An E-voting Protocol Based on Blockchain

Because of the properties such as transparency, decentralization, irreversibility, nonrepudiation, etc., blockchain is not only a fundamental technology of great interest in its own right, but also has large potential when integrated into many other areas. In this paper, based on the blockchain technology, we propose a decentralized e-voting protocol, without the existence of a trusted third party. Furthermore, we provide several possible extensions and improvements that meet the requirements in some specific voting scenarios

Distributed Cryptographic Protocols

[ES] La confianza es la base de las sociedades modernas. Sin embargo, las relaciones basadas en confianza son difíciles de establecer y pueden ser explotadas fácilmente con resultados devastadores. En esta tesis exploramos el uso de protocolos criptográficos distribuidos para construir sistemas confiables donde la confianza se vea reemplazada por garantías matemáticas y criptográficas. En estos nuevos sistemas dinámicos, incluso si una de las partes se comporta de manera deshonesta, la integridad y resiliencia del sistema están garantizadas, ya que existen mecanismos para superar este tipo de situaciones. Por lo tanto, hay una transición de sistemas basados en la confianza, a esquemas donde esta misma confianza es descentralizada entre un conjunto de individuos o entidades. Cada miembro de este conjunto puede ser auditado, y la verificación universal asegura que todos los usuarios puedan calcular el estado final en cada uno de estos métodos, sin comprometer la privacidad individual de los usuarios. La mayoría de los problemas de colaboración a los que nos enfrentamos como sociedad, pueden reducirse a dos grandes dilemas: el votar una propuesta, o un representante político, ó identificarnos a nosotros mismos como miembros de un colectivo con derecho de acceso a un recurso o servicio. Por ello, esta tesis doctoral se centra en los protocolos criptográficos distribuidos aplicados al voto electrónico y la identificación anónima. Hemos desarrollado tres protocolos para el voto electrónico que complementan y mejoran a los métodos más tradicionales, y además protegen la privacidad de los votantes al mismo tiempo que aseguran la integridad del proceso de voto. En estos sistemas, hemos empleado diferentes mecanismos criptográficos que proveen, bajo diferentes asunciones, de las propiedades de seguridad que todo sistema de voto debe tener. Algunos de estos sistemas son seguros incluso en escenarios pos-cuánticos. También hemos calculado minuciosamente la complejidad temporal de los métodos para demostrar que son eficientes y factibles de ser implementados. Además, hemos implementado algunos de estos sistemas, o partes de ellos, y llevado a cabo una detallada experimentación para demostrar el potencial de nuestras contribuciones. Finalmente, estudiamos en detalle el problema de la identificación y proponemos tres métodos no interactivos y distribuidos que permiten el registro y acceso anónimo. Estos protocolos son especialmente ligeros y agnósticos en su implementación, lo que permite que puedan ser integrados con múltiples propósitos. Hemos formalizado y demostrado la seguridad de nuestros protocolos de identificación, y hemos realizado una implementación completa de ellos para, una vez más, demostrar la factibilidad y eficiencia de las soluciones propuestas. Bajo este marco teórico de identificación, somos capaces de asegurar el recurso custodiado, sin que ello suponga una violación para el anonimato de los usuarios.[CA] La confiança és la base de les societats modernes. No obstant això, les relacions basades en confiança són difícils d’establir i poden ser explotades fàcilment amb resultats devastadors. En aquesta tesi explorem l’ús de protocols criptogràfics distribuïts per a construir sistemes de confiança on la confiança es veja reemplaçada per garanties matemàtiques i criptogràfiques. En aquests nous sistemes dinàmics, fins i tot si una de les parts es comporta de manera deshonesta, la integritat i resiliència del sistema estan garantides, ja que existeixen mecanismes per a superar aquest tipus de situacions. Per tant, hi ha una transició de sistemes basats en la confiança, a esquemes on aquesta acarona confiança és descentralitzada entre un conjunt d’individus o entitats. Cada membre d’aquest conjunt pot ser auditat, i la verificació universal assegura que tots els usuaris puguen calcular l’estat final en cadascun d’aquests mètodes, sense comprometre la