A matinee of cryptographic topics

Similar documents
An untraceable, universally verifiable voting scheme

Paper-based electronic voting

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy

Individual Verifiability in Electronic Voting

CRYPTOGRAPHIC PROTOCOLS FOR TRANSPARENCY AND AUDITABILITY IN REMOTE ELECTRONIC VOTING SCHEMES

RECEIPT-FREE UNIVERSALLY-VERIFIABLE VOTING WITH EVERLASTING PRIVACY

Addressing the Challenges of e-voting Through Crypto Design

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia


Ad Hoc Voting on Mobile Devices

How to challenge and cast your e-vote

Swiss E-Voting Workshop 2010

Protocol to Check Correctness of Colorado s Risk-Limiting Tabulation Audit

A Linked-List Approach to Cryptographically Secure Elections Using Instant Runoff Voting

A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION

Split-Ballot Voting: Everlasting Privacy With Distributed Trust

Johns Hopkins University Security Privacy Applied Research Lab

Privacy of E-Voting (Internet Voting) Erman Ayday

Secure Voter Registration and Eligibility Checking for Nigerian Elections

Lecture 6 Cryptographic Hash Functions

Formal Verification of Selene with the Tamarin prover

Survey of Fully Verifiable Voting Cryptoschemes

Selene: Voting with Transparent Verifiability and Coercion-Mitigation

On e-voting and privacy

HASHGRAPH CONSENSUS: DETAILED EXAMPLES

Int. J. of Security and Networks, Vol. x, No. x, 201X 1, Vol. x, No. x, 201X 1

A Design of Secure Preferential E-Voting

Towards Secure Quadratic Voting

Cryptographic Voting Protocols: Taking Elections out of the Black Box

Union Elections. Online Voting. for Credit. Helping increase voter turnout & provide accessible, efficient and secure election processes.

Cobra: Toward Concurrent Ballot Authorization for Internet Voting

Exact, Efficient and Information-Theoretically Secure Voting with an Arbitrary Number of Cheaters

A homomorphic encryption-based secure electronic voting scheme

Voting with Unconditional Privacy by Merging Prêt-à-Voter and PunchScan

A Robust Electronic Voting Scheme Against Side Channel Attack

An Application of time stamped proxy blind signature in e-voting

The usage of electronic voting is spreading because of the potential benefits of anonymity,

Exposure-Resilience for Free: The Hierarchical ID-based Encryption Case

Estonian National Electoral Committee. E-Voting System. General Overview

Mechanism design: how to implement social goals

evoting after Nedap and Digital Pen

Code Voting With Linkable Group Signatures

4. Student ID Card Copy (If you bring your card to the Office of Global Studies, we ll make the copy for you!)

German Federal Ministry of the Interior 20 August / 6

Maps and Hash Tables. EECS 2011 Prof. J. Elder - 1 -

Every Vote Counts: Ensuring Integrity in Large-Scale DRE-based Electronic Voting

Primecoin: Cryptocurrency with Prime Number Proof-of-Work

Local differential privacy

Uncovering the veil on Geneva s internet voting solution

A Receipt-free Multi-Authority E-Voting System

vvote: a Verifiable Voting System

TECHNICAL REPORT SERIES. No. CS-TR-1071 February, Human readable paper verification of Pret a Voter. David Lundin and Peter Y. A. Ryan.

Running head: ROCK THE BLOCKCHAIN 1. Rock the Blockchain: Next Generation Voting. Nikolas Roby, Patrick Gill, Michael Williams

Electronic Voting. Mohammed Awad. Ernst L. Leiss

Voting System: elections

福井大学審査 学位論文 博士 ( 工学 )

Electronic Voting Service Using Block-Chain

Receipt-Free Electronic Voting Scheme with a Tamper-Resistant Randomizer

2 IEICE TRANS. FUNDAMENTALS, VOL., NO. to the counter through an anonymous channel. Any voter may not send his secret key to the counter and then the

Kleros. Short Paper v Clément Lesaege and Federico Ast. January 2018

Netvote: A Blockchain Voting Protocol

(67686) Mathematical Foundations of AI June 18, Lecture 6

On Some Incompatible Properties of Voting Schemes

Towards Trustworthy e-voting using Paper Receipts

Secure Electronic Voting

The Effectiveness of Receipt-Based Attacks on ThreeBallot

A user-friendly guide to voting in Canada

Prêt à Voter: a Voter-Verifiable Voting System Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, and Zhe Xia

Voting Protocol. Bekir Arslan November 15, 2008

A REPORT BY THE NEW YORK STATE OFFICE OF THE STATE COMPTROLLER

Blind Signatures in Electronic Voting Systems

Biometrics how to put to use and how not at all?

Coalitional Game Theory

Autonocoin: A Proof-of-Belief Cryptocurrency

SoK: Verifiability Notions for E-Voting Protocols

Social Choice. CSC304 Lecture 21 November 28, Allan Borodin Adapted from Craig Boutilier s slides

Privacy Issues in an Electronic Voting Machine

Topics on the Border of Economics and Computation December 18, Lecture 8

SECURE REMOTE VOTER REGISTRATION

( ) Page: 1/5 WORK PROGRAMME ON ELECTRONIC COMMERCE ELECTRONIC SIGNATURES. Communication from Argentina, Brazil and Paraguay

Nonexistence of Voting Rules That Are Usually Hard to Manipulate

The Analytics of the Wage Effect of Immigration. George J. Borjas Harvard University September 2009

CHAPTER 2 LITERATURE REVIEW

A procedure to compute a probabilistic bound for the maximum tardiness using stochastic simulation

Design of Distributed Voting Systems

Presidential Decree No. 513 of 10 November 1997

FINAL REPORT ON THE LAW OF INFORMATION TECHNOLOGY

to Enforcement Judgment of Civil Cases Responses to Inquiries Relating Legal Execution Department, Ministry of Justice Legal Execution Department

Prêt à Voter with Confirmation Codes

Biometrics how to put to use and how not at all?

