CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink1 Dining Cryptographers Paper by David Chaum (1988) Presentation by Glenn Fink.

Slides:



Advertisements
Similar presentations
MIDDLE COLLEGE 2013 Why are you less popular than your friends?
Advertisements

By Md Emran Mazumder Ottawa University Student no:
1 Dissent: Accountable, Anonymous Communication Joan Feigenbaum Joint work with Bryan Ford, Henry Corrigan-Gibbs, Yixuan.
ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
The Dining Cryptographer Problem Security Presentation Nitesh Patel 2005h425.
CIS 5371 Cryptography 3b. Pseudorandomness.
Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
A Designer’s Guide to KEMs Alex Dent
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
1 Sustaining Cooperation in Multi-Hop Wireless Networks Ratul Mahajan, Maya Rodrig, David Wetherall and John Zahorjan University of Washington Presented.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
CRYPTOGRAPHY WHAT IS IT GOOD FOR? Andrej Bogdanov Chinese University of Hong Kong CMSC 5719 | 6 Feb 2012.
Applied Cryptography for Network Security
Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
Information Theory and Security
Cryptography and Network Security Chapter 7
Computer Security CS 426 Lecture 3
Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Introduction to Public Key Cryptography
Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.
Dr. Khalid A. Kaabneh Amman Arab University
A Tale of Research: From Crowds to Deeper Understandings Matthew Wright Jan. 25, : Adv. Network Security.
Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Cryptography and Network Security (CS435)
Chapter 4: Intermediate Protocols
Neural Key Exchange Presented by: Jessica Lowell 10 December 2009 CS 6750.
Security in Computing Chapter 12, Cryptography Explained Part 7 Summary created by Kirk Scott 1.
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
Chapter 20 Symmetric Encryption and Message Confidentiality.
CS555Spring 2012/Topic 51 Cryptography CS 555 Topic 5: Pseudorandomness and Stream Ciphers.
Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey
Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement.
A Survey of Authentication Protocol Literature: Version 1.0 Written by John Clark and Jeremy Jacob Presented by Brian Sierawski.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Privacy Enhancing Technologies Spring What is Privacy? “The right to be let alone” Confidentiality Anonymity Access Control Most privacy technologies.
Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.
Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.
Summer 2004CS 4953 The Hidden Art of Steganography A Brief Introduction to Information Theory  Information theory is a branch of science that deals with.
Chapter 7 – Confidentiality Using Symmetric Encryption.
Chapter 7 Confidentiality Using Symmetric Encryption.
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
CS426Fall 2010/Lecture 61 Computer Security CS 426 Lecture 6 Cryptography: Message Authentication Code.
Privacy-preserving rule mining. Outline  A brief introduction to association rule mining  Privacy preserving rule mining Single party  Perturbation.
NEW DIRECTIONS IN CRYPTOGRAPHY Made Harta Dwijaksara, Yi Jae Park.
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Probabilistic Anonymity Mohit Bhargava, IIT New Delhi Catuscia Palamidessi, INRIA Futurs & LIX.
Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.
Fall 2006CS 395: Computer Security1 Confidentiality Using Symmetric Encryption.
Lecture 5.1: Message Authentication Codes, and Key Distribution
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 19 PHILLIPA GILL - STONY BROOK U.
Dining Cryptographers R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.
Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Block Ciphers and the Data Encryption Standard. Modern Block Ciphers  One of the most widely used types of cryptographic algorithms  Used in symmetric.
Chapter 7 – Confidentiality Using Symmetric Encryption.
CS555Spring 2012/Topic 151 Cryptography CS 555 Topic 15: HMAC, Combining Encryption & Authentication.
ENGR 101 Compression and Encryption. Todays Lecture  Encryption  Symmetric Ciphers  Public Key Cryptography  Hashing.
Homework #1 J. H. Wang Oct. 9, 2012.
Security in Network Communications
Presentation transcript:

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink1 Dining Cryptographers Paper by David Chaum (1988) Presentation by Glenn Fink

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink2 Dining Cryptographers: Overview  Who says all the tough papers are at the end of the semester? –Anyone know what the Frobenius automorphism of the Galois group GF(p n ) is?  But apart from this, there is still much of practical utility in the paper.