privacitat individual dels usuaris. La majoria dels problemes de colůlaboració als quals ens enfrontem com a societat, poden reduir-se a dos grans dilemes: el votar una proposta, o un representant polític, o identificar-nos a nosaltres mateixos com a membres d’un colůlectiu amb dret d’accés a un recurs o servei. Per això, aquesta tesi doctoral se centra en els protocols criptogràfics distribuïts aplicats al vot electrònic i la identificació anònima. Hem desenvolupat tres protocols per al vot electrònic que complementen i milloren als mètodes més tradicionals, i a més protegeixen la privacitat dels votants al mateix temps que asseguren la integritat del procés de vot. En aquests sistemes, hem emprat diferents mecanismes criptogràfics que proveeixen, baix diferents assumpcions, de les propietats de seguretat que tot sistema de vot ha de tindre. Alguns d’aquests sistemes són segurs fins i tot en escenaris post-quàntics. També hem calculat minuciosament la complexitat temporal dels mètodes per a demostrar que són eficients i factibles de ser implementats. A més, hem implementats alguns d’aquests sistemes, o parts d’ells, i dut a terme una detallada experimentació per a demostrar la potencial de les nostres contribucions. Finalment, estudiem detalladament el problema de la identificació i proposem tres mètodes no interactius i distribuïts que permeten el registre i accés anònim. Aquests protocols són especialment lleugers i agnòstics en la seua implementació, la qual cosa permet que puguen ser integrats amb múltiples propòsits. Hem formalitzat i demostrat la seguretat dels nostres protocols d’identificació, i hem realitzat una implementació completa d’ells per a, una vegada més, demostrar la factibilitat i eficiència de les solucions proposades. Sota aquest marc teòric d’identificació, som capaces d’assegurar el recurs custodiat, sense que això supose una violació per a l’anonimat dels usuaris.[EN] Trust is the base of modern societies. However, trust is difficult to achieve and can be exploited easily with devastating results. In this thesis, we explore the use of distributed cryptographic protocols to build reliable systems where trust can be replaced by cryptographic and mathematical guarantees. In these adaptive systems, even if one involved party acts dishonestly, the integrity and robustness of the system can be ensured as there exist mechanisms to overcome these scenarios. Therefore, there is a transition from systems based in trust, to schemes where trust is distributed between decentralized parties. Individual parties can be audited, and universal verifiability ensures that any user can compute the final state of these methods, without compromising individual users’ privacy. Most collaboration problems we face as societies can be reduced to two main dilemmas: voting on a proposal or electing political representatives, or identifying ourselves as valid members of a collective to access a service or resource. Hence, this doctoral thesis focuses on distributed cryptographic protocols for electronic voting and anonymous identification. We have developed three electronic voting schemes that enhance traditional methods, and protect the privacy of electors while ensuring the integrity of the whole election. In these systems, we have employed different cryptographic mechanisms, that fulfill all the desired security properties of an electronic voting scheme, under different assumptions. Some of them are secure even in post-quantum scenarios. We have provided a detailed time-complexity analysis to prove that our proposed methods are efficient and feasible to implement. We also implemented some voting protocols, or parts of them, and carried out meticulous experimentation to show the potential of our contributions. Finally, we study in detail the identification problem and propose three distributed and non-interactive methods for anonymous registration and access. These three protocols are especially lightweight and application agnostic, making them feasible to be integrated with many purposes. We formally analyze and demonstrate the security of our identification protocols, and provide a complete implementation of them to once again show the feasibility and effectiveness of the developed solutions. Using this identification framework, we can ensure the security of the guarded resource, while also preserving the anonymity of the users.Larriba Flor, AM. (2023). Distributed Cryptographic Protocols [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/19810