Design and Prototype of a Coercion-Resistant, Voter Verifiable Electronic Voting System

Maps, Hash Tables and Dictionaries

Ballot secrecy with malicious bulletin boards

Coalition Formation and Selectorate Theory: An Experiment - Appendix

2018 Election Calendar

Key Considerations for Implementing Bodies and Oversight Actors

Associated Students of Boise State University Governing Code

1.2 Efficiency and Social Justice

Declaration of Certification Practices Certificates of the General Council of Notaries

SUMMARY OF CHANGES IN ISO 9001:2008 (DRAFT INTERNATIONAL STANDARD)

Transcription:

A matinee of cryptographic topics 3 and 4 November 2014 1 A matinee of cryptographic topics

Questions How can you prove yourself? How can you shuffle a deck of cards in public? Is it possible to generate a ElGamal key pair such that nobody has any information about the public key, but still be able to find it without solving DLOG? How can Danish sugar beet farmers and buyers place bids in an auction and decide the answer but without revealing any info? Is it possible to flip a coin over the electric telephone? How many citations can you get from a two-page paper?

Oversikt 1 Final zero knowledge remarks 2 An application 3 Identification 4 Commitments 5 Secret sharing 3 A matinee of cryptographic topics

Final zero knowledge remarks Recap: Schnorr Public input: G = (g), G = q and h. Private input to P: a such that h = g a. Prover Verifier u r Z q α g u e r Z q r ae + u r g r =? αh e Question Can we use this for identification? Can we do it in a single round? α e 4 A matinee of cryptographic topics

Final zero knowledge remarks Fiat-Shamir heuristic Enter the random oracle model. Then any zero knowledge proof where the verifier only asks random questions can be turned into a non-interactive proof. Technique: Whenever the verifier should send a random value In theory: Ask the oracle for a value based on all previous data in the protocol. In practice: Use a hash function on all previous data 5 A matinee of cryptographic topics

Final zero knowledge remarks Fiat-Shamir(Schnorr) Let H be a cryptographic hash function. 1 u r Z q 2 α g u 3 e H(α) 4 r ae + u 5 Output (α, r) Verification: Check g r = αh H(α) Idea If H does just as good a job of selection something random, then it could just as well have been chosen by the verifier. Hence, the prover must know a such that g a = h. Key difference: The transcript cannot be simulated, hence it can be verified at any time. 6 A matinee of cryptographic topics

Let s get sidetracked for a moment... Prover γ r Zq ui wi ai Λ1 Λ2 r Zq r Zq r Zq k x ui i i=1 k z wi i y ui i i=1 bi ρi ui σi wi + b π(i) Γ g γ Ui g ui Wi Γ wi Ai g ai Ci Γ a π(i) Verifier r Λ1, Λ2, {Ai}, {Ci}, {Ui}, {Wi}, Γ ρi {0, 1} l {ρi} Bi g ρi U 1 i Di Γ b π(i) ri ai + λbi si a π(i) + λb π(i) {Di} λ {σi} λ r {0, 1} l Ri AiB λ i Si CiD λ i Φ1 Φ2 Γ σi k x ρi i i=1 k z σi i y ρi i i=1? = WiDi CP(log g h = log Φ1Λ1 Φ2Λ2) SS(Si = R γ π(i) )

M. Blum, 1986 An application Theorem Any theorem can be proven in zero knowledge. http://www.mathunion.org/icm/icm1986.2/main/icm1986.2. 1444.1451.ocr.pdf 8 A matinee of cryptographic topics

Identification How to prove yourself Authentication scheme Alice can prove to Bob that she is Alice, but someone else (Eve) cannot prove to Bob that she is Alice. Identification scheme Alice can prove to Bob that she is Alice, but Bob cannot prove to someone else that he is Alice. Signature scheme Alice can prove to Bob that she is Alice, but Bob cannot prove even to himself that he is Alice. (Further reading: Fiat, Shamir: How to prove yourself: Practical solutions to identification and signature problems) 9 A matinee of cryptographic topics

Commitments Section 4 Commitments 10 A matinee of cryptographic topics

Who gets the car? Commitments Alice chooses large primes p and q, both congruent to 3 modulo 4. b is chosen at random from {0, 1} Alice Bob p, q, n = pq n, x y y x 2 (mod n) a 2 0 a2 1 y a b (p, q) or If a b ±x, Alice wins. If a b ±x, Bob wins. Idea: gcd(x a b, n) will compute a nontrivial factor of n. 10 A matinee of cryptographic topics

Commitments More elegant solution Principles Bob must make a choice, and commit to it Alice flips the coin, announcing the result without knowing Bob s choice. Bob reveals his choice 11 A matinee of cryptographic topics

Examples Commitments We want to commit to x. g x Computationally hiding, unconditionally binding g x h r Unconditionally hiding, computationally binding (Pedersen) g x+r, h r ) Computationally hiding, unconditionally binding Question Can a scheme be both unconditionally hiding and binding? 12 A matinee of cryptographic topics

Secret sharing Section 5 Secret sharing 13 A matinee of cryptographic topics

Secret sharing http: //cs.jhu.edu/~sdoshi/crypto/papers/shamirturing.pdf 13 A matinee of cryptographic topics

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback