Presentation is loading. Please wait.

Presentation is loading. Please wait.

6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.

Published byErika Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick."— Presentation transcript:

1 6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick

2 Contents 1. Secure elections Introduction Protocols 2. Secure multiparty computation Introduction Examples 3. Conclusion

3 Contents 1. Secure elections Introduction Protocols 2. Secure multiparty computation Introduction Examples

4 Voting What is the requirements ?

5 Voting Secure Booth ?

6 Voting Fair judge ?

7 Voting We need two major requirements. Privacy ! Fairness !

8 Traditional Voting Vs Electronic Voting Privacy Fairness Efficiency

9 Problems with Electronic Voting No physical audit trail Who provides the system? How are they audited? High Tech: More dependencies More ways to subvert the system etc.

10 Requirements for Electronic Voting 1.Only authorized voters can vote. 2.No one can vote more than once. 3.No one can duplicate anyone else’s vote. 4.No one can change anyone else’s vote without being discovered. 5.Every voter can make sure that his vote has been taken into account in the final tabulation. 6.No one can determine for whom anyone else voted. 7.Everyone knows who voted and who didn’t.

11 Requirements for Electronic Voting 1.Only authorized voters can vote. 2.No one can vote more than once. 3.No one can duplicate anyone else’s vote. 4.No one can change anyone else’s vote without being discovered. 5.Every voter can make sure that his vote has been taken into account in the final tabulation. 6.No one can determine for whom anyone else voted. 7.Everyone knows who voted and who didn’t.

12 Requirements for Electronic Voting 1.Only authorized voters can vote. 2.No one can vote more than once. 3.No one can duplicate anyone else’s vote. 4.No one can change anyone else’s vote without being discovered. 5.Every voter can make sure that his vote has been taken into account in the final tabulation. 6.No one can determine for whom anyone else voted. 7.Everyone knows who voted and who didn’t.

13 Contents 1. Secure elections Introduction Protocols 2. Secure multiparty computation Introduction Examples

14 Protocols 1. Simplistic voting protocols #1 2. Simplistic voting protocols #2 3. Voting with blind signatures 4. Voting with two central facilities 5. Voting with ANDOS 6. Improved voting with ANDOS 7. Voting without a central facility

15 Idea of Simplistic Voting Protocol #1 secure booth = encryption

16 Simplistic Voting Protocol #1 Voter V i Central Tabulating Facility 3. E CTF (V) 1. Choose V P CTF S CTF 4. Tabulate V’s 5. Publish the result 2. Encrypt V into E CTF (V).

17 Unsatisfied Requirements 1.Only authorized voters can vote. 2.No one can vote more than once. 3.No one can duplicate anyone else’s vote. 4.No one can change anyone else’s vote without being discovered. (By intercept attack) 5.Every voter can make sure that his vote has been taken into account in the final tabulation. 6.No one can determine for whom anyone else voted. 7.Everyone knows who voted and who didn’t.

18 Protocols 1. Simplistic voting protocols #1 2. Simplistic voting protocols #2 3. Voting with blind signatures 4. Voting with two central facilities 5. Voting with ANDOS 6. Improved voting with ANDOS 7. Voting without a central facility

19 Idea of Simplistic Voting Protocol #2 secure booth = encryption identification card = sign

20 Simplistic Voting Protocol #2 Voter V i Central Tabulating Facility 4. E CTF ( S i (V)) 1. Choose V P CTF P i S CTF 5. Decrypt, verify, tabulate V’s SiSi 2. Sign V into S i (V) 3. Encrypt S i (V) into E CTF (S i (V)) 6. Publish the result

21 Unsatisfied Requirements 1.Only authorized voters can vote. 2.No one can vote more than once. 3.No one can duplicate anyone else’s vote. 4.No one can change anyone else’s vote without being discovered. 5.Every voter can make sure that his vote has been taken into account in the final tabulation. 6.No one can determine for whom anyone else voted. (CTF knows it.) 7.Everyone knows who voted and who didn’t.

22 Protocols 1. Simplistic voting protocols #1 2. Simplistic voting protocols #2 3. Voting with blind signatures 4. Voting with two central facilities 5. Voting with ANDOS 6. Improved voting with ANDOS 7. Voting without a central facility

23 Problem with Signature Kim 노

24 Idea of Voting with Blind Signature accept 노

25 Idea of Voting with Blind Signature Be covered !

26 Voting with Blind Signature Voter V i Central Tabulating Facility 3. B(M) 1. Generate M = (O 1, …, O n, ID r, i) P CTF P i S CTF 4. Check if B(M) is valid SiSi 2. Blind M into B(M) 6. Choose S CTF (O i ) 5. S CTF (B(M)) 7. Generate M’ = (S CTF (O i ), S CTF (ID r ), S CTF (i))

27 Voting with Blind Signature Voter V i Central Tabulating Facility 8. M’ P CTF P i S CTF 9. Verify, check ID duplication SiSi 10. Publish the result B(M)

28 Unsatisfied Requirements 1.Only authorized voters can vote. 2.No one can vote more than once. 3.No one can duplicate anyone else’s vote. 4.No one can change anyone else’s vote without being discovered. 5.Every voter can make sure that his vote has been taken into account in the final tabulation. 6.No one can determine for whom anyone else voted. (CTF knows it.) – it need to provide anonymous channel. 7.Everyone knows who voted and who didn’t.