New Conditional Privacy-preserving Encryption Schemes in Communication Network

Nowadays the communication networks have acted as nearly the most important fundamental infrastructure in our human society. The basic service provided by the communication networks are like that provided by the ubiquitous public utilities. For example, the cable television network provides the distribution of information to its subscribers, which is much like the water or gas supply systems which distribute the commodities to citizens. The communication network also facilitates the development of many network-based applications such as industrial pipeline controlling in the industrial network, voice over long-term evolution (VoLTE) in the mobile network and mixture reality (MR) in the computer network, etc. Since the communication network plays such a vital role in almost every aspect of our life, undoubtedly, the information transmitted over it should be guarded properly. Roughly, such information can be categorized into either the communicated message or the sensitive information related to the users. Since we already got cryptographical tools, such as encryption schemes, to ensure the confidentiality of communicated messages, it is the sensitive personal information which should be paid special attentions to. Moreover, for the benefit of reducing the network burden in some instances, it may require that only communication information among legitimated users, such as streaming media service subscribers, can be stored and then relayed in the network. In this case, the network should be empowered with the capability to verify whether the transmitted message is exchanged between legitimated users without leaking the privacy of those users. Meanwhile, the intended receiver of a transmitted message should be able to identify the exact message sender for future communication. In order to cater to those requirements, we re-define a notion named conditional user privacy preservation. In this thesis, we investigate the problem how to preserve user conditional privacy in pubic key encryption schemes, which are used to secure the transmitted information in the communication networks. In fact, even the term conditional privacy preservation has appeared in existing works before, there still have great differences between our conditional privacy preservation definition and the one proposed before. For example, in our definition, we do not need a trusted third party (TTP) to help tracing the sender of a message. Besides, the verification of a given encrypted message can be done without any secret. In this thesis, we also introduce more desirable features to our redefined notion user conditional privacy preservation. In our second work, we consider not only the conditional privacy of the message sender but also that of the intended message receiver. This work presents a new encryption scheme which can be implemented in communication networks where there exists a blacklist containing a list of blocked communication channels, and each of them is established by a pair of sender and receiver. With this encryption scheme, a verifier can confirm whether one ciphertext is belonging to a legitimated communication channel without knowing the exact sender and receiver of that ciphertext. With our two previous works, for a given ciphertext, we ensure that no one except its intended receiver can identify the sender. However, the receiver of one message may behave dishonest when it tries to retrieve the real message sender, which incurs the problem that the receiver of a message might manipulate the origin of the message successfully for its own benefit. To tackle this problem, we present a novel encryption scheme in our third work. Apart from preserving user conditional privacy, this work also enforces the receiver to give a publicly verifiable proof so as to convince others that it is honest during the process of identifying the actual message sender. In our forth work, we show our special interest in the access control encryption, or ACE for short, and find this primitive can inherently achieve user conditional privacy preservation to some extent. we present a newly constructed ACE scheme in this work, and our scheme has advantages over existing ACE schemes in two aspects. Firstly, our ACE scheme is more reliable than existing ones since we utilize a distributed sanitizing algorithm and thus avoid the so called single point failure happened in ACE systems with only one sanitizer. Then, since the ciphertext and key size of our scheme is more compact than that of the existing ACE schemes, our scheme enjoys better scalability

Fair Exchange with Guardian Angels

In this paper we propose a new probabilistic Fair Exchange Protocol which requires no central Trusted Third Party. Instead, it relies on a virtually distributed and decentralized Trusted Third Party which is formalized as a Guardian Angel: a kind of Observer e.g. a tamper proof security device. We thus introduce a network model with Pirates and Guardian Angels which is well suited for Ad Hoc networks. In this setting we reduce the Fair Exchange Problem to a Synchronization Problem in which honest parties need to eventually decide whether or not a protocol succeeded in a synchronous way through a hostile network which does not guaranty that sent messages will be eventually received. This problem can be of independent interest in order to add reliability of protocol termination in secure channels

Statistical cryptanalysis of block ciphers

Since the development of cryptology in the industrial and academic worlds in the seventies, public knowledge and expertise have grown in a tremendous way, notably because of the increasing, nowadays almost ubiquitous, presence of electronic communication means in our lives. Block ciphers are inevitable building blocks of the security of various electronic systems. Recently, many advances have been published in the field of public-key cryptography, being in the understanding of involved security models or in the mathematical security proofs applied to precise cryptosystems. Unfortunately, this is still not the case in the world of symmetric-key cryptography and the current state of knowledge is far from reaching such a goal. However, block and stream ciphers tend to counterbalance this lack of "provable security" by other advantages, like high data throughput and ease of implementation. In the first part of this thesis, we would like to add a (small) stone to the wall of provable security of block ciphers with the (theoretical and experimental) statistical analysis of the mechanisms behind Matsui's linear cryptanalysis as well as more abstract models of attacks. For this purpose, we consider the underlying problem as a statistical hypothesis testing problem and we make a heavy use of the Neyman-Pearson paradigm. Then, we generalize the concept of linear distinguisher and we discuss the power of such a generalization. Furthermore, we introduce the concept of sequential distinguisher, based on sequential sampling, and of aggregate distinguishers, which allows to build sub-optimal but efficient distinguishers. Finally, we propose new attacks against reduced-round version of the block cipher IDEA. In the second part, we propose the design of a new family of block ciphers named FOX. First, we study the efficiency of optimal diffusive components when implemented on low-cost architectures, and we present several new constructions of MDS matrices; then, we precisely describe FOX and we discuss its security regarding linear and differential cryptanalysis, integral attacks, and algebraic attacks. Finally, various implementation issues are considered

