959 research outputs found
Conditionally Verifiable Signatures
We introduce a new digital signature model, called conditionally
verifiable signature (CVS), which allows a signer to specify and
convince a recipient under what conditions his signature would
become valid and verifiable; the resulting signature is not publicly
verifiable immediately but can be converted back into an ordinary
one (verifiable by anyone) after the recipient has obtained proofs,
in the form of signatures/endorsements from a number of third party
witnesses, that all the specified conditions have been fulfilled. A
fairly wide set of conditions could be specified in CVS. The only
job of the witnesses is to certify the fulfillment of a condition
and none of them need to be actively involved in the actual
signature conversion, thus protecting user privacy. It is
guaranteed that the recipient cannot cheat as long as at least one
of the specified witnesses does not collude. We formalize the
concept of CVS and give a generic CVS construction based on any
CPA-secure identity based encryption (IBE) scheme. Theoretically, we
show that the existence of IBE with indistinguishability under a
chosen plaintext attack (a weaker notion than the standard one) is
necessary and sufficient for the construction of a secure
CVS.\footnote{Due to page limit, some proofs are omitted here but
could be found in the full version \cite{CB05ibecvs}.
Back to Paper: A Case Study
Documents the developments in California, Colorado, Florida, New Mexico, and Ohio, where electronic voting machines were introduced after the 2000 election but are now being replaced by paper ballots. Also discusses trends among other states
Recommended from our members
Key management for beyond 5G mobile small cells: a survey
The highly anticipated 5G network is projected to be introduced in 2020. 5G stakeholders are unanimous that densification of mobile networks is the way forward. The densification will be realized by means of small cell technology, and it is capable of providing coverage with a high data capacity. The EU-funded H2020-MSCA project “SECRET” introduced covering the urban landscape with mobile small cells, since these take advantages of the dynamic network topology and optimizes network services in a cost-effective fashion. By taking advantage of the device-to-device communications technology, large amounts of data can be transmitted over multiple hops and, therefore, offload the general network. However, this introduction of mobile small cells presents various security and privacy challenges. Cryptographic security solutions are capable of solving these as long as they are supported by a key management scheme. It is assumed that the network infrastructure and mobile devices from network users are unable to act as a centralized trust anchor since these are vulnerable targets to malicious attacks. Security must, therefore, be guaranteed by means of a key management scheme that decentralizes trust. Therefore, this paper surveys the state-of-the-art key management schemes proposed for similar network architectures (e.g., mobile ad hoc networks and ad hoc device-to-device networks) that decentralize trust. Furthermore, these key management schemes are evaluated for adaptability in a network of mobile small cells
Chainspace: A Sharded Smart Contracts Platform
Chainspace is a decentralized infrastructure, known as a distributed ledger,
that supports user defined smart contracts and executes user-supplied
transactions on their objects. The correct execution of smart contract
transactions is verifiable by all. The system is scalable, by sharding state
and the execution of transactions, and using S-BAC, a distributed commit
protocol, to guarantee consistency. Chainspace is secure against subsets of
nodes trying to compromise its integrity or availability properties through
Byzantine Fault Tolerance (BFT), and extremely high-auditability,
non-repudiation and `blockchain' techniques. Even when BFT fails, auditing
mechanisms are in place to trace malicious participants. We present the design,
rationale, and details of Chainspace; we argue through evaluating an
implementation of the system about its scaling and other features; we
illustrate a number of privacy-friendly smart contracts for smart metering,
polling and banking and measure their performance
Practical View-Change-Less Protocol through Rapid View Synchronization
The emergence of blockchain technology has renewed the interest in
consensus-based data management systems that are resilient to failures. To
maximize throughput of these systems, we have recently seen several prototype
consensus solutions that optimize for throughput at the expense of overall
implementation complexity, high costs, and reliability. Due to this, it remains
unclear how these prototypes will perform in real-world environments. In this
paper, we present the Practical View-Change-Less Protocol PVP, a
high-throughput, simple, and reliable consensus protocol. Central to PVP is the
combination of (1) a chained consensus design for replicating requests with a
reduced message cost; (2) the novel Rapid View Synchronization protocol that
enables robust and low-cost failure recovery; and (3) a high-performance
concurrent consensus architecture in which independent instances of the chained
consensus operate concurrently to process requests with high throughput and
without single-replica bottlenecks. Due to the concurrent consensus
architecture, PVP greatly outperforms traditional primary-backup consensus
protocols such as PBFT (by up to 430%), Narwhal (by up to 296%), and HotStuff
(by up to 3803%). Due to its reduced message cost, PVP is even able to
outperform RCC, a state-of-the-art high-throughput concurrent consensus
protocol, by up to 23%. Furthermore, PVP is able to maintain a stable and low
latency and consistently high throughput even during failures.Comment: 16 pages, 14 figure
Born and Raised Distributively: Fully Distributed Non-Interactive Adaptively-Secure Threshold Signatures with Short Shares
International audienceThreshold cryptography is a fundamental distributed computational paradigm for enhancing the availability and the security of cryptographic public-key schemes. It does it by dividing private keys into shares handed out to distinct servers. In threshold signature schemes, a set of at least servers is needed to produce a valid digital signature. Availability is assured by the fact that any subset of servers can produce a signature when authorized. At the same time, the scheme should remain robust (in the fault tolerance sense) and unforgeable (cryptographically) against up to corrupted servers; {\it i.e.}, it adds quorum control to traditional cryptographic services and introduces redundancy. Originally, most practical threshold signatures have a number of demerits: They have been analyzed in a static corruption model (where the set of corrupted servers is fixed at the very beginning of the attack), they require interaction, they assume a trusted dealer in the key generation phase (so that the system is not fully distributed), or they suffer from certain overheads in terms of storage (large share sizes). In this paper, we construct practical {\it fully distributed} (the private key is born distributed), non-interactive schemes -- where the servers can