Verifying a Secret-Ballot Election with Cryptography
|
|
- Junior Hopkins
- 8 years ago
- Views:
Transcription
1 Verifying a Secret-Ballot Election with Cryptography Ben Adida PhD Thesis Defense Thesis Committee Ronald L. Rivest, Srini Devadas, Shafi Goldwasser 22 June 2006
2 Ostraka (sea shells)
3
4 Australian Ballot
5 The Breakfast Vote Croissant Eggs & Bacon Carl the Coercer Eggs&Bacon Lobby Valerie the Voter
6 Voting Interface Croissant Carl the Coercer Eggs&Bacon Lobby Valerie the Voter
7 The Ballot Handoff Croissant Eggs & Eggs & Bacon Bacon Croissant Croissant Croissant Valerie the Voter
8 The Cost of Secrecy
9 Chain of Custody Polling Location 4 3 Voting Machine 2 /* * source * code */ if (... 1 Vendor Valerie Results Ballot Box Collection
10 Secret ballots and transparency in government are mutually exclusive concepts. Lynn Landes - Nov evoting in Switzerland 95% of Geneva citizens vote by mail (and now Internet)
11 The Secret Ballot Matters Secret Ballot implemented in Chile in the secrecy of the ballot [...] has first-order implications for resource allocation, political outcomes, and social efficiency. [BalandRobinson 2004]
12 Secrecy vs. Audit-ability? Cryptography solves problems that seem contradictory. There s such a thing as just the right level of contradiction. Ronald L. Rivest (paraphrased)
13 End-to-End Verification [SRC81] Voting Machine /* * source * code */ if (... Vendor Polling Location Bulletin Board Results... Valerie 1 Receipt 2
14 A Bulletin Board? Bulletin Board Valerie: Croissant Vanessa: Croissant Victor: Eggs&Bacon Tally Croissant: 2 Eggs&Bacon: 1 Valerie
15 An Encrypted Bulletin Board! Bulletin Board Valerie: Croissant Vanessa: Croissant Ballot Casting Assurance Valerie Victor: Eggs&Bacon Tally Universal Verifiability Croissant: 2 Eggs&Bacon: 1
16 Crypto Voting Schemes decryption Valerie Vanessa encryption Encrypted Votes anonymization Victor Registration Database Results Tally
17 Contributions [ANa2006, ANb2006] decryption anonymization Valerie Vanessa encryption Encrypted Votes [AW2006] [AR2006] Victor Tally Registration Database Results
18 This Talk Introduction to Crypto Voting Scratch & Vote Public Mixing
19 Ryan Ballot [CRS2004, C2005] Croissant Eggs None Croissant Croissant Eggs Eggs None None 8c3859x0dfsw 8c3859x0dfsw Onion 8c3859x0dfsw
20 Onion Decryption Onion = Enc pk1 (r 1 ; Enc pk2 (r 2 ; Enc pk3 (r 3 ))) Croissant None Eggs Eggs Eggs None Eggs None r 1 r 2 r 3 Croissant Croissant Croissant None 8c3859x0dfsw 8c3859x0dfsw 8c3859x0dfsw 8c3859x0dfsw
21 Ryan Ballot: Verification Internet / Phone Bulletin Board Valerie Vanessa Victor 8c3859x0dfsw 8c3859x0dfsw b37c m4s6s Valerie the Voter Croissant Croissant Croissant Croissant Eggs Eggs Eggs NoneEggs None None None 8c3859x0dfsw 8c3859x0dfsw 8c3859x0dfsw 8c3859x0dfsw Verify half the ballots Ed the Election Official
22 What can we improve? Pre-voting auditing administrators involved for Ryan ballot individual voter verification unlikely Post-voting auditing administrators are highly involved
23 [B85, BT86, P99] Homomorphic Counters Vote for Croissant Vote for Eggs&Bacon Vote for None # US eligible voters < 2 28 (28 bits) Paillier Plaintext = 1024 bits
24 Scratch & Vote Ballot r 1 r 2 r 3 Croissant Eggs None Enc pk (2 56 ; r 1 ) Enc pk (2 28 ; r 2 ) Enc pk (2 0 ; r 3 ) Scratch Surface 2D barcode
25 Pre-Voting Verification Croissant None Eggs Croissant None Eggs Vote Valerie the Voter Audit
26 Casting Croissant Eggs None Croissant Croissant Eggs Eggs None None
27 Post-Voting Verification Internet / Phone Bulletin Board Valerie Vanessa Victor Valerie the Voter
28 Tally Bulletin Board Valerie Vanessa Victor Homomorphic Addition Single Decryption Croissant: 2 Eggs & Bacon: 1
29 Issues Under the Rug Voter/Official Collusion NIZK on bboard Casting a Ballot Pre/Double Tear More than one race? Chaum ballot Ballot Printers know the candidate orders Working on that!