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink3 Dining Cryptographers “Same” Result: #Diffs: 0 (Even) NSA Pays Act I: Three of a kind Flip Coins Make Observations Count Observations

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink4 Dining Cryptographers “Same”“Different” Result: #Diffs: 2 (Even) NSA Pays Act II: Two of a kind Flip Coins Make Observations Count Observations

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink5 Dining Cryptographers “Different” * Inverted * “Different” Result: #Diffs: 3 (Odd) Some Cryptographer Pays Act III: Two of a kind + Inversion I’m paying, but no one knows it’s me! Flip Coins Make Observations Count Observations

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink6 Proof Sketch (By Induction)  All heads or all tails: 0 Diffs  One tail, rest heads: 2 Diffs –On each side of tail  Two tails, rest heads: 2 cases: I.Two tails are adjacent: 2 Diffs II.Two tails nonadjacent: 4 Diffs  N+1 tails, rest heads: three cases: I.New tail is adjacent to one string of tails: No change II.New tail is nonadjacent to any string of tails: Two more diffs III.New tail connects two strings of tails: Two fewer diffs H H T H T H Diffs H H T T H H H H H H H H H H T H H H Result: If everyone tells the truth, there will always be an even number of differences H H T T H H Diffs T T T

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink7 Anonymity Set 0 Anonymity Set 1 Anonymity Set Graph Theory Interpretation  Persons=Nodes  Keys=Edges –Shared by nodes  Anonymity Set: –The set of nodes whose transmissions are indistinguishable  Collusion –Sharing keys to expose another person’s transmissions Partial Collusion: Not all keys shared

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink8 SharedKeysSharedKeys Keys and Compromises  A “key” is really just a history of all the quarters that will ever be flipped between two participants. –E.g., a string of bits  Key compromise means that a third party also knows the results of each flip.

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink9 Practical Considerations  Key Generation –Generate a true one-time pad via a physical random process –Generate a short key and expand it via pseudo-random process  Key Distribution –Covertly: in person or via pre-shared symmetric cipher –Publicly: via a public-key-enabled key exchange  Key Usage –Everyone sees the stream of bits from the message –Everyone sees the sum of the outputs of all the nodes –Comparing the sum at each round tells whether someone is transmitting, but… –… No one knows the originator of the message

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink10 Transmission Example   0 = 1 0   0 = 0 1   0 = 1 y  1=x x  1=y y  1=x y  0=y x  1=y y  0=y y Round 1 yx Flip Coins Make Observations Count Observations

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink11 Transmission Example   0 = 0 1   0 = 1  0 1   1 = 0 0   1 = 1 “yx” y  0=y x  0=x y  1=x x  0=x yx Round 2 yx Flip Coins Make Observations Count Observations

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink12 Transmission Example   0 = 1 1   1 = 0 1   1 = 0  1 0   1 = 1 0   0 = 0 “yx” x  1=y y  0=y y  1=x x  0=x x  1=y yx Round 3 y yx Flip Coins Make Observations Count Observations

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink13 Transmission Example   1 = 0 0   1 = 1 0   0 = 0 1   0 = 1 y  0=y x  0=x y  1=x x  1=y yx Round 4 yx yx Flip Coins Make Observations Count Observations

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink14 Transmission Example yx Summary yx yx yxyx  0110 “ ” yx Anonymous Transmission

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink15 Attacking the Dining Cryptographers “1” By partitioning a non-fully-connected network Sum = 1; Someone transmitted. Sum = 1; Transmitter is on this side. Sum = 0; Transmitter is not on this side. Ring network can be attacked in n log n rounds Fully-connected network requires n-1 attackers!

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink16 Conclusion  Chaum’s protocol allows parties to transmit anonymous messages in public.  The protocol is highly resistant to collusion attacks. –But attacks are possible because anonymity degrades with time. –Protocol does not protect physical path tracing. –Protocol does not provide for message confidentiality.  Communication via this protocol is four times less efficient on average than traceable transmission protocols.  Protocol forms the basis for Chaum’s DC-Net.

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink17 Other References  Good source of information on all sorts of anonymity schemes: –  Tutorial presentation given at ACM CCS 2004 on anonymity: – anon.ppt

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.