29 Additional Some Problems 1.CTF can generate a large number of signed, valid votes and cheat by submitting those itself. 2.If voter discovers that the CTF changed his or her vote, he or she has no way to prove it.

30 Protocols 1. Simplistic voting protocols #1 2. Simplistic voting protocols #2 3. Voting with blind signatures 4. Voting with two central facilities 5. Voting with ANDOS 6. Improved voting with ANDOS 7. Voting without a central facility

31 Review of Traditional Voting 1. Check voter’s identification by checker. checker voter

32 Review of Traditional Voting 2. Count votes in the ballot boxes by counter. counter

33 Review of Traditional Voting There are two positions in the voting. counter checker

34 Idea of Voting with Two Central Facilities Central Tabulating FacilityCentral Legitimization Agency

35 Voting with Two Central Facilities Voter V i Central Legitimization Agency 1. Ask for VN P CLA P i S CLA 2. Maintain VN list for voters SiSi 3. VN r VN list

36 Voting with Two Central Facilities Central Legitimization Agency 4. VN list P CLA P CTF S CLA Central Tabulating Facility S CTF VN list

37 Voter V i Central Tabulating Facility 8. M P CTF P i S CTF 9. Check if M is valid and maintain VN list SiSi 10. Publish the result Voting with Two Central Facilities 5. Choose ID r 6. Generate M = (V, ID r, VN r ) 6. Choose S CTF (O i ) 7. Generate M’ = (S CTF (O i ), S CTF (ID r ), S CTF (i)) VN r VN list

38 Unsatisfied Requirements 1.Only authorized voters can vote. 2.No one can vote more than once. 3.No one can duplicate anyone else’s vote. 4.No one can change anyone else’s vote without being discovered. 5.Every voter can make sure that his vote has been taken into account in the final tabulation. 6.No one can determine for whom anyone else voted. (But, the collusion is possible.) 7.Everyone knows who voted and who didn’t.

39 Additional Some Problems 1.CLA can generate a large number of signed, valid votes and cheat by submitting those itself. – It solve that CLA publish a list of certified voters. 2.As stated above, the collusion is possible.

40 Protocols 1. Simplistic voting protocols #1 2. Simplistic voting protocols #2 3. Voting with blind signatures 4. Voting with two central facilities 5. Voting with ANDOS 6. Improved voting with ANDOS 7. Voting without a central facility

41 What is ANDOS (All-Or-Nothing Disclosure of Secrets) Sender Receiver - Sender doesn’t know that receiver has gained the one. - As soon as receiver has gained anyone, he can’t receive other messages.

42 Voting with ANDOS Voter V i Central Tabulating Facility 1. Ask for VN P CLA P i S CLA 2. Maintain VN list for voters SiSi 3. VN r by ANDOS VN list

43 Unsatisfied Requirements 1.Only authorized voters can vote. – we solve it by blinded signagture 2.No one can vote more than once. 3.No one can duplicate anyone else’s vote. 4.No one can change anyone else’s vote without being discovered. 5.Every voter can make sure that his vote has been taken into account in the final tabulation. 6.No one can determine for whom anyone else voted. 7.Everyone knows who voted and who didn’t.

44 Protocols 1. Simplistic voting protocols #1 2. Simplistic voting protocols #2 3. Voting with blind signatures 4. Voting with two central facilities 5. Voting with ANDOS 6. Improved voting with ANDOS 7. Voting without a central facility

45 Idea of Improved Voting with ANDOS Voter is also checker for CTF

46 Voting with Blind Signature Voter V i Central Tabulating Facility 1. Join within T P CTF P i S CTF 2. Publish a list of participants SiSi 3. ID r by using ANDOS

47 Voting with Blind Signature Voter V i Central Tabulating Facility 5. ID r, E i (ID r, V) P CTF P i S CTF 6. Publish E i (ID r, V) SiSi ID r 7. ID r S i 8. Decrypt, publish the result. (For each candidate, the list of all E i (ID r, V) that voted for a candidate)

48 Voting with Blind Signature Voter V i Central Tabulating Facility 9. ID r, E i (ID r, V), S i P CTF P i S CTF SiSi ID r or 9. ID r, E i (ID r, V’), S i Within time T, voter can change the vote.

