Universal re-encryption of signatures 
             and controlling anonymous information flow

   Marek Klonowski,  Miroslaw Kutylowski, Anna Lauks, Filip Zagorski
           partially  supported by KBN, project 0 T00A 003 23

Anonymous communication protocols, very essential for preserving privacy
of  the  parties communicating, may lead to severe problems. A malicious
server may use anonymous communication protocols for injecting unwelcome
messages  into  the system so that their source can be hardly traced. So
anonymity and privacy protection on one side and protection against such
phenomena as spam are so far contradictory goals.

We propose a mechanism that may be used  to  limit  the  mentioned  side
effects  of  privacy  protection.  During  the  protocol  proposed  each
encrypted message admitted into the system is  signed  by  a  respective
authority.  Then, on its route through the network the encrypted message
and the signature are re-encrypted universally. The purpose of universal
re-encryption  is  to  hide  the routes of the messages from an observer
monitoring the traffic.

Despite re-encryption, the signature of  the  authority  remains  valid.
Depending  on a particular application, verification of the signature is
possible either off-line by anybody with the access  to  the  ciphertext
and  the  signature or requires contacting the authority that has issued
the signature.

Our work is an extension of recent works by Golle, Jakobsson, Juels  and
Syverson.