User-generated pseudonyms through Merkle trees

TL;DR

This paper presents a Merkle tree-based pseudonymisation method that enables users to generate unlinkable pseudonyms without third-party involvement, ensuring privacy, proof of ownership, and post-quantum security.

Contribution

The paper introduces a novel pseudonymisation scheme leveraging Merkle trees, providing unlinkability, ownership proof, and post-quantum security without third-party reliance.

Findings

Pseudonyms depend on multiple user identifiers.

The scheme maintains unlinkability between pseudonyms.

It inherits Merkle tree security properties, including post-quantum resistance.

Abstract

A pseudonymisation technique based on Merkle trees is described in this paper. More precisely, by exploiting inherent properties of the Merkle trees as cryptographic accumulators, we illustrate how user-generated pseudonyms can be constructed, without the need of a third party. Each such pseudonym, which depends on several user's identifiers, suffices to hide these original identifiers, whilst the unlinkability property between any two different pseudonyms for the same user is retained; at the same time, this pseudonymisation scheme allows the pseudonym owner to easily prove that she owns a pseudonym within a specific context, without revealing information on her original identifiers. Compared to other user-generated pseudonymisation techniques which utilize public key encryption algorithms, the new approach inherits the security properties of a Merkle tree, thus achieving post-quantum security.