dingledine , Nick Mathewson , Paul Syverson, Tor: the second-generation onion router, Proceedings of the 13th conference on USENIX Security Symposium, p.21-21, August 09-13, 2004, San Diego, CA
	26	Amos Fiat , Adi Shamir, How to prove yourself: practical solutions to identification and signature problems, Proceedings on Advances in cryptology---CRYPTO '86, p.186-194, January 1987, Santa Barbara, California, United States
	27	S. Galbraith, K. Paterson, and N. Smart. Pairings for cryptographers. Cryptology ePrint Archive Report 2006/165, http://eprint.iacr.org/2006/165, 2006.
	28	J. Groth and A. Sahai. Efficient non-interactive proof systems for bilinear groups. IACR ePrint Archive Report 2007/155, http://eprint.iacr.org/2007/155, 2007.
	29	Anna Lysyanskaya , Ronald L. Rivest , Amit Sahai , Stefan Wolf, Pseudonym Systems, Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography, p.184-199, August 09-10, 1999
	30	Wenbo Mao, Guaranteed Correct Sharing of Integer Factorization with Off-Line Shareholders, Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography, p.60-71, February 05-06, 1998
	31	L. Nguyen and R. Safani-Naini. Dynamic k-times anonymous authentication. In ACNS, volume 3531 of LNCS, pages 318--333, 2005.
	32	Pino Persiano , Ivan Visconti, A secure and private system for subscription-based remote services, ACM Transactions on Information and System Security (TISSEC), v.6 n.4, p.472-500, November 2003  [doi>10.1145/950191.950193]
	33	Z. Ramzan and M. Ruhl. Protocols for anonymous subscription services. Unpublished manuscript, 2000.
	34	Stuart Schechter , Todd Parnell , Alexander Hartemink, Anonymous Authentication of Membership in Dynamic Groups, Proceedings of the Third International Conference on Financial Cryptography, p.184-195, February 01, 1999
	35	C. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology, 4(3):239--252, 1991.
	36	M. Scott. MIRACL library. Indigo software, http://indigo.ie/~mscott.
	37	Dawn Xiaodong Song, Practical forward secure group signature schemes, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA  [doi>10.1145/501983.502015]
	38	Stuart G. Stubblebine , Paul F. Syverson , David M. Goldschlag, Unlinkable serial transactions: protocols and applications, ACM Transactions on Information and System Security (TISSEC), v.2 n.4, p.354-389, Nov. 1999  [doi>10.1145/330382.330384]
	39	I. Teranishi, J. Furukawa, and K. Sako. k-times anonymous authentication. In ASIACRYPT'04, volume 3329 of LNCS, pages 308--322, 2004.