30 This Talk Introduction to Crypto Voting Scratch & Vote Public Mixing
31 El Gamal Reencryption sk = x mod q pk = y = g x mod p Enc pk (m; r) = (α, β) = (g r, m y r ) Dec sk (c) = β α x Reenc pk (c; r ) = c Enc pk (1, r ) = (g r+r, m y r+r )
32 Reencryption Mixnet [PIK93, SK94] France USA Switzerland Each mix server shuffles and reencrypts inputs.
33 Proving the Mix [Neff2001, FS2001,...] c 1 c 1 c 2 c c i = Reenc(c π(i), r i) c n France c n ZKPoK [ π, {r i} ] France can t cheat! π and{r i} stay private!
34 Private vs. Public Private π, {r i} Public c 1 c 1 c 2 c 2... P... c n c n what if we could replace the private mixnet with a public program?
35 So What? c 1 π, {r i} c 1 c 2 c 2... P... c n c n public program anyone can run it pre-proven all proofs before mixing unbiased leaking permutation and random factors are fixed before inputs are provided. That s great, but can it really be done? [BG+2001, GK2005]
36 [BGN2005] BGN Cryptosystem G 1, G 2, order n = p 1 p 2 e : G 1 G 1 G 2 e(g a, h b ) = e(g, h) ab g a h b e Z ab G 1 G 2 pk = (n, g, h = u p 1 ) sk = p 2 Enc Dec sk (c) = log g (c p 2 pk (m) = g m h r ) p 2 Enc pk (m 1 ) Enc pk (m 2 ) = Enc pk (m 1 + m 2 ) e(enc pk (m 1 ), Enc pk (m 2 )) = Enc pk (m 1 m 2 )
37 Oblivious Cancellation / Selection Enc pk (m) Enc pk (0) = Enc pk (0) Enc pk (m) Enc pk (1) = Enc pk (m) Enc pk (0) and Enc pk (1) are indistinguishable Clearly Useful for PIR and OT [BGN2005]. In fact, it s more powerful still.
38 Matrix Multiplication a a 1l a a 2l..... b b 1n b b 2n..... = c c 1n c c 2n..... a n1... a nl b l1... b ln c m1... c mn c ij = l a ik b kj k=1 Degree is exactly 2: only one multiplication!
39 Homomorphic MM m 1 m 2 m 3 m 4 m 5 = m 3 m 1 m 5 m 2 m 4 Homomorphic matrix multiplication by an encrypted permutation matrix = Mixing!
40 Public Mixing Private π {r i } Public c 1 c P = c 1 c 2... c n c n
41 A Taste of the Proofs Deterministic Mixing functionality permutation-indistinguishable by a hybrid argument on semantic security. Proof of Correct Obfuscation simulator creates its own mixing matrix semantic security, thus adversary cannot distinguish
42 Why Did We Succeed? [BG+2001, GK2005] tell us generic obfuscation is hard. Functionality defined on the plaintexts; we re only dealing with ciphertexts covers of encryption We don t know that this is really a permutation matrix! We must prove correct functionality.
43 Proving the Matrix is an encrypted permutation matrix? Straight-forward proof: Use Proof of Partial Knowledge [CDS94] to show that each element is either 0 or 1. Homomorphically compute the row and column sums and prove that they re all equal to 1. n 2 proofs. Uggh.
44 Proving the Matrix (better) r 1... = c r n c n Proof by Random Vector Challenge Well-known techniques, O(n). n 2 computation, O(n) proof.
