Efficient construction of vote-tags to allow open objection to the tally in electronic elections

Size: px
Start display at page:

Download "Efficient construction of vote-tags to allow open objection to the tally in electronic elections"

Transcription

1 Information Processing Letters 75 (2000) Efficient construction of vote-tags to allow open objection to the tally in electronic elections Andreu Riera a,,joseprifà b, Joan Borrell b a isoco, Intelligent Software Components, Sant Cugat del Vallès, Spain b CCD, Department of Computer Science, Universitat Autònoma de Barcelona, Bellaterra, Spain Received 8 July 1999; received in revised form 24 May 2000 Communicated by F.B. Schneider Abstract Electronic voting schemes usually use voting receipts to assure accuracy and verifiability of the tally. A traditional voting receipt consists of the blind signature of the voter s ballot made by the voting centre. However, this construction forces the voter to reveal in which way he/she voted in case an objection to the tally is done. The mechanism of vote-tags solves this problem, allowing open objection to the tally. Nonetheless, previous proposals for vote-tags imply high computation costs. In this paper we propose an efficient method to construct vote-tags, based on one-way hash functions Elsevier Science B.V. All rights reserved. Keywords: Cryptography; Electronic voting schemes; Vote-tags; Blind signatures; One-way hash functions 1. Introduction The objective of secure electronic voting schemes is to conduct elections over general-purpose and open computer networks. During the ballot collecting process, eligible voters use the computer network to cast their votes. After a predetermined time, the voting centre stops accepting votes. The counting process is initiated and, finally, the tally is published. One of the security requirements involved in the design of electronic voting schemes is verifiability.there are two definitions of verifiability, universal verifiability and individual verifiability. A voting scheme is uni- This work has been partially funded by the Spanish Government Commission CICYT, through its grant TEL Corresponding author. addresses: (A. Riera), (J. Rifà), (J. Borrell). versally verifiable if anyone can independently verify that all ballots have been counted correctly. A voting scheme is individually verifiable (a weaker definition) if voters can independently verify that their own ballots have been counted correctly. In any case, if some inaccuracies have been introduced into the tally, it must be possible to detect them and prove the forgery. The majority of voting schemes use a mix-net [1] as an anonymous channel from voters to voting centre, to assure the voter s privacy. To achieve universal verifiability in these mix-based schemes is not straightforward. In contrast, individual verifiability is solved in a simple manner by means of voting receipts. A voting receipt is a proof that any voter obtains at voting time from the voting centre, certifying that his or her particular ballot has been accepted. In case that the ballot is modified or it just does not appear when the tally is finally published, the affected voter can use the vot /00/$ see front matter 2000 Elsevier Science B.V. All rights reserved. PII: S (00)

