Jens Groth BRICS, University of Aarhus Cryptomathic

Slides:



Advertisements
Similar presentations
Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Advertisements

Perfect Non-interactive Zero-Knowledge for NP
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
Non-interactive Zero- Knowledge Arguments for Voting Jens Groth UCLA.
A Verifiable Secret Shuffle of Homomorphic Encryptions Jens Groth UCLA On ePrint archive:
Rerandomizable and Replayable Adaptive Chosen Ciphertext Attack Secure Cryptosystems Jens Groth BRICS, University of Aarhus Cryptomathic A/S.
Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.
Secure Evaluation of Multivariate Polynomials
Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.
Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.
1 e-voting (requirements & protocols) 1) Aggelos Kiayias, Moti Yung: Self-tallying Elections and Perfect Ballot Secrecy 2) Jens Groth: Efficient Maximal.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.
Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
1/11/2007 bswilson/eVote-PTCWS 1 Paillier Threshold Cryptography Web Service by Brett Wilson.
Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Paillier Threshold Encryption WebService by Brett Wilson.
Efficient Maximal Privacy in Boardroom Voting and Anonymous Broadcast Jens Groth BRICS, University of Aarhus Cryptomathic A/S.
Cryptography in Subgroups of Z n * Jens Groth UCLA.
Non-interactive and Reusable Non-malleable Commitments Ivan Damgård, BRICS, Aarhus University Jens Groth, Cryptomathic A/S.
1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.
The Power of Simulation Relations Sixty and Beyond Toronto, August 20, 2008 Roberto Segala - University of Verona 1 The Power of Simulation Relations Roberto.
Hybrid Signcryption with Outsider Security
Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.
Rennes, 15/10/2014 Cristina Onete Message authenticity: Digital Signatures.
Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
Digital signature in automatic analyses for confidentiality against active adversaries Ilja Tšahhirov, Peeter Laud.
Privacy Preserving Query Processing in Cloud Computing Wen Jie
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2014 Nitesh Saxena.
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.
Efficient Zero-Knowledge Proofs Jens Groth University College London.
Masked Ballot Voting for Receipt-Free Online Elections Sam Heinith, David Humphrey, and Maggie Watkins.
Topic 22: Digital Schemes (2)
1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2013 Nitesh Saxena.
Research & development Towards Practical Coercion-Resistant Electronic Elections Jacques Traoré France Télécom / Orange Labs SecVote 2010 Bertinoro - Italy.
DISTRIBUTED CRYPTOSYSTEMS Moti Yung. Distributed Trust-- traditionally  Secret sharing: –Linear sharing over a group (Sum sharing) gives n out of n sharing.
The Paillier Cryptosystem
New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.
Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin, and Hung-Min Sun IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 23, NO. 4, APRIL 2012 Citation:42.
On Simulation-Sound Trapdoor Commitments Phil MacKenzie, Bell Labs Ke Yang, CMU.
Secure Messenger Protocol using AES (Rijndael) Sang won, Lee
A Brief Introduction to Mix Networks Ari Juels RSA Laboratories © 2001, RSA Security Inc.
Secure Computation (Lecture 9-10) Arpita Patra. Recap >> MPC with honest majority in i.t. settings > Protocol using (n,t)-sharing, proof of security---
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Copyright 2004 MayneStay Consulting Group Ltd. - All Rights Reserved Jan-041 Security using Encryption Security Features Message Origin Authentication.
Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.
M2 Encryption techniques Gladys Nzita-Mak. What is encryption? Encryption is the method of having information such as text being converted into a format.
Cryptography Deffie hellman. organization Foundations Symmetric key Symmetric key weaknesses Assymmetric key Deffie hellman – key exchange RSA – public.
Cryptographic Shuffles Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAAA.
Group theory exercise.
Digital signatures.
Helger Lipmaa University of Tartu, Estonia
Presentation transcript:

Jens Groth BRICS, University of Aarhus Cryptomathic Evaluating Security of Voting Schemes in the Universal Composability Framework Jens Groth BRICS, University of Aarhus Cryptomathic

S Fvoting Ideal Voting Functionality vote vote V1 … Vm A1 … An result

Real Life vote vote V1 … Vm voting A A1 … An result result

Z Z A S Fvoting Universal Composability Real Ideal vote vote vote vote … Vm V1 … Vm A S Fvoting A1 … An A1 … An result result result result

Security Requirements Privacy Authentication Accuracy Robustness Fairness Availability Verifiability Incoercibility Hacker protection

Homomorphic Threshold Encryption Each voter: Epk(vote) + ZK proof + signature Homomorphic property: Epk(result)= Epk(vote1) *…* Epk(voten) Threshold decryption: Authority 1 . . Epk(result) result Authority n

Example ElGamal-encryption: pk = (q,p,g,h), q|p-1, g,h order q in Zp* sk = x, h=gx mod p yes-vote = 1, no-vote = 0 Each voter: (gr mod p, hrgv mod p) + ZK proof Homomorphic property: (gr1+…+rm mod p, hr1+…+rmgv1+…+vm mod p) = (gri mod p, hrigvi mod p) Threshold decryption: Lagrange interpolation  gv1+…+vm mod p, discrete log  v1+…+vm

A Fkey generation Key Generation Functionality public key public key V1 … Vm Fkey generation A A1 … An public key secret share public key secret share

A Fmessage board Message Board Functionality message message V1 … Vm An Voters’ messages Authority’s message Voters’ messages Authority’s message

Z Z A S Fvoting FKM Universal Composability Hybrid Ideal vote vote … Vm V1 … Vm A S Fvoting FKM A1 … An A1 … An result result result result

Z S A Fvoting FKM The Simulator S simulates A,V1,…,Vm,A1,…,An, FKM and random oracle Z vote vote vote V1 … Vm V1 … Vm S Fvoting A FKM A1 … An result A1 … An result result

Results Homomorphic threshold encryption voting securely realizes Fvoting in the FKM-hybrid model against non-adaptive adversaries Homomorphic threshold encryption voting does NOT securely realize Fvoting in the FKM-hybrid model against adaptive adversaries Modified homomorphic threshold encryption voting securely realizes Fvoting in the FKM-hybrid model against adaptive adversaries

Modified Voting Scheme Each voter: Epk(vote) + ZK proof + signature Delete vote and coins Threshold decryption: Epk(result) -> Epk(result)’ -> result Delete coins

Thanks Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.