45 Mixing more than once? France USA Not with BGN bilinear map... Only one multiplication.
46 Distributed Generation France USA Use a Mixnet to shuffle the matrix rows Prove each one using Random Vector Test Remember, this is still before the inputs to mix are available.
47 Encapsulated Mixing Capture the actions of the various mixers. Prove that everything went well. Replay them on the encrypted votes when they re available.
48 [DJ2001] Generalized Paillier Enc pk (m) = g m r n mod n 2, m Z n Enc pk,2 (m) = h m r n2 mod n 3, m Z n 2 Enc pk,2 (Enc pk (m)) = h gm r n r n2 mod n 3 c = Enc pk (m) [ ] c Encpk,2 (0) = Encpk,2 (0) [ Encpk,2 (Enc pk (0)) ] c = Encpk,2 (c)
49 GP Homomorphisms 0 m = m 0 = 0 0 m = m 0 = 0 + m = m m 0 = 0+ m = m
50 GP Public Mixing m 1 m 2 m 3 = m 4 m 5 m 31 m 12 m 53 m 2 m 4 m 4 m 5 Full-length plaintexts Faster computation (modexp vs. BM) But... longer proofs (double discrete log) Composable via multiple layering?
51 Contributions Education Introduction to Crypto Voting Mixnet Review Ballot Casting Assurance [ANa2006] Practice Scratch & Vote [AR2006] Theory Public Mixing [AW2005] Assisted Human Interactive Proofs [ANb2006]
52 The Promise of Crypto Voting 1. Secrecy AND Audit-ability 2. End-to-end Verification
53 What s Holding This Up? Education remote voting is dangerous crypto is integral, so trust your cryptographer? Recovery if you know what went wrong, then you have to fix it. Future Research: recovery-centric schemes
54 So what next? New voting laws should encourage research and pilot deployments of direct voter verifiable voting techniques. VVPAT only is a missed opportunity.
55 Thanks!! Ron Shafi, Srini Andy, David, Douglas, Susan, David Steven, Seth, Rafael, Chris, Ran, Guy Hal, Danny, Eric, Ralph Zak, Ken, Pete Rita, Mom, Dad, Claire, Juliette
56 Questions?
A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract)
A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract) Zhe Xia University of Surrey z.xia@surrey.ac.uk Steve Schneider University of Surrey s.schneider@surrey.ac.uk May 25, 2006 Abstract
More informationVerifiable Voting Systems
Chapter 69 Verifiable Voting Systems Thea Peacock 1, Peter Y. A. Ryan 1, Steve Schneider 2 and Zhe Xia 2 1 University of Luxembourg 2 University of Surrey 1 Introduction The introduction of technology
More informationInternet Voting Protocols with Everlasting Privacy
Internet Voting Protocols with Everlasting Privacy Jeroen van de Graaf Joint work with Denise Demirel e Roberto Samarone jvdg@dccufmgbr Lleida, July 2013 Jeroen van de Graaf Joint work with Denise Demirel
More informationBallot Casting Assurance
Ballot Casting Assurance Ben Adida MIT C. Andrew Neff VoteHere Abstract We propose that voting protocols be judged in part on ballot casting assurance, a property which complements universal verifiability.