49 The Reason of the possibility for protest Central Tabulating Facility 6. Publish E i (ID r, V) CTF should be examined for performing his duty by voter V i

50 Unsatisfied Requirements 1.Only authorized voters can vote. – we solve it by blinded signagture 2.No one can vote more than once. 3.No one can duplicate anyone else’s vote. 4.No one can change anyone else’s vote without being discovered. 5.Every voter can make sure that his vote has been taken into account in the final tabulation. 6.No one can determine for whom anyone else voted. 7.Everyone knows who voted and who didn’t.

51 Additional Satisfied Requirements 8.A voter can change his mind within a given period of time. 9.If a voter find out that his vote is miscounted, he can identify and correct the problem without jeopardzing the secrecy of his ballot.

52 Protocols 1. Simplistic voting protocols #1 2. Simplistic voting protocols #2 3. Voting with blind signatures 4. Voting with two central facilities 5. Voting with ANDOS 6. Improved voting with ANDOS 7. Voting without a central facility

53 Idea of Voting without a Central Facility The problem of source is CTF. Central Tabulating Facility

54 Idea of Voting without a Central Facility Everyone is checker.

55 Voting without a Central Facility Voter V 1 Voter V 2 Voter V 3 Voter V n 1. Generate each public/private key pair. 2. Publish order of voters and each public key.

56 Voting without a Central Facility Voter V i 1. Generate ID r 2. Generate E 1 (…E n (V, ID r )…) 3. Generate E n (E 1 (…E n (V, ID r )…), R n ) 4. Generate M = E 1 (…E n (E 1 (…E n (V, ID r )…)…), R 1 ) and record R n … R 1 and the intermediate results. ID r PiPi SiSi

57 Voter V i 5. M P 1 P i SiSi 6. Decrypt, removes all of the random strings at that level. Voting without a Central Facility Voter V 1 S1S1

58 7. M 2 P 1 P 2 S1S1 8. Decrypt, check to see that his vote is among the set of votes, removes all of the random strings at that level. Voting without a Central Facility Voter V 2 S2S2 (M 2 is the decrypted message)

59 Voter V n 9. M’ P n P 1 SnSn 10. Decrypt, check to see that his vote is among the set of votes, removes all of the random strings at that level. Voting without a Central Facility Voter V 1 S1S1 ( M’ = E 1 (…E n (V, ID r )…) ) 11. Sign all the votes.

60 12. Broadcast all signed votes to everyone. Voting without a Central Facility Voter V 1

61 Voting without a Central Facility Voter V n 13. Publish the result.

62 Unsatisfied Requirements 1.Only authorized voters can vote. 2.No one can vote more than once. 3.No one can duplicate anyone else’s vote. 4.No one can change anyone else’s vote without being discovered. 5.Every voter can make sure that his vote has been taken into account in the final tabulation. 6.No one can determine for whom anyone else voted. 7.Everyone knows who voted and who didn’t.

63 Additional Some Problems 1.An enormous amount of computation 2.V n learns the results of the election before anyone else does. 3.Message duplication. (Ex: There are three people.)

64 Contents 1. Secure elections Introduction Protocols 2. Secure multiparty computation Introduction Examples

65 Introduction A protocol in which a group can compute any function securely. f(x 1, x 2, …, X m ) X j,…, X k PiPi

66 Introduction f(x 1, x 2, …, X m ) is public ! But, no one learns anything about the inputs of any other members other than what is obvious from the output of the function.

67 Contents 1. Secure elections Introduction Protocols 2. Secure multiparty computation Introduction Examples

68 Compute Average Value P1P1 1. Generate M = S 1 + r P2P2 2. E 2 (M) 3. Decrypt, M’ = S 2 + M

69 Compute Average Value PnPn 4. Generate M* = S n + M’’ P1P1 5. E 1 (M*) 6. Decrypt. 7. Compute 8. Publish it

70 Problems 1.Participants can lie S i 2.V 1 can misrepresent the result to everyone. – It is solved by bit commit for r, but V 2 knows S 1.

71 Check the equality P1P1 1. Compute h(a) P2P2 2. h(a) 3. Compute h(b) 4. Check if h(a) = h(b) 0, if a = b 1, otherwise a b

72 Problems 1.B has a chosen plaintext attack if size of domain is small.

73 Additional Examples Electronic elections Bidding protocols Lotteries Distributed games over the internet

Download ppt "6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick."

Similar presentations

Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
ETen E-Poll ID – Strasbourg COE meeting 23-24 November, 2006 Slide 1 E-TEN 29332 E-POLL Project Electronic Polling System for Remote Operation Strasbourg.

ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.

Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.

10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Similar presentations

Ads by Google