Today, there exists a wide variety of applications that the average person can use to interact with other over the Internet. However, most of the currently available applications severely lack in the areas of security and accountability. Authentication usually relies on the user sending a password to a central server over an insecure network, which provides minimal security against

impersonation. Accountability is non-existent; although system administrators can revoke the privileges of disruptive users ("banning" or "blacklisting" the user), in most cases, nothing prevents the latter from registering again with the system to

resume their behaviour. One obvious solution to these problems involves the deployment of standard public-key infrastructures (PKI) tied to each user's real-world identity. However, while this would improve security and accountability, it would utterly destroy the small amount of privacy that the current applications

offer to the user.

 

We therefore propose an architecture that uses privacy-preserving digital credentials as the fundamental building block of a public-key infrastructure which would complement existing applications. Such digital credentials are used to create untraceable pseudonyms that prevent impersonation. Moreover, and we use the privacy-preserving properties of these credentials to provide the following key feature: although no one can establish an explicit link between an honest user's pseudonyms and his/her real identity, nor between two pseudonyms which belong to the

same user, administrators can effectively ban all of a disruptive user's pseudonyms by banning one of them (even if they do not know which other pseudonyms belong to the disruptive user), thus holding pseudonym owners accountable for their actions.