More informationLe vote électronique : un défi pour la vérification formelle
Le vote électronique : un défi pour la vérification formelle Steve Kremer Loria, Inria Nancy 1 / 17 Electronic voting Elections are a security-sensitive process which is the cornerstone of modern democracy
More informationE-Democracy and e-voting
E-Democracy and e-voting How to make them secure and transparent August 2013 Jordi Puiggali CSO and SVP R&D Jordi.puiggali@scytl.com Index Introduction e-democracy Security and Transparency in e-voting
More informationEnd-to-End Verifiability for Optical Scan Voting Systems. Emily Shen
End-to-End Verifiability for Optical Scan Voting Systems by Emily Shen Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree
More informationReceipt-Free Homomorphic Elections and Write-in Voter Verified Ballots
Receipt-Free Homomorphic Elections and Write-in Voter Verified Ballots Alessandro Acquisti April 2004 CMU-ISRI-04-116 Institute for Software Research International and H. John Heinz III School of Public
More informationVoteID 2011 Internet Voting System with Cast as Intended Verification
VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could
More informationVinodu George 1 and M P Sebastian 2. vinodu.george@gmail.com. sebasmp@nitc.ac.in
Vinodu George 1 and M P Sebastian 2 1 LBS College of Engineering, Kasaragod, Kerala, India vinodu.george@gmail.com 2 National Institute of Technology, Calicut, Kerala, India sebasmp@nitc.ac.in ABSTRACT
More informationOn Coercion-Resistant Electronic Elections
On Coercion-Resistant Electronic Elections with Linear Work Stefan G. Weber, Roberto Araújo, Johannes Buchmann Darmstadt University of Technology Department of Computer Science Hochschulstrasse 10, 64289
More informationElectronic Voting Protocol Analysis with the Inductive Method
Electronic Voting Protocol Analysis with the Inductive Method Introduction E-voting use is spreading quickly in the EU and elsewhere Sensitive, need for formal guarantees Inductive Method: protocol verification
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationGeneral Framework of Electronic Voting and Implementation thereof at National Elections in Estonia
Electronic Voting Committee General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia Document: IVXV-ÜK-0.98 Date: 23 May 2016 Tallinn 2016 Annotation This paper
More informationCryptographic Voting Protocols: A Systems Perspective
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner {ckarlof, nks, daw}@cs.berkeley.edu University of California, Berkeley Abstract Cryptographic voting protocols
More informationCryptography: Authentication, Blind Signatures, and Digital Cash
Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,
More informationSecure Electronic Voting
7 th Computer Security Incidents Response Teams Workshop Syros,, Greece, September 2002 Secure Electronic Voting New trends, new threats... Prof.. Dr. Dimitris Gritzalis Dept. of Informatics Athens University
More informationHow to prove security of communication protocols?
1/37 Introduction on security protocols Modeling Verification Towards cryptographic guarantees How to prove security of communication protocols? Véronique Cortier, LORIA - CNRS, Nancy Colloquium Morgenstern,
More informationEfficient construction of vote-tags to allow open objection to the tally in electronic elections
Information Processing Letters 75 (2000) 211 215 Efficient construction of vote-tags to allow open objection to the tally in electronic elections Andreu Riera a,,joseprifà b, Joan Borrell b a isoco, Intelligent
More informationPrivacy and Security in Cloud Computing
Réunion CAPPRIS 21 mars 2013 Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧnen Slide 1 Cloud computing Idea: Outsourcing Ø Huge distributed data centers Ø Offer storage and computation Benefit:
More informationComputing on Encrypted Data
Computing on Encrypted Data Secure Internet of Things Seminar David Wu January, 2015 Smart Homes New Applications in the Internet of Things aggregation + analytics usage statistics and reports report energy
More informationCryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.
72 Int. J. Electronic Governance, Vol. 3, No. 1, 2010 Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol Vahid Jahandideh and Amir S. Mortazavi Department
More informationReusable Anonymous Return Channels
Reusable Anonymous Return Channels Philippe Golle Stanford University Stanford, CA 94305, USA pgolle@cs.stanford.edu Markus Jakobsson RSA Laboratories Bedford, MA 01730, USA mjakobsson@rsasecurity.com
More informationAn Electronic Voting System Based On Blind Signature Protocol
CSMR, VOL. 1, NO. 1 (2011) An Electronic Voting System Based On Blind Signature Protocol Marius Ion, Ionuţ Posea University POLITEHNICA of Bucharest Faculty of Automatic Control and Computers, Computer
More informationAn electronic scheme for the Farnel paper-based voting protocol
An electronic scheme for the Farnel paper-based voting protocol R. Araújo 1, R. Custódio 2, A. Wiesmaier 1, and. akagi 3 1 echnische Universität Darmstadt, Germany 2 George Washington University, USA 3
More informationLecture 3: One-Way Encryption, RSA Example
ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require
More informationOnline Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.
