Malicious Participants

Slides:



Advertisements
Similar presentations
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Advertisements

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Cryptography and Network Security
The Dining Cryptographer Problem Security Presentation Nitesh Patel 2005h425.
Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 4 Lecturer: Moni Naor.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Aladdin Center, Carnegie Mellon University Deniable and Traceable Anonymity Andrew Bortz Joint work with: Luis von Ahn Nick Hopper Kevin O’Neill (Cornell)
Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
Bob can sign a message using a digital signature generation algorithm
Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Topic 22: Digital Schemes (2)
Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.
Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu.
PROACTIVE SECRET SHARING Or: How to Cope With Perpetual Leakage Herzberg et al. Presented by: Avinash Ravi Kevin Skapinetz.
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.
Block Cipher Modes Last Updated: Aug 25, ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.
DC-Networks – The Protocol. 2 DC-Networks - The Protocol toc Introduction Time Excluding bad clients Key Exchange Demonstration Some Attacks On-demand.
Message Authentication Code
Cryptographic Protocols Secret sharing, Threshold Security
Asymmetric-Key Cryptography
Network Security Design Fundamentals Lecture-13
Advanced Information Security 5 ECC Cryptography
Encryption and Integrity
Introduction to Information Technologies
On the Size of Pairing-based Non-interactive Arguments
Cryptographic Hash Function
Network Security.
Some slides borrowed from Philippe Golle, Markus Jacobson
Presented by: Dr. Munam Ali Shah
Improved Private Set Intersection against Malicious Adversaries
Cryptography Lecture 4.
Elliptic Curve Cryptography (ECC)
CS/ECE 418 Introduction to Network Security
Lecture 9: Hash House Harriers Background just got here last week
Fuzzy Identity Based Encryption
ElGamal Public-Key Systems over GF(p) & GF(2m)
PART VII Security.
Elliptic Curve Cryptography (ECC)
Cryptography: Basics (2)
Introduction to Information Technologies
Network Security.
NET 311 Information Security
El Gamal and Diffie Hellman
Introduction to Elliptic Curve Cryptography
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Topic 13: Message Authentication Code
Cryptology Design Fundamentals
Cryptography Lecture 3.
Diffie-Hellman Key Exchange
Cryptographic Protocols Secret Sharing, Threshold Security
Network Security Design Fundamentals Lecture-13
Elliptic-Curve Cryptography (ECC)
ITIS 6200/8200 Chap 5 Dr. Weichao Wang.
Anonymity – Generalizing Mixes
How to Use Charm Crypto Lib
Presentation transcript:

Malicious Participants Comparing various attempts of detecting malicious participants in DC networks

Approaches Chaum: Trap messages Golle & Juels: Proof with bilinear maps Ahn, Bortz and Hopper: k-anonymous message transmission (for the case k=n)

Chaum: Trap Messages n Participants exchanging 1-bit keys pairwise XOR of all keys equals to 0 One or zero participants send a 1-bit message Known and agreed key graph Commitment before publishing At least some throughput Existence of non-private blocks

Chaum: Trap Messages How to make non-private blocks? Reservation scheme: Each participant reserves one block each round (easy detection of collisions in reservation block) Reservation block is non-private itself Commitment on dummy data to detect disturbers Improvement in Pfitzmann & Waidner (disco) 100n² bits in reservation block for 99% non- collision probability (Bos&Boer'90)

Chaum: Trap Messages How to set a trap: Reservation block Data or Trap Data or Trap Data or Trap How to set a trap: Publish after Reservation: encs( r || i ) (r: random number, i: block index) Publish as trap data: r Publish after Trap: s (encryption secret key)

Golle & Juels Two protocols: short and long Short: Overwhelming secure but limited block size Long: Arbitrary block size but only high secure Works on D-H generators over elliptic curves Reconstruction of messages for missing participants by threshold sharing of secret keys Basic idea is proof of both statements: The sum of keys is correct OR there is a message added There is at most one message added

Golle & Juels: Short DC n Participants Participant i publish: Vi = ( Vi(0), ... , Vi(n) ) Vi(k) = m(k)·Wi(k), Wi(k) = ∏j ê( hash(k), yj )d·xi m(k) is message for a random k; 1 otherwise d is 1 for i<j; 0 for i=j; -1 for i>j xi resp. yi is secret / public key ê is an elliptic curve function Summary: multiplied in G, not added in GF(2)

Golle & Juels: Short DC Additional to Vi publish a verification vector σi g and h are random generators in G r1 .. rn are random numbers w(k) = g·hrk when msg sent in k; hrk otherwise σi = logh(g -1 ∏w) ??? Summary – Proof either one of: Wi(k) is correct AND knows logh(wk) OR knows logh(wk / g)

Golle & Juels: Short DC Unclear: Why does this prevent from sending multiple messages in one round?

Golle & Juils: Long DC PRNG(seed) like short DC and XOR message Choose subset S = ( p1, ..., pn/2 ) without choosing the message pmsg Publish xi·hash(k) for all elements in S Idea: Attacker can not arbitrary select many places k for disturbing.