Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jens Groth BRICS, University of Aarhus Cryptomathic

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Jens Groth BRICS, University of Aarhus Cryptomathic"— Presentation transcript:

1 Jens Groth BRICS, University of Aarhus Cryptomathic
Evaluating Security of Voting Schemes in the Universal Composability Framework Jens Groth BRICS, University of Aarhus Cryptomathic

2 S Fvoting Ideal Voting Functionality vote vote V1 … Vm A1 … An result

3 Real Life vote vote V1 Vm voting A A1 An result result

4 Z Z A S Fvoting Universal Composability Real Ideal vote vote vote vote
Vm V1 Vm A S Fvoting A1 An A1 An result result result result

5 Security Requirements
Privacy Authentication Accuracy Robustness Fairness Availability Verifiability Incoercibility Hacker protection

6 Homomorphic Threshold Encryption
Each voter: Epk(vote) + ZK proof + signature Homomorphic property: Epk(result)= Epk(vote1) *…* Epk(voten) Threshold decryption: Authority 1 . . Epk(result) result Authority n

7 Example ElGamal-encryption: pk = (q,p,g,h), q|p-1, g,h order q in Zp* sk = x, h=gx mod p yes-vote = 1, no-vote = 0 Each voter: (gr mod p, hrgv mod p) + ZK proof Homomorphic property: (gr1+…+rm mod p, hr1+…+rmgv1+…+vm mod p) = (gri mod p, hrigvi mod p) Threshold decryption: Lagrange interpolation  gv1+…+vm mod p, discrete log  v1+…+vm

8 A Fkey generation Key Generation Functionality public key public key
V1 Vm Fkey generation A A1 An public key secret share public key secret share

9 A Fmessage board Message Board Functionality message message V1 … Vm
An Voters’ messages Authority’s message Voters’ messages Authority’s message

10 Z Z A S Fvoting FKM Universal Composability Hybrid Ideal vote vote
Vm V1 Vm A S Fvoting FKM A1 An A1 An result result result result

11 Z S A Fvoting FKM The Simulator
S simulates A,V1,…,Vm,A1,…,An, FKM and random oracle Z vote vote vote V1 Vm V1 Vm S Fvoting A FKM A1 An result A1 An result result

12 Results Homomorphic threshold encryption voting securely realizes Fvoting in the FKM-hybrid model against non-adaptive adversaries Homomorphic threshold encryption voting does NOT securely realize Fvoting in the FKM-hybrid model against adaptive adversaries Modified homomorphic threshold encryption voting securely realizes Fvoting in the FKM-hybrid model against adaptive adversaries

13 Modified Voting Scheme
Each voter: Epk(vote) + ZK proof + signature Delete vote and coins Threshold decryption: Epk(result) -> Epk(result)’ -> result Delete coins

14 Thanks Questions?

Download ppt "Jens Groth BRICS, University of Aarhus Cryptomathic"

Similar presentations

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Perfect Non-interactive Zero-Knowledge for NP

Perfect Non-interactive Zero-Knowledge for NP
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
Non-interactive Zero- Knowledge Arguments for Voting Jens Groth UCLA.

Non-interactive Zero- Knowledge Arguments for Voting Jens Groth UCLA.
A Verifiable Secret Shuffle of Homomorphic Encryptions Jens Groth UCLA On ePrint archive:

A Verifiable Secret Shuffle of Homomorphic Encryptions Jens Groth UCLA On ePrint archive:
Rerandomizable and Replayable Adaptive Chosen Ciphertext Attack Secure Cryptosystems Jens Groth BRICS, University of Aarhus Cryptomathic A/S.

Rerandomizable and Replayable Adaptive Chosen Ciphertext Attack Secure Cryptosystems Jens Groth BRICS, University of Aarhus Cryptomathic A/S.
Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.

Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.

Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.
Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.

Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.
1 e-voting (requirements & protocols) 1) Aggelos Kiayias, Moti Yung: Self-tallying Elections and Perfect Ballot Secrecy 2) Jens Groth: Efficient Maximal.

1 e-voting (requirements & protocols) 1) Aggelos Kiayias, Moti Yung: Self-tallying Elections and Perfect Ballot Secrecy 2) Jens Groth: Efficient Maximal.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)

Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.

11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.
Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)

Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

Similar presentations

Ads by Google