New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles. Introduction. Since 2001 T-Systems made research on secure online voting systems
More informationReal World Experiences with Bingo Voting and a Comparison of Usability
Real World Experiences with Bingo Voting and a Comparison of Usability Michael Bär 1, Christian Henrich 1, Jörn Müller-Quade 1, Stefan Röhrich 2 and Carmen Stüber 1 1 Institut für Algorithmen und Kognitive
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationLecture 17: Re-encryption
600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationMessage Authentication Code
Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44
More informationA Survey of Current Secret-Ballot Systems David Chaum
A Survey of Current Secret-Ballot Systems David Chaum WOTE ANALYSIS Outline Models, Taxonomy of Tools, Key Technologies, Paradigms, Composition, etc SYSTEMS Mainstream US deployed (with comparison) New/proposed
More informationA Secure and Efficient Voter-Controlled Anonymous Election Scheme
A Secure and Efficient Voter-Controlled Anonymous Election Scheme Thomas E. Carroll Dept. of Computer Science Wayne State University 5143 Cass Avenue, Detroit, MI 48202. tec@cs.wayne.edu Daniel Grosu Dept.
More information(personal) Lessons from Brazil's pioneering experience with e-vote
sep 2007 Mexico (personal) Lessons from Brazil's pioneering experience with e-vote Prof. Pedro A. D. Rezende Computer Science University of Brasília Colaboration: Forum do Voto Seguro - CIVILIS It's not
More informationSecure Computation Martin Beck
Institute of Systems Architecture, Chair of Privacy and Data Security Secure Computation Martin Beck Dresden, 05.02.2015 Index Homomorphic Encryption The Cloud problem (overview & example) System properties
More informationUniversity of Surrey (VEC) Requirements Specification
University of Surrey Software Requirements Specification for VEC vvote System Department of Computing Matthew Casey, Chris Culnane, James Heather and Steve Schneider July 5, 2013 Computing Sciences Report
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationVerification and Validation Issues in Electronic Voting
Verification and Validation Issues in Electronic Voting Orhan Cetinkaya 1, and Deniz Cetinkaya 2 1 Institute of Applied Mathematics, METU, Ankara, Turkey 2 Computer Engineering, METU, Ankara, Turkey e113754@metu.edu.tr
More informationTalk announcement please consider attending!
Talk announcement please consider attending! Where: Maurer School of Law, Room 335 When: Thursday, Feb 5, 12PM 1:30PM Speaker: Rafael Pass, Associate Professor, Cornell University, Topic: Reasoning Cryptographically
More informationAnalysis of an internet voting protocol
Analysis of an internet voting protocol Kristian Gjøsteen March 9, 2010 Abstract The Norwegian government will trial internet voting in the 2011 local government elections. We describe and analyse a simplified
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationA Linked-List Approach to Cryptographically Secure Elections Using Instant Runoff Voting
A Linked-List Approach to Cryptographically Secure Elections Using Instant Runoff Voting Jason Keller and Joe Kilian Abstract. Numerous methods have been proposed to conduct cryptographically secure elections.
More informationKEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data
More informationDealing Cards in Poker Games
1 Dealing Cards in Poker Games Philippe Golle Palo Alto Research Center pgolle@parc.com Abstract This paper proposes a new protocol for shuffling and dealing cards, that is designed specifically for games
More informationObfuscated Ciphertext Mixing
Obfuscated Ciphertext Mixing Ben Adida and Douglas Wikström Abstract. Mixnets are a type of anonymous channel composed of a handful of trustees that, each in turn, shuffle and rerandomize a batch ciphertexts.
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationArnab Roy Fujitsu Laboratories of America and CSA Big Data WG
Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 Security Analytics Crypto and Privacy Technologies Infrastructure Security 60+ members Framework and Taxonomy Chair - Sree Rajan, Fujitsu
More informationBoosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data
Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data Dario Catalano 1 and Dario Fiore 2 1 Dipartimento di Matematica e Informatica, Università di Catania, Italy. catalano@dmi.unict.it
More informationVerifiable Outsourced Computations Outsourcing Computations to Untrusted Servers
Outsourcing Computations to Untrusted Servers Security of Symmetric Ciphers in Network Protocols ICMS, May 26, 2015, Edinburgh Problem Motivation Problem Motivation Problem Motivation Problem Motivation
More informationTackling The Challenges of Big Data. Tackling The Challenges of Big Data Big Data Systems. Security is a Negative Goal. Nickolai Zeldovich
Introduction is a Negative Goal No way for adversary to violate security policy Difficult to achieve: many avenues of attack 1 Example: Confidential Database Application server Database server Approach:
More informationPost-Quantum Cryptography #4
Post-Quantum Cryptography #4 Prof. Claude Crépeau McGill University http://crypto.cs.mcgill.ca/~crepeau/waterloo 185 ( 186 Attack scenarios Ciphertext-only attack: This is the most basic type of attack
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationAnalysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract)
Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract) Orhan Cetinkaya Institute of Applied Mathematics, METU, Ankara, Turkey e113754@metu.edu.tr Abstract Electronic voting
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationPrivacy Preserving Similarity Evaluation of Time Series Data
Privacy Preserving Similarity Evaluation of Time Series Data Haohan Zhu Department of Computer Science Boston University zhu@cs.bu.edu Xianrui Meng Department of Computer Science Boston University xmeng@cs.bu.edu
More informationSELS: A Secure E-mail List Service *
SELS: A Secure E-mail List Service * Himanshu Khurana NCSA Work done with Adam Slagell and Rafael Bonilla * To appear in the Security Track of the ACM Symposium of Applied Computing (SAC), March 2005.