Improved Classical and Quantum Algorithms for the Shortest Vector Problem via Bounded Distance Decoding

The most important computational problem on lattices is the Shortest Vector Problem (SVP). In this paper, we present new algorithms that improve the state-of-the-art for provable classical/quantum algorithms for SVP. We present the following results. $\bullet$ A new algorithm for SVP that provides a smooth tradeoff between time complexity and memory requirement. For any positive integer $4\leq q\leq \sqrt{n}$, our algorithm takes $q^{13n+o(n)}$ time and requires $poly(n)\cdot q^{16n/q^2}$ memory. This tradeoff which ranges from enumeration ($q=\sqrt{n}$) to sieving ($q$ constant), is a consequence of a new time-memory tradeoff for Discrete Gaussian sampling above the smoothing parameter. $\bullet$ A quantum algorithm for SVP that runs in time $2^{0.953n+o(n)}$ and requires $2^{0.5n+o(n)}$ classical memory and poly(n) qubits. In Quantum Random Access Memory (QRAM) model this algorithm takes only $2^{0.873n+o(n)}$ time and requires a QRAM of size $2^{0.1604n+o(n)}$, poly(n) qubits and $2^{0.5n}$ classical space. This improves over the previously fastest classical (which is also the fastest quantum) algorithm due to [ADRS15] that has a time and space complexity $2^{n+o(n)}$. $\bullet$ A classical algorithm for SVP that runs in time $2^{1.741n+o(n)}$ time and $2^{0.5n+o(n)}$ space. This improves over an algorithm of [CCL18] that has the same space complexity. The time complexity of our classical and quantum algorithms are obtained using a known upper bound on a quantity related to the lattice kissing number which is $2^{0.402n}$. We conjecture that for most lattices this quantity is a $2^{o(n)}$. Assuming that this is the case, our classical algorithm runs in time $2^{1.292n+o(n)}$, our quantum algorithm runs in time $2^{0.750n+o(n)}$ and our quantum algorithm in QRAM model runs in time $2^{0.667n+o(n)}$.Comment: Faster Quantum Algorithm for SVP in QRAM, 43 pages, 4 figure

How to Subvert Backdoored Encryption: Security Against Adversaries that Decrypt All Ciphertexts

We study secure and undetectable communication in a world where governments can read all encrypted communications of citizens. We consider a world where the only permitted communication method is via a government-mandated encryption scheme, using government-mandated keys. Citizens caught trying to communicate otherwise (e.g., by encrypting strings which do not appear to be natural language plaintexts) will be arrested. The one guarantee we suppose is that the government-mandated encryption scheme is semantically secure against outsiders: a perhaps advantageous feature to secure communication against foreign entities. But what good is semantic security against an adversary that has the power to decrypt? Even in this pessimistic scenario, we show citizens can communicate securely and undetectably. Informally, there is a protocol between Alice and Bob where they exchange ciphertexts that look innocuous even to someone who knows the secret keys and thus sees the corresponding plaintexts. And yet, in the end, Alice will have transmitted her secret message to Bob. Our security definition requires indistinguishability between unmodified use of the mandated encryption scheme, and conversations using the mandated encryption scheme in a modified way for subliminal communication. Our topics may be thought to fall broadly within the realm of steganography: the science of hiding secret communication in innocent-looking messages, or cover objects. However, we deal with the non-standard setting of adversarial cover object distributions (i.e., a stronger-than-usual adversary). We leverage that our cover objects are ciphertexts of a secure encryption scheme to bypass impossibility results which we show for broader classes of steganographic schemes. We give several constructions of subliminal communication schemes based on any key exchange protocol with random messages (e.g., Diffie-Hellman)