2 212 A. Riera et al. / Information Processing Letters 75 (2000) ing receipt to prove the fraud to any third party. Voting receipts do not prevent the voting centre from adding invalid ballots to the tally on behalf of abstaining voters. This attack has to be counteracted by additional measures outside the scope of this paper. The most efficient method to obtain the required voting receipts without sacrificing the voter s privacy, is by using blind signatures [2]. Blind signatures allow some party to get a message digitally signed by another party, without revealing any information about the message to the signer. This concept can be demonstrated using RSA signatures [6] as follows. Suppose Alice has a message m that she wishes to have signed by Bob, and she does not want Bob to learn anything about m. Let(n, e) be Bob s RSA public key and (n, d) be his private key. Alice generates a random value r (called a blinding factor), such that gcd(r, n) = 1. Alice sends to Bob m = r e m mod n. Since the value m is blinded by the random value r, Bob cannot derive useful information from it. Bob returns the signed value s = (m ) d = (r e m) d mod n to Alice. Since s = r m d mod n, Alice can obtain the true signature s of m by computing s = s r 1 mod n. Now Alice s message m has a signature she could not have obtained on her own. Moreover, even though the signature itself is secure provided that factoring remains difficult, the signature is still unconditionally blind since r is random. Voting receipts can therefore be easily obtained through the blind signature of the respective votes, made by the voting centre. After a voter has obtained his or her voting receipt, the mix-net is used to send the vote in readable (i.e., not blinded) form to the voting centre, together with a copy of the voting receipt. This scheme avoids unauthorized voters from voting (and authorized voters from voting more than once), and blind signatures ensure non-relativity between anonymously received ballots and previously signed voting receipts. However, if voting receipts are constructed in this way, a public objection to the tally would reveal the exact vote that was cast by the claiming voter. The problem is that each voter has been certified to his or her vote, which turns out to be the only evidence for his or her claim afterwards. To solve this inconvenience, Sako [7] proposed a slightly different construction of voting receipts. The main idea is that the voter should obtain certification for something that does not reflect his opinion. Such piece of data was named vote-tag. We will use the same denomination. The mechanism devised in previous schemes to construct vote-tags has a serious practical disadvantage which makes the ballot casting protocol inconvenient for the voter. In this paper we propose an efficient method to construct vote-tags, based on one-way hash functions. Section 2 explains previous models for constructing vote-tags, and their disadvantages. Section 3 describes our solution. Finally, Section 4 contains the concluding remarks. 2. Previous construction of vote-tags The objective of a voting receipt is to prevent the voting centre from creating a different valid vote with the same voting receipt. In addition, voting receipts based on vote-tags pretend that their publication does not disclose which are the related votes. Therefore, a vote-tag must be a piece of data, intrinsically linked to a certain vote, but that still reveals no information about it. More formally, vote-tags must fulfill two compulsory conditions: (1) A vote has to be bound to the corresponding votetaginsuchawaythatitishardforattackers,given a particular vote, to find another vote which can be linked to the same vote-tag. (2) Given a particular vote-tag, it has to be hard to disclose the related vote. To reach these objectives, Sako [7] adopts the concept of digital signature. The voter generates a random asymmetric key pair during the ballot casting protocol. The public key represents the vote-tag that has to be blindly certified by the voting centre. The desired vote is then signed with the corresponding private key. The vote, its signature, and the public verification key (vote-tag previously certified by the voting centre) are jointly sent to the voting centre through the mix-net. This construction fulfills the conditions presented above. Firstly, to create two valid votes linked to the same vote-tag requires knowledge

3 A. Riera et al. / Information Processing Letters 75 (2000) of the voting private key used in the signature of the vote. Only the voter has this knowledge. Secondly, it is obvious that a random public key alone does not reveal any information about the vote. When the tally is published, all accepted votes with the corresponding vote-tags have to appear. If a particular vote was not counted, then the affected voter would open his or her authorized vote-tag claiming it has not been properly treated. Since even the voting centre cannot modify a received ballot to a different vote using the same public key (first property of votetags), the key can be used as an evidence in making objection to the tally. From the vote-tag, no one would know in which way the voter voted (second property.) Besides [7], another proposal of voting scheme allowing open objection to the tally appeared in [3]. However, the construction of vote-tags is essentially the same. As a difference, the authors propose that the random asymmetric key pairs used to construct the vote-tags could be generated by voters during a registration phase preceding the election. Such phase would serve for several elections. However, there is the added difficulty of assuring the security of the voting private key during that time. Furthermore, if a voter makes a public objection to the tally, the voting asymmetric key pair has to be regenerated and recertified again. In addition, once a voter has obtained a blindly certified voting public key valid for several elections, it would not be easy to remove him or her from the electoral roll. 3. Vote-tags constructed through one-way hash functions The use of digital signatures for the vote-tag mechanism has a practical problem: the generation of a pair of asymmetric keys requires significant time. This could seem a little inconvenience. Nonetheless, the problem becomes serious in practice because practical applications of blind signatures have to consider the use of cut-and-choose techniques [8], which would force the voter to generate many pairs of asymmetric keys. The aim of cut-and-choose techniques in blind signature protocols is to protect the signer, preventing the signature of a malicious message. In our case, the voter should send to the voting centre a certain number, say p, of blinded messages. The voting centre chooses at random one of the received messages and requests the voter to reveal the blinding factor of all other messages. By unblinding the messages and checking that all p 1 unblinded messages are inoffensive, the voting centre is convinced that the message that remains still blinded is inoffensive too. The probability of the voter successfully getting the signature of the voting centre of a malicious message is 1/p, which can be made sufficiently small. To reduce the computation costs of generating p different vote-tag candidates, we suggest a new votetag construction method based on one-way hash functions. A vote-tag candidate can be constructed by appending a random string to the vote and computing the digest of the resulting data through a one-way hash function. A vote-tag of this kind fulfills the required conditions because of the properties of oneway hash functions. This construction method is at least three orders of magnitude faster than the generation of an asymmetric key pair. The standard for one-way hash functions, SHA [5], reaches the speed rate of 75 Kbytes per second on a 33 MHz 486SX [8]. This means that, assuming the concatenation of the vote and the random padding is shorter than 512 bits, 1,000 vote-tag candidates can be constructed in approximately one second. In contrast, key generation for 512-bit modulo DSA [4] (which is faster than for RSA) takes about 10 seconds [8]. To generate 1,000 vote-tag candidates in this case requires approximately three hours, which is clearly impractical. To demonstrate the effectiveness of our model of vote-tags, we will use the scheme proposed in [7] as a basis, but additionally considering the need for cutand-choose techniques and substituting the original vote-tag model by the one proposed in this paper. The following notation is used in the presentation of the resulting voting protocol: V : Veronica, a particular voter. VC: Voting centre. H {M}: The digest of message M obtained through a one-way hash function. M 1 M 2 : Concatenation of messages M 1 and M 2. [M] BF : Message M blinded with blinding factor BF. S entity (M): The digital signature of message M created with the private key of entity. M : Message M sent through an anonymous channel (mix-net).

