In-Depth Explanation of Basenames

This in-depth explanation covers the use of basenames in the Intel® EPID scheme. It provides detail on name based signatures, random base signatures and how and when they are used.


Random Base Signatures

random_base.png

By default, members sign using a random basename that is not shared with the verifier. This signing method is also referred to as signing using random base. Signing using random base provides the strongest privacy properties for the signer. If a member signs using random base, the signature generated by the member is anonymous.

When the signer and verifier agree to use random base, the basename is chosen at random for each signature. Two signatures using a random base cannot be linked to the same signer.

Name Based Signatures

base_name.png

A name based signature is a type of signature that gives the verifier the ability to link Intel® EPID signatures from the same member, reducing the member's privacy. When using name based signatures, the signer and verifier agree on an explicit basename.

The verifier can ask the member to sign a message with a basename that the verifier chooses. If the member agrees to use a name based signature, then all the signatures created by the member using the same basename are linkable by the verifier, reducing the member's privacy.

Reasons why a verifier might require members to use a basename when signing include the following:

  • Profiling for Advertising Widget-Mart wants to show targeted advertising to privacy-conscious customers. Widget-Mart requests that all customers use a specific basename so that Widget-Mart can build an individualized profile for each anonymous user, while Intel® EPID technology ensures that the retailer does not have the ability to aggregate that information with other retailers to build a more extensive profile of the consumer.
  • Voting A voting machine is designed so that each anonymous authorized voter can only vote once per race. A basename per office being contested allows the verifier to confirm that the voter has not already voted for that office, without revealing their identity or correlating their voting patterns across multiple races.
Warning
The use of a name-based signature creates a platform unique pseudonymous identifier. Because it reduces the member's privacy, the user should be notified when it is used and should have control over its use.