Mayla Bruso (TU/e)

Dissecting Unlinkability

Unlinkability is a privacy property of crucial importance for several types of systems (such as RFID or voting systems). Informally, unlinkability states that, given two events/items in a system, an attacker should not be able to tell whether they are related. However, in the literature we find several definitions for this notion, which are apparently unrelated, causing a potentially problematic lack of agreement. This talk sheds new light on unlinkability by comparing different ways of defining it and showing that in many practical situations the various definitions are actually equivalent. It does so (a) by introducing three different yet "natural" definitions of unlinkability (b) by demonstrating how these definitions are different yet related to each other and to their dual notion of "inseparability" and (c) by identifying conditions under which these definitions become equivalent. We also show that, for a generic class of simple identification protocols, the aforementioned conditions are satisfied, and we argue that they should hold in most RFID and identification systems.  

---

Last Version - $Revision: 1.1 $ / $Date: 2005/10/26 19:49:10 $
Maintained by Jaap-Henk Hoepman
Email: