Date of Completion


Embargo Period



grade, cryptography, privacy-preserving

Major Advisor

Aggelos Kiayias

Co-Major Advisor

Alexander Russell

Associate Advisor

Donald Sheehy

Associate Advisor

Marten Van Dijk

Field of Study

Computer Science and Engineering


Doctor of Philosophy

Open Access

Open Access


This thesis studies a particular functionality for privacy-preserving systems, that allows a user to demonstrate a proof showing that the user has been approved by a number of authorities, without revealing their identities. We first consider this functionality for two fundamental cryptosystems: digital signature schemes, and public key encryption schemes, and introduce a new notion ``grade" for these systems. Within this scope, we formalize two new primitives, graded signatures and graded encryption.

Graded signature schemes enable a user to consolidate a set of signatures on a message m originating from l different signers. The resulting consolidated signature object on m reveals nothing more than the grade of the signature and the validity of the original signatures without leaking the identity of the signers. On the other hand, graded encryption schemes allow a sender to specify a numerical grade i for the ciphertext during the encryption depending on the importance of the message. Users can only decrypt messages directed to their identity at grade i as long as they have contacted i authorities in sequential order. We present efficient constructions and useful applications such as multi-stage gamesplayed in a distributed fashion for graded encryption and anonymous petition system for graded signatures.

In systems having a large number of participants, e.g., large scale privacy-preserving petitions, a graded signature scheme with linear size signatures will not be an efficient tool in practice. We observe that if we distribute the signing keys of the scheme associated to different grades in an efficient way, we can obtain a graded signature scheme that enjoys constant size signatures. In this direction, we revisit the problem of minimizing the share size of a multi-secret sharing scheme (MSSS). To circumvent the information-theoretic lower bound, we focus on the computational setting, and present an efficient construction of the MSSS with share size only logarithmic in the number of secrets (hence effectively optimal).