Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

[Translate to English:] AG Codes und Kryptographie Show image information

[Translate to English:] AG Codes und Kryptographie

Incentive Systems

Incentive systems (or loyalty programs) are systems where customers collect “bonus” points, for example 1 point for every Euro spent at the grocery store, or frequent flyer miles. Customers can then spend these points on rewards.


In practice, these systems are privacy nightmares. Stores can track each customer’s purchases whenever they present their customer loyalty card, which uniquely identifies the customer.


Our goal is design privacy-preserving incentive systems where customers do not reveal any identifying information about themselves, but can still partake in the incentive system.

The trick is to store the customer’s point count on the customer’s phone (instead of in a central database at the store). The point count is authenticated with a digital signature. We then use cryptographic protocols to allow the store to increment or decrement the authenticated point count without learning anything about the customer’s identity or even their current/future point count.

This can be achieved with techniques similar to anonymous credentials. However, an additional consideration is double-spending protection: we need to prevent customers from, say, using the signature S certifying 100 points to earn rewards costing 90 points, then discarding the remainder signature S’ on the updated point count of 10, and instead using the signature S to spend 100 points again. In this process, the customer would never actually “lose” points, being able to just use their maximum point count again and again.

Our goal is to create systems where double-spending can be prevented and detected in a way that still respects the privacy of honest customers. Such systems can also be used for other applications where double-spending is an issue, such as bus tickets, digital currencies, etc.

A prototype implementation is currently in development.


Open list in Research Information System

Updatable Anonymous Credentials and Applications to Incentive Systems

J. Blömer, J. Bobolz, D.P. Diemert, F. Eidens, in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security - CCS '19, 2019

In this paper, we introduce updatable anonymous credential systems (UACS) and use them to construct a new privacy-preserving incentive system. In a UACS, a user holding a credential certifying some attributes can interact with the corresponding issuer to update his attributes. During this, the issuer knows which update function is run, but does not learn the user's previous attributes. Hence the update process preserves anonymity of the user. One example for a class of update functions are additive updates of integer attributes, where the issuer increments an unknown integer attribute value v by some known value k. This kind of update is motivated by an application of UACS to incentive systems. Users in an incentive system can anonymously accumulate points, e.g. in a shop at checkout, and spend them later, e.g. for a discount.

Privacy-Preserving Incentive Systems with Highly Efficient Point-Collection

J. Bobolz, F. Eidens, S. Krenn, D. Slamanig, C. Striecks, in: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS ’20),, ACM, 2020

Open list in Research Information System

The University for the Information Society