4 214 A. Riera et al. / Information Processing Letters 75 (2000) Bilateral authentication and key exchange protocol Step 1 Step 2 [H {vote rand i } ident] BF i i = 1,...,p Step 3 j {1...p} Step 4 BF i i = 1,...,p, i j Step 5 S VC ([H {vote rand j } ident] BF j ) Step 6 vote, rand j,s VC (H {vote rand j } ident) Fig. 1. Ballot casting protocol. vote: A data string which uniquely identifies one of the voting options. ident: A data string identifying the current election (e.g., the date). rand: A random data string of a certain length. Fig. 1 summarizes the steps of the voting protocol. The interaction between Veronica and the voting centre starts with the establishment of a security context for the voting session. This first step consists of a bilateral authentication and an authenticated key exchange which allows for further data interchanges using message authenticity, integrity and confidentiality services. Due to the initial authentication, the voting centre gains assurance of the identity of Veronica. The electoral roll has then to be consulted by the voting centre to check whether Veronica is an eligible voter and whether she has not voted yet. After Veronica has been authenticated and following the consultation of the electoral roll, Veronica can eventually be authorized to proceed. Veronica constructs p vote-tag candidates (for the blind signature s cut-and-choose technique) by generating p different random strings and by computing p digests of her vote concatenated with those random strings. The identifier of the current election is appended to all these p vote-tag candidates. The resulting data structures are all blinded by Veronica using different random blinding factors. Finally, they are sent to the voting centre in Step 2. The voting centre requires in Step 3 that Veronica reveals p 1of the blinding factors used. This is done by Veronica in Step 4. The voting centre can then unblind the respective messages and verify that all unblinded messages