More informationLecture 25: Pairing-Based Cryptography
6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: Pairing-Based Cryptography Scribe: Ben Adida 1 Introduction The field of Pairing-Based Cryptography
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationThe Vector-Ballot E-Voting Approach
The Vector-Ballot E-Voting Approach Aggelos Kiayias 1 and Moti Yung 2 1 Computer Science and Engineering, University of Connecticut Storrs, CT, USA. aggelos@cse.uconn.edu 2 Computer Science, Columbia University
More informationWalter Fumy discusses the importance of IT security standards in today s world and the role that SC 27 plays in this field.
27, IT Security Techniques An Interview with Walter Fumy, Chairman of ISO/IEC JTC 1/SC Walter Fumy discusses the importance of IT security standards in today s world and the role that SC 27 plays in this
More informationFully homomorphic encryption equating to cloud security: An approach
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 9, Issue 2 (Jan. - Feb. 2013), PP 46-50 Fully homomorphic encryption equating to cloud security: An approach
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationMESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC
MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial
More informationKeywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.
Volume 5, Issue 3, March 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Identity Based
More informationCryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur
Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)
More informationHelios: Web-based Open-Audit Voting
Helios: Web-based Open-Audit Voting Ben Adida ben adida@harvard.edu Harvard University Abstract Voting with cryptographic auditing, sometimes called open-audit voting, has remained, for the most part,
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru
More informationLecture 2: Complexity Theory Review and Interactive Proofs
600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography
More informationCS3235 - Computer Security Third topic: Crypto Support Sys
Systems used with cryptography CS3235 - Computer Security Third topic: Crypto Support Systems National University of Singapore School of Computing (Some slides drawn from Lawrie Brown s, with permission)
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 14: More on vulnerability and exploits, Fully homomorphic encryption Eran Tromer Slides credit: Vinod Vaikuntanathan (U. Toronto)
More informationSecure Deduplication of Encrypted Data without Additional Independent Servers
Secure Deduplication of Encrypted Data without Additional Independent Servers Jian Liu Aalto University jian.liu@aalto.fi N. Asokan Aalto University and University of Helsinki asokan@acm.org Benny Pinkas
More informationSeparations in Circular Security for Arbitrary Length Key Cycles. Venkata Koppula! Kim Ramchen! Brent Waters
Separations in Circular Security for Arbitrary Length Key Cycles Venkata Koppula! Kim Ramchen! Brent Waters Circular Security Circular Security Circular Security Choose pk, sk! Encrypt using pk! Circular
More informationA Reputation System to Increase MIX-net Reliability
A Reputation System to Increase MIX-net Reliability Roger Dingledine 1, Michael J. Freedman 2, David Hopwood 3, and David Molnar 4 1 Reputation Technologies, Inc. 2 Massachusetts
More informationSecret Ballot Elections with Unconditional Integrity
Secret Ballot Elections with Unconditional Integrity David Chaum, Jeroen van de Graaf, Peter Y. A. Ryan, Poorvi L. Vora Abstract This paper presents a voting scheme that allows voters to verify that their
More informationAn Anonymous Endorsement System
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 18, 107-114 (2002) Short Paper An Anonymous Endorsement System Department of Electrical Engineering National Taiwan University Taipei, 106 Taiwan E-mail:
More informationEfficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks
Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks J. M. BAHI, C. GUYEUX, and A. MAKHOUL Computer Science Laboratory LIFC University of Franche-Comté Journée thématique
