Double-blind test program for astrometric planet detection with Gaia

We use detailed simulations of the Gaia observations of synthetic planetary systems and develop and utilize independent software codes in double-blind mode to analyze the data, including statistical tools for planet detection and different algorithms for single and multiple Keplerian orbit fitting that use no a priori knowledge of the true orbital parameters of the systems. 1) Planets with astrometric signatures $\alpha\simeq 3$ times the single-measurement error $\sigma_\psi$ and period $P\leq 5$ yr can be detected reliably, with a very small number of false positives. 2) At twice the detection limit, uncertainties in orbital parameters and masses are typically $15$. 3) Over 70% of two-planet systems with well-separated periods in the range $0.2\leq P\leq 9$ yr, $2\leq\alpha/\sigma_\psi\leq 50$, and eccentricity $e\leq 0.6$ are correctly identified. 4) Favorable orbital configurations have orbital elements measured to better than 10% accuracy $> 90$ of the time, and the value of the mutual inclination angle determined with uncertainties \leq 10^{\degr}. 5) Finally, uncertainties obtained from the fitting procedures are a good estimate of the actual errors. Extrapolating from the present-day statistical properties of the exoplanet sample, the results imply that a Gaia with $\sigma_\psi$ = 8 $\mu$as, in its unbiased and complete magnitude-limited census of planetary systems, will measure several thousand giant planets out to 3-4 AUs from stars within 200 pc, and will characterize hundreds of multiple-planet systems, including meaningful coplanarity tests. Finally, we put Gaia into context, identifying several areas of planetary-system science in which Gaia can be expected to have a relevant impact, when combined with data coming from other ongoing and future planet search programs.Comment: 32 pages, 24 figures, 6 tables. Accepted for pubolication in A&

Distributed Protocols at the Rescue for Trustworthy Online Voting

While online services emerge in all areas of life, the voting procedure in many democracies remains paper-based as the security of current online voting technology is highly disputed. We address the issue of trustworthy online voting protocols and recall therefore their security concepts with its trust assumptions. Inspired by the Bitcoin protocol, the prospects of distributed online voting protocols are analysed. No trusted authority is assumed to ensure ballot secrecy. Further, the integrity of the voting is enforced by all voters themselves and without a weakest link, the protocol becomes more robust. We introduce a taxonomy of notions of distribution in online voting protocols that we apply on selected online voting protocols. Accordingly, blockchain-based protocols seem to be promising for online voting due to their similarity with paper-based protocols

A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing

To ensure the privacy of users in transport systems, researchers are working on new protocols providing the best security guarantees while respecting functional requirements of transport operators. In this paper, we design a secure NFC m-ticketing protocol for public transport that preserves users' anonymity and prevents transport operators from tracing their customers' trips. To this end, we introduce a new practical set-membership proof that does not require provers nor verifiers (but in a specific scenario for verifiers) to perform pairing computations. It is therefore particularly suitable for our (ticketing) setting where provers hold SIM/UICC cards that do not support such costly computations. We also propose several optimizations of Boneh-Boyen type signature schemes, which are of independent interest, increasing their performance and efficiency during NFC transactions. Our m-ticketing protocol offers greater flexibility compared to previous solutions as it enables the post-payment and the off-line validation of m-tickets. By implementing a prototype using a standard NFC SIM card, we show that it fulfils the stringent functional requirement imposed by transport operators whilst using strong security parameters. In particular, a validation can be completed in 184.25 ms when the mobile is switched on, and in 266.52 ms when the mobile is switched off or its battery is flat

Security of signed ELGamal encryption

Assuming a cryptographically strong cyclic group G of prime order q and a random hash function H, we show that ElGamal encryption with an added Schnorr signature is secure against the adaptive chosen ciphertext attack, in which an attacker can freely use a decryption oracle except for the target ciphertext. We also prove security against the novel one-more-decyption attack. Our security proofs are in a new model, corresponding to a combination of two previously introduced models, the Random Oracle model and the Generic model. The security extends to the distributed threshold version of the scheme. Moreover, we propose a very practical scheme for private information retrieval that is based on blind decryption of ElGamal ciphertexts

Security of discrete log cryptosystems in the random oracle and the generic model

We introduce novel security proofs that use combinatorial counting arguments rather than reductions to the discrete logarithm or to the Diffie-Hellman problem. Our security results are sharp and clean with no polynomial reduction times involved. We consider a combination of the random oracle model and the generic model. This corresponds to assuming an ideal hash function H given by an oracle and an ideal group of prime order q, where the binary encoding of the group elements is useless for cryptographic attacks In this model, we first show that Schnorr signatures are secure against the one-more signature forgery : A generic adversary performing t generic steps including l sequential interactions with the signer cannot produce l+1 signatures with a better probability than (t 2)/q. We also characterize the different power of sequential and of parallel attacks. Secondly, we prove signed ElGamal encryption is secure against the adaptive chosen ciphertext attack, in which an attacker can arbitrarily use a decryption oracle except for the challenge ciphertext. Moreover, signed ElGamal encryption is secure against the one-more decryption attack: A generic adversary performing t generic steps including l interactions with the decryption oracle cannot distinguish the plaintexts of l + 1 ciphertexts from random strings with a probability exceeding (t 2)/q