5 A. Riera et al. / Information Processing Letters 75 (2000) are of the correct form: a digest produced by a oneway hash function (no two digests are equal, due to the random padding) together with the current election s identifier. The privacy of Veronica s vote is assured since only digests of the vote with some random padding become known. These unblinded messages are discarded and of no use afterwards. The voting centre signs the still blinded candidate and sends this blind signature to Veronica in Step 5. From the received blind signature, Veronica is able to obtain the true signature of the voting centre of the original (unblinded) message. This signature, S VC (H {vote rand j } ident), represents the voting receipt of Veronica, which validates her vote. The inclusion of the election s identifier in the voting receipt invalidates it for future elections. The random padding allows to distinguish between the ballots of any two voters who have chosen the same voting option. Immediately after Veronica receives her voting receipt, the voting centre should update the electoral roll, crossing off Veronica s entry. If she tries to vote again, her connection will be refused. In contrast with the solution proposed in [7], our scheme ensures that the voter is committed to his or her vote immediately after receiving the voting receipt. In practice, this prevents the voter from altering his or her choice in the time between obtaining the voting receipt and the actual casting of the validated ballot through the mix-net. The only difference this makes is the moment at which the voting software warns Veronica that her decision is about to be irrevocable. In our scheme this warning must appear immediately before applying for the voting receipt, rather than just before sending the ballot to the mix-net. Last step (number six) of the voting protocol consists of using the mix-net to send the validated ballot anonymously to the voting centre. The voting centre can use a time-out mechanism to get rid of those ballots that have been validated but are not finally cast by voters through the mix-net. Votes received by the voting centre from the mix-net are accumulated in readable form into the ballot box, allowing the future counting process. Even though the voting centre is not able to correlate clear-text received ballots with the blindly signed voting receipts, the validity of the ballots is still verifiable because of the signature they incorporate in the voting receipt. The received votes cannot be modified by the voting centre to the same voting receipts because of the properties of one-way hash functions. If the voting centre eliminated a ballot (vote and voting receipt) from the final tally, the fraud could be proved to any third party by the affected voter without revealing the vote cast, by openly showing the certified voting receipt. 4. Conclusions By using one-way hash functions to construct votetags, designers of mix-based electronic voting schemes may allow open objection to the tally at low computational cost. This design decision is specially important in case of implementable voting schemes. References [1] D. Chaum, Untraceable electronic mail, return addresses and digital pseudonyms, Comm. ACM 24 (1981) [2] D. Chaum, Blind signatures for untraceable payments, in: Crypto 82, Plenum Press, New York, 1983, pp [3] Q. He, Z. Su, A new practical secure e-voting scheme, in: IFIP SEC 98, Austrian Computer Society, 1998, pp [4] National Institute of Standards and Technology, NIST FIPS PUB 186: Digital signature standard, U.S. Department of Commerce, [5] Proposed federal information processing standard for secure hash standard, Federal Register 57 (21) (31 Jan. 1992) [6] R.L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Comm. ACM 21 (1978) [7] K. Sako, Electronic voting scheme allowing open objection to the tally, IEICE Trans. Fund. of Electronics, Comm. Comput. Sci. E77-A (1994) [8] B. Schneier, Applied Cryptography. Protocols, Algorithms, and Source Code in C, John Wiley & Sons, New York, 1996.

Cryptography: Authentication, Blind Signatures, and Digital Cash

Cryptography: Authentication, Blind Signatures, and Digital Cash Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,

More information

An Anonymous Endorsement System

An Anonymous Endorsement System JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 18, 107-114 (2002) Short Paper An Anonymous Endorsement System Department of Electrical Engineering National Taiwan University Taipei, 106 Taiwan E-mail:

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

An Electronic Voting System Based On Blind Signature Protocol

An Electronic Voting System Based On Blind Signature Protocol CSMR, VOL. 1, NO. 1 (2011) An Electronic Voting System Based On Blind Signature Protocol Marius Ion, Ionuţ Posea University POLITEHNICA of Bucharest Faculty of Automatic Control and Computers, Computer

More information

Security in Electronic Payment Systems

Security in Electronic Payment Systems Security in Electronic Payment Systems Jan L. Camenisch, Jean-Marc Piveteau, Markus A. Stadler Institute for Theoretical Computer Science, ETH Zurich, CH-8092 Zurich e-mail: {camenisch, stadler}@inf.ethz.ch

More information

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract)

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract) A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract) Zhe Xia University of Surrey z.xia@surrey.ac.uk Steve Schneider University of Surrey s.schneider@surrey.ac.uk May 25, 2006 Abstract

More information

A blind digital signature scheme using elliptic curve digital signature algorithm

A blind digital signature scheme using elliptic curve digital signature algorithm A blind digital signature scheme using elliptic curve digital signature algorithm İsmail BÜTÜN * and Mehmet DEMİRER *Department of Electrical Engineering, University of South Florida, Tampa, FL, USA Department

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

More information

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S. 72 Int. J. Electronic Governance, Vol. 3, No. 1, 2010 Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol Vahid Jahandideh and Amir S. Mortazavi Department

More information

Design and Implementation of a Secure Online Lottery System

Design and Implementation of a Secure Online Lottery System Design and Implementation of a Secure Online Lottery System Pramote Kuacharoen Department of Computer Science, Graduate School of Applied Statistics National Institute of Development Administration 118