More informationE2E to Hand-to-Eye Verifiability, Trust, Audits
E2E to Hand-to-Eye Verifiability, Trust, Audits Philip B. Stark Department of Statistics University of California, Berkeley VoteID 13 University of Surrey Guildford, England 17 19 July 2013 Credit and
More informationProofs in Cryptography
Proofs in Cryptography Ananth Raghunathan Abstract We give a brief overview of proofs in cryptography at a beginners level. We briefly cover a general way to look at proofs in cryptography and briefly
More informationRemote (Internet) Voting in Digital India
Remote (Internet) Voting in Digital India Ideas for today and tomorrow National Conference on Remote Voting (NCRV) 2015 20-21 st July 2015 @IITM, Meghdoot, Pune The fundamental challenge in public voting
More informationOutsourcing the Decryption of ABE Ciphertexts
Outsourcing the Decryption of ABE Ciphertexts Matthew Green and Susan Hohenberger Johns Hopkins University Brent Waters UT Austin Background A problem Securing records in a data-sharing environment E.g.,
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationA Privacy Preserving of Composite Private/Public Key in Cloud Servers
A Privacy Preserving of Composite Private/Public Key in Cloud Servers O Sri Nagesh PhD Scholar, Department of CSE, Lingaya s University, Faridabad ABSTRACT Security is a term used to provide secrecy of
More informationMACs Message authentication and integrity. Table of contents
MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and
More informationComparison of e-voting schemes: Estonian and Norwegian solutions
Comparison of e-voting schemes: Estonian and Norwegian solutions M J Morshed Chowdhury morshed@ut.ee NordSecMob, University of Tartu Abstract. In October 2005, Estonia organized countrywide remote e- voting.
More informationSecurity Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012
Security Aspects of Database Outsourcing Dec, 2012 Vahid Khodabakhshi Hadi Halvachi Security Aspects of Database Outsourcing Security Aspects of Database Outsourcing 2 Outline Introduction to Database
More information1 Construction of CCA-secure encryption
CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong 10 October 2012 1 Construction of -secure encryption We now show how the MAC can be applied to obtain a -secure encryption scheme.
More informationNEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA
THE PUBLISHING HOUSE PROCEEDINGS OF THE ROMANIAN ACADEMY, Series A, OF THE ROMANIAN ACADEMY Volume 14, Number 1/2013, pp. 72 77 NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA Laurenţiu BURDUŞEL Politehnica
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationMulti-Authority Secret-Ballot Elections with Linear Work
In Advances in Cryptology EUROCRYPT 96, Vol. 1070 of Lecture Notes in Computer Science, Springer-Verlag, 1996. pp. 72-83. Multi-Authority Secret-Ballot Elections with Linear Work Ronald Cramer Matthew
More informationHow To Protect Your Data From Attack
Security in Communication Networks Lehrstuhl für Informatik 4 RWTH Aachen Prof. Dr. Otto Spaniol Dr. rer. nat. Dirk Thißen Page 1 Organization Lehrstuhl für Informatik 4 Lecture Lecture takes place on
More informationProfessor Radha Poovendran EE Department, University of Washington, Seattle, WA & Professor Dawn Song EECS Department, University of California,
Professor Radha Poovendran EE Department, University of Washington, Seattle, WA & Professor Dawn Song EECS Department, University of California, Berkeley, CA 1 Summer School Objectives Exposure to current
More informationEfficient Receipt-Free Voting Based on Homomorphic Encryption
Efficient Receipt-Free Voting Based on Homomorphic Encryption Martin Hirt 1 and Kazue Sako 2 1 ETH Zurich, Switzerland hirt@inf.ethz.ch 2 NEC Corporation, Japan sako@ccm.cl.nec.co.jp Abstract. Voting schemes
More informationPrivacy-preserving Data Mining: current research and trends
Privacy-preserving Data Mining: current research and trends Stan Matwin School of Information Technology and Engineering University of Ottawa, Canada stan@site.uottawa.ca Few words about our research Universit[é
More information