Mutual Accountability Layer: Accountable Anonymity Within Accountable Trust.

Anonymous cryptographic primitives reduce the traces left by users when they interact over a digital platform. But they also prevent a platform owner from holding users accountable for malicious behaviour. Revocable anonymity offers a compromise by allowing only the manager of the digital platform to de-anonymize a user's activities when necessary. However, amisbehavingmanager can abuse their de-anonymization power by de-anonymizing activities without the user's awareness. Although previous works mitigate this issue by distributing the de-anonymization power across several entities, there is no comprehensive and formal treatment where both accountability and non-frameability (i.e., the inability to falsely accuse a party of misbehavior) for both the user and the manager are explicitly defined and provably achieved. In this paper we formally define mutual accountability: a user can be held accountable for her otherwise anonymous digital actions and a manager is held accountable for every de-anonymization attempt. Also, no honest party can be framed regardless of what malicious parties do. In contrast with previous work, we do not distribute the de-anonymization power across entities, instead, we decouple the power of de-anonymization from the power of monitoring de-anonymization attempts. This allows for greater flexibility, particularly in the choice of the monitoring entities. We show that our framework can be instantiated generically from threshold encryption schemes and succinct non-interactive zero-knowledge. We also show that the highly-efficient threshold group signature scheme by Camenisch et al. (SCN'20) can be modified and extended to instantiate our framework.