More information

Digital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015

Digital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015 Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital

More information

VoteID 2011 Internet Voting System with Cast as Intended Verification

VoteID 2011 Internet Voting System with Cast as Intended Verification VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could

More information

Chapter 7: Network security

Chapter 7: Network security Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

More information

Group Blind Digital Signatures: Theory and Applications by Zulækar Amin Ramzan Submitted to the Department of Electrical Engineering and Computer Science in partial fulællment of the requirements for the

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies

More information

Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella

Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by

More information

Introduction to Cryptography CS 355

Introduction to Cryptography CS 355 Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru

More information

Understanding and Integrating KODAK Picture Authentication Cameras

Understanding and Integrating KODAK Picture Authentication Cameras Understanding and Integrating KODAK Picture Authentication Cameras Introduction Anyone familiar with imaging software such as ADOBE PHOTOSHOP can appreciate how easy it is manipulate digital still images.

More information

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document? Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)

More information

Electronic Voting Protocol Analysis with the Inductive Method

Electronic Voting Protocol Analysis with the Inductive Method Electronic Voting Protocol Analysis with the Inductive Method Introduction E-voting use is spreading quickly in the EU and elsewhere Sensitive, need for formal guarantees Inductive Method: protocol verification

More information

Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

More information

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University Implementation and Comparison of Various Digital Signature Algorithms -Nazia Sarang Boise State University What is a Digital Signature? A digital signature is used as a tool to authenticate the information

More information

Publicly Verifiable Private Credentials a technique for privately signing Citizen Initiatives

Publicly Verifiable Private Credentials a technique for privately signing Citizen Initiatives Publicly Verifiable Private redentials a technique for privately signing itizen Initiatives Marius. Silaghi and Kishore R. Kattamuri Florida Institute of Technology msilaghi,kattamuk@fit.edu January 26,

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

More information

SECURITY IN NETWORKS

SECURITY IN NETWORKS SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Network Security (2) CPSC 441 Department of Computer Science University of Calgary Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate

More information

http://www.cisjournal.org Implementation of Electronic Voting System in Mobile Phones with Android Operating System 1

http://www.cisjournal.org Implementation of Electronic Voting System in Mobile Phones with Android Operating System 1 Implementation of Electronic Voting System in Mobile Phones with Android Operating System 1 Eliver Pérez Villegas, 2 Gina Gallegos-García, 3 Gualberto Aguilar Torres, 4 Héctor Flores Gutiérrez 1, 4 Universidad

More information

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

E-Democracy and e-voting

E-Democracy and e-voting E-Democracy and e-voting How to make them secure and transparent August 2013 Jordi Puiggali CSO and SVP R&D Jordi.puiggali@scytl.com Index Introduction e-democracy Security and Transparency in e-voting

More information

Improvement of digital signature with message recovery using self-certified public keys and its variants

Improvement of digital signature with message recovery using self-certified public keys and its variants Applied Mathematics and Computation 159 (2004) 391 399 www.elsevier.com/locate/amc Improvement of digital signature with message recovery using self-certified public keys and its variants Zuhua Shao Department

More information

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

More information

Elements of Security

Elements of Security Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 15, 2015 Slideset 8: 1 Some Poetry Mary had a little key (It s all she could export)

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Application of Electronic Currency on the Online Payment System like PayPal

Application of Electronic Currency on the Online Payment System like PayPal Application of Electronic Currency on the Online Payment System like PayPal Rafael Martínez Peláez, Francisco J. Rico Novella Technical University of Catalonia (UPC), Department of Telematics Engineering

More information

An Introduction to Digital Signature Schemes

An Introduction to Digital Signature Schemes An Introduction to Digital Signature Schemes Mehran Alidoost Nia #1, Ali Sajedi #2, Aryo Jamshidpey #3 #1 Computer Engineering Department, University of Guilan-Rasht, Iran m.alidoost@hotmail.com #2 Software

More information

Module 7 Security CS655! 7-1!

