The amount of data exchanged on the Internet is growing every day, outpacing the growth in speed of communication protocols. So to avoid data congestion, solutions are needed quickly: one of them could be data minimization, which consists of transmitting only the data needed to accomplish the task at hand. This is useful in all circumstances, but becomes paramount when applied to fields like identity management and privacy protection, which have profound implications in everyday life.

This paper, developed at the Coding Theory and Cryptology Group at Eindhoven University of Technology, basically compares protocols implementing data minimization. It first establishes an overall formal model to define personal information, essential to yield measurable and verifiable results when applied to real-life scenarios; this model is described both in plain text and in mathematical terms. Then, the authors test several protocols against this model using a prototype Prolog application, which is mentioned but not described in detail. Finally, as a real-life case study, the method is applied to four widespread applications: smart certificates, a linking service model, an identity mixer, and a smartcard scheme. The authors test how well these scenarios adhere to the mathematical model previously defined.

This research paper is not particularly suited for lay people, or even IT practitioners. However, aside from the immediate interest of its results, with its rich reference section, it takes the pulse of the coding and cryptology communities.