A two authorities electronic vote scheme

[EN] In this paper we propose a new electronic multi-authority voting system based on blind signatures. We focus on the open problem of the efficiency of electronic voting systems. Most of the proposed systems rely on complex architectures or expensive proofs, in this work we aim to reduce the time-complexity of the voting process, both for the voter and the authorities involved. Our system is focused on simplicity and it is based on the assumption of two unrelated entities. This simplicity makes our approach scalable and flexible to multiple kinds of elections. We propose a method that limits the number of authorities to only 2 of them; we reduce the overall number of modular operations; and, propose a method which cut downs the interactions needed to cast a vote. The result is a voting protocol whose complexity scales linearly with the number of votes.Larriba-Flor, AM.; Sempere Luna, JM.; López Rodríguez, D. (2020). A two authorities electronic vote scheme. Computers & Security. 97:1-12. https://doi.org/10.1016/j.cose.2020.101940S11297Bloom, B. H. (1970). Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7), 422-426. doi:10.1145/362686.362692Brams S., Fishburn P.C.. 2007. Approval voting Springer ScienceCarroll, T. E., & Grosu, D. (2009). A secure and anonymous voter-controlled election scheme. Journal of Network and Computer Applications, 32(3), 599-606. doi:10.1016/j.jnca.2008.07.010Chaum, D. L. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2), 84-90. doi:10.1145/358549.358563Cramer, R., Gennaro, R., & Schoenmakers, B. (1997). A secure and optimally efficient multi-authority election scheme. European Transactions on Telecommunications, 8(5), 481-490. doi:10.1002/ett.4460080506Desmedt, Y. G. (2010). Threshold cryptography. European Transactions on Telecommunications, 5(4), 449-458. doi:10.1002/ett.4460050407Elgamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4), 469-472. doi:10.1109/tit.1985.1057074Juang, W.-S. (2002). A Verifiable Multi-Authority Secret Election Allowing Abstention from Voting. The Computer Journal, 45(6), 672-682. doi:10.1093/comjnl/45.6.672Menezes A., van Oorschot P.C., Vanstone S.A.. 1996. Handbook of Applied Cryptography.Parhami, B. (1994). Voting algorithms. IEEE Transactions on Reliability, 43(4), 617-629. doi:10.1109/24.370218Rabin, M. O. (1980). Probabilistic Algorithms in Finite Fields. SIAM Journal on Computing, 9(2), 273-280. doi:10.1137/0209024Rabin, M. O. (1983). Transaction protection by beacons. Journal of Computer and System Sciences, 27(2), 256-267. doi:10.1016/0022-0000(83)90042-9Salazar, J. L., Piles, J. J., Ruiz-Mas, J., & Moreno-Jiménez, J. M. (2010). Security approaches in e-cognocracy. Computer Standards & Interfaces, 32(5-6), 256-265. doi:10.1016/j.csi.2010.01.004Nguyen, T. A. T., & Dang, T. K. (2013). Enhanced security in internet voting protocol using blind signature and dynamic ballots. Electronic Commerce Research, 13(3), 257-272. doi:10.1007/s10660-013-9120-5Wu, Z.-Y., Wu, J.-C., Lin, S.-C., & Wang, C. (2014). An electronic voting mechanism for fighting bribery and coercion. Journal of Network and Computer Applications, 40, 139-150. doi:10.1016/j.jnca.2013.09.011Yang, X., Yi, X., Nepal, S., Kelarev, A., & Han, F. (2018). A Secure Verifiable Ranked Choice Online Voting System Based on Homomorphic Encryption. IEEE Access, 6, 20506-20519. doi:10.1109/access.2018.2817518Yi, X., & Okamoto, E. (2013). Practical Internet voting system. Journal of Network and Computer Applications, 36(1), 378-387. doi:10.1016/j.jnca.2012.05.00

Legally Fair Contract Signing Without Keystones

International audienceIn two-party computation, achieving both fairness and guaranteed output delivery is well known to be impossible. Despite this limitation , many approaches provide solutions of practical interest by weakening somewhat the fairness requirement. Such approaches fall roughly in three categories: " gradual release " schemes assume that the aggrieved party can eventually reconstruct the missing information; " optimistic schemes " assume a trusted third party arbitrator that can restore fairness in case of litigation; and " concurrent " or " legally fair " schemes in which a breach of fairness is compensated by the aggrieved party having a digitally signed cheque from the other party (called the keystone). In this paper we describe and analyse a new contract signing paradigm that doesn't require keystones to achieve legal fairness, and give a concrete construction based on Schnorr signatures which is compatible with standard Schnorr signatures and provably secure