Module 7 Security CS655! 7-1! Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed

More information

Digital Signature. Raj Jain. Washington University in St. Louis

Digital Signature. Raj Jain. Washington University in St. Louis Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Fighting product clones through digital signatures

Fighting product clones through digital signatures Paul Curtis, Katrin Berkenkopf Embedded Experts Team, SEGGER Microcontroller Fighting product clones through digital signatures Product piracy and forgery are growing problems that not only decrease turnover

More information

CS549: Cryptography and Network Security

CS549: Cryptography and Network Security CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared

More information

Digital Signature CHAPTER 13. Review Questions. (Solution to Odd-Numbered Problems)

Digital Signature CHAPTER 13. Review Questions. (Solution to Odd-Numbered Problems) CHAPTER 13 Digital Signature (Solution to Odd-Numbered Problems) Review Questions 1. We mentioned four areas in which there is a differences between a conventional and a digital signature: inclusion, verification,

More information

Verification and Validation Issues in Electronic Voting

Verification and Validation Issues in Electronic Voting Verification and Validation Issues in Electronic Voting Orhan Cetinkaya 1, and Deniz Cetinkaya 2 1 Institute of Applied Mathematics, METU, Ankara, Turkey 2 Computer Engineering, METU, Ankara, Turkey e113754@metu.edu.tr

More information

A novel deniable authentication protocol using generalized ElGamal signature scheme

A novel deniable authentication protocol using generalized ElGamal signature scheme Information Sciences 177 (2007) 1376 1381 www.elsevier.com/locate/ins A novel deniable authentication protocol using generalized ElGamal signature scheme Wei-Bin Lee a, Chia-Chun Wu a, Woei-Jiunn Tsaur

More information

The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

More information

Cryptography & Digital Signatures

Cryptography & Digital Signatures Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract)

Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract) Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract) Orhan Cetinkaya Institute of Applied Mathematics, METU, Ankara, Turkey e113754@metu.edu.tr Abstract Electronic voting

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

More information

What is network security?

What is network security? Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application

More information

1 Signatures vs. MACs

1 Signatures vs. MACs CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures

More information

Digital Signature Standard (DSS)

Digital Signature Standard (DSS) FIPS PUB 186-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS) CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Information Technology Laboratory National Institute

More information

Digital Signature For Text File

Digital Signature For Text File Digital Signature For Text File Ayad Ibrahim Abdulsada Dept. of Computer Science, College of Education, University of Basrah, Basrah, Iraq. E-mail: mraiadibraheem@yahoo.com Abstract: Digital signatures

More information

Crittografia e sicurezza delle reti. Digital signatures- DSA

Crittografia e sicurezza delle reti. Digital signatures- DSA Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case

More information

Authentication requirement Authentication function MAC Hash function Security of

Authentication requirement Authentication function MAC Hash function Security of UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

A Survey on Optimistic Fair Digital Signature Exchange Protocols

A Survey on Optimistic Fair Digital Signature Exchange Protocols A Survey on Optimistic Fair Digital Signature Exchange s Alfin Abraham Vinodh Ewards Harlay Maria Mathew Abstract Security services become crucial to many applications such as e-commerce payment protocols,

More information

One-Way Encryption and Message Authentication

One-Way Encryption and Message Authentication One-Way Encryption and Message Authentication Cryptographic Hash Functions Johannes Mittmann mittmann@in.tum.de Zentrum Mathematik Technische Universität München (TUM) 3 rd Joint Advanced Student School

More information

The Design of Web Based Secure Internet Voting System for Corporate Election

The Design of Web Based Secure Internet Voting System for Corporate Election The Design of Web Based Secure Internet Voting System for Corporate Election Jagdish B. Chakole 1, P. R. Pardhi 2 \ 1 Deptt. of Computer Science & Engineering, R.C.O.E.M., Nagpur, Maharashtra (India) 2

More information

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

Network Security. HIT Shimrit Tzur-David

Network Security. HIT Shimrit Tzur-David Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

More information

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6. 1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks

More information

TELECOMMUNICATION NETWORKS

TELECOMMUNICATION NETWORKS THE USE OF INFORMATION TECHNOLOGY STANDARDS TO SECURE TELECOMMUNICATION NETWORKS John Snare * Manager Telematic and Security Systems Section Telecom Australia Research Laboratories Victoria TELECOMMUNICATIONS

More information

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David A. Cooper NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David

More information

Public Key (asymmetric) Cryptography

Public Key (asymmetric) Cryptography Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

