Paillier Threshold Encryption WebService by Brett Wilson.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Key Management Nick Feamster CS 6262 Spring 2009.
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Cryptography and Network Security
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Asymmetric-Key Cryptography
Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.
7. Asymmetric encryption-
Jens Groth BRICS, University of Aarhus Cryptomathic
1/11/2007 bswilson/eVote-PTCWS 1 Paillier Threshold Cryptography Web Service by Brett Wilson.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Applying MESE processes to Improve Online E-Voting Prototype System with PTC Web Services Master Project Defense Hakan Evecek 1 5/29/2007Hakan Evecek/SE2Evote.
Tree Homomorphic Encryption with Scalable Decryption Moti Yung Columbia University Joint work with Aggelos Kiayias University of Connecticut.
The Algebra of Encryption CS 6910 Semester Research and Project University of Colorado at Colorado Springs By Cliff McCullough 20 July 2011.
A Designer’s Guide to KEMs Alex Dent
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.
1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
Chapter 3 Encryption Algorithms & Systems (Part B)
Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
ASYMMETRIC CIPHERS.
Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Bob can sign a message using a digital signature generation algorithm
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Cryptographic Voting Systems (Ben Adida) Jimin Park Carleton University COMP 4109 Seminar 15 February 2011.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Topic 22: Digital Schemes (2)
1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Implementing RSA Encryption in Java
Cryptography and Network Security (CS435) Part Eight (Key Management)
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
The RSA Algorithm. Content Review of Encryption RSA An RSA example.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Applying MESE processes to Improve Online E-Voting Prototype System with PTC Web Services Master Project Defense Hakan Evecek 1 5/29/2007Hakan Evecek/SE2Evote.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Cryptography and Network Security Key Management and Other Public Key Cryptosystems.
The Paillier Cryptosystem
PUBLIC KEY CRYPTOGRAPHY ALGORITHM Concept and Example 1IT352 | Network Security |Najwa AlGhamdi.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Almost Entirely Correct Mixing With Applications to Voting Philippe Golle Dan Boneh Stanford University.
Key Management Network Systems Security Mort Anvari.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
RSA Pubic Key Encryption CSCI 5857: Encoding and Encryption.
Lecture 14 Public Key Cryptography and RSA. Summary principles of public-key cryptography principles of public-key cryptography RSA algorithm, implementation,
Information Security and Management 10. Other Public-key Cryptosystems Chih-Hung Wang Fall
Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.
Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys – use of public-key.
Key Management Network Systems Security
Oblivious Transfer.
Presentation transcript:

Paillier Threshold Encryption WebService by Brett Wilson

Paillier Encryption Trapdoor Discrete Logarithm Scheme c = g M r n mod n 2 c = g M r n mod n 2 n is an RSA modulus n is an RSA modulus g is an integer of order nα mod n 2 g is an integer of order nα mod n 2 r is a random number in Z n * r is a random number in Z n * M = L(c λ(n) mod n 2 )/L(g λ(n) mod n 2 ) mod n M = L(c λ(n) mod n 2 )/L(g λ(n) mod n 2 ) mod n L(u) = (u-1)/n, λ(n)=lcm((p-1)(q-1)) L(u) = (u-1)/n, λ(n)=lcm((p-1)(q-1)) Important Properties Homomorphic Homomorphic E(M 1 + M 2 ) = E(M 1 ) x E(M 2 ), E(k x M) = E(M) k E(M 1 + M 2 ) = E(M 1 ) x E(M 2 ), E(k x M) = E(M) k Self-blinding Self-blinding Re-encryption with a different r doesn’t change M

Threshold Encryption Public key encryption as usual Distribute secret key “shares” among i participants Decryption can only be accomplished if a threshold number t of the i participants cooperate No information about m can be obtained with less than t participants cooperating No information about m can be obtained with less than t participants cooperating

Threshold Paillier Encryption Different public key and secret key generation algorithm Different public key and secret key generation algorithm Distribute secret key shares using Shamir Secret Sharing scheme Distribute secret key shares using Shamir Secret Sharing scheme “Sharing Decryption in the Context of Voting or Lotteries” Fouque, Poupard, and Stern 2000 “Sharing Decryption in the Context of Voting or Lotteries” Fouque, Poupard, and Stern 2000

Threshold Paillier Encryption WebService Key generation algorithm Key generation algorithm Input Input k – size of key k – size of key l – number of shares to generate l – number of shares to generate One RSA public key (of the designated participant) for each share One RSA public key (of the designated participant) for each share t – threshold parameter t – threshold parameter Output Output Public Key PK Public Key PK List SK 1, …, SK l of private key shares List SK 1, …, SK l of private key shares Encrypted with supplied RSA keys so only designated participant can recover the key share Encrypted with supplied RSA keys so only designated participant can recover the key share List of Verifier Keys VK, VK 1, …,VK l List of Verifier Keys VK, VK 1, …,VK l

Threshold Paillier Encryption WebService Encryption Algorithm Input Input Public Key PK Public Key PK Random string r Random string r Cleartext M Cleartext M Output Output Ciphertext c Ciphertext c

Share Decryption Algorithm Input Input Ciphertext c Ciphertext c Private Key Share Sk i Private Key Share Sk i Encrypted with public key of webservice Encrypted with public key of webservice Output Output Decryption share c i Decryption share c i Validity proof p i Validity proof p i Threshold Paillier Encryption WebService

Combining Algorithm Input Input Ciphertext c Ciphertext c List of decryption shares c 1,…,c l List of decryption shares c 1,…,c l List of verification keys VK, VK 1 …VK l List of verification keys VK, VK 1 …VK l List of validity proofs P 1,…P l List of validity proofs P 1,…P l Output Output M

Use of WebService in Secure Voting Ballot format: pick 1 out of c candidates Vote = 2 c*log 2 v where c is the desired candidate number (0…c) and v is the next power of 2 greater than the maximum number of voters Vote = 2 c*log 2 v where c is the desired candidate number (0…c) and v is the next power of 2 greater than the maximum number of voters All Paillier-encrypted votes could be publicly posted At end of election, all encrypted votes could be multiplied together (publicly verifiable) With cooperation of the required threshold number of “authorities”, the final product could be decrypted to reveal the vote total (sum of individual votes). A threshold number of authorities would not agree to decrypt a single particular vote, and thus the individual votes would remain private A threshold number of authorities would not agree to decrypt a single particular vote, and thus the individual votes would remain private All computations are publicly verifiable given the validity proofs All computations are publicly verifiable given the validity proofs

Implementation Tools Visual Studio 2005 VB.NET VB.NET Gnu Multiprecision Library (Gmp) Open source arbitrary precision numeric library Open source arbitrary precision numeric library Compiled under Visual Studio 2005 Compiled under Visual Studio 2005NGmp Open source VB.NET binding of gmp.dll Open source VB.NET binding of gmp.dll Enables calling of gmp library functions through VB.NET Enables calling of gmp library functions through VB.NET Compiled under Visual Studio 2005 Compiled under Visual Studio 2005

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.