More information

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

More information

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

HASH CODE BASED SECURITY IN CLOUD COMPUTING

HASH CODE BASED SECURITY IN CLOUD COMPUTING ABSTRACT HASH CODE BASED SECURITY IN CLOUD COMPUTING Kaleem Ur Rehman M.Tech student (CSE), College of Engineering, TMU Moradabad (India) The Hash functions describe as a phenomenon of information security

More information

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public

More information

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013 USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security

More information

Cryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones

Cryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones Cryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones Gwenaëlle Martinet 1, Guillaume Poupard 1, and Philippe Sola 2 1 DCSSI Crypto Lab, 51 boulevard de La Tour-Maubourg

More information

2. Cryptography 2.4 Digital Signatures

2. Cryptography 2.4 Digital Signatures DI-FCT-UNL Computer and Network Systems Security Segurança de Sistemas e Redes de Computadores 2010-2011 2. Cryptography 2.4 Digital Signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures

More information

Blind Digital Signatures, Group Digital Signatures and Revocable Anonymity

Blind Digital Signatures, Group Digital Signatures and Revocable Anonymity Blind Digital Signatures, Group Digital Signatures and Revocable Anonymity Network Security Project Presentation, CSE Department, IIT Bombay Vijay Gabale Ashutosh Dhekne Sagar Bijwe Nishant Burte MTech

More information

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential

More information

Randomized Hashing for Digital Signatures

Randomized Hashing for Digital Signatures NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department

More information

Verifiable Voting Systems

Verifiable Voting Systems Chapter 69 Verifiable Voting Systems Thea Peacock 1, Peter Y. A. Ryan 1, Steve Schneider 2 and Zhe Xia 2 1 University of Luxembourg 2 University of Surrey 1 Introduction The introduction of technology

More information

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks. By Abdulaziz Alrasheed and Fatima RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

More information

A Proposal for Authenticated Key Recovery System 1

A Proposal for Authenticated Key Recovery System 1 A Proposal for Authenticated Key Recovery System 1 Tsuyoshi Nishioka a, Kanta Matsuura a, Yuliang Zheng b,c, and Hideki Imai b a Information & Communication Business Div. ADVANCE Co., Ltd. 5-7 Nihombashi

More information

On Coercion-Resistant Electronic Elections

On Coercion-Resistant Electronic Elections On Coercion-Resistant Electronic Elections with Linear Work Stefan G. Weber, Roberto Araújo, Johannes Buchmann Darmstadt University of Technology Department of Computer Science Hochschulstrasse 10, 64289

More information

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,

More information

Reusable Anonymous Return Channels

Reusable Anonymous Return Channels Reusable Anonymous Return Channels Philippe Golle Stanford University Stanford, CA 94305, USA pgolle@cs.stanford.edu Markus Jakobsson RSA Laboratories Bedford, MA 01730, USA mjakobsson@rsasecurity.com

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

More information

Part VII. Digital signatures

Part VII. Digital signatures Part VII Digital signatures CHAPTER 7: Digital signatures Digital signatures are one of the most important inventions/applications of modern cryptography. The problem is how can a user sign a message such

More information

Lecture 9: Application of Cryptography

Lecture 9: Application of Cryptography Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

More information

ARCHIVED PUBLICATION

ARCHIVED PUBLICATION ARCHIVED PUBLICATION The attached publication, FIPS Publication 186-3 (dated June 2009), was superseded on July 19, 2013 and is provided here only for historical purposes. For the most current revision

More information

ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES. Daniela Bojan and Sidonia Vultur

ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES. Daniela Bojan and Sidonia Vultur ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES Daniela Bojan and Sidonia Vultur Abstract.The new services available on the Internet have born the necessity of a permanent

More information

Digital Cash. is not a check, credit card or a debit card. They leave audit trails. can be sent through computer networks.

Digital Cash. is not a check, credit card or a debit card. They leave audit trails. can be sent through computer networks. Digital Cash is not a check, credit card or a debit card. They leave audit trails. is anonymous and untraceable. can be sent through computer networks. can be used off-line (not connected to a bank). is

More information

Lecture 6 - Cryptography

Lecture 6 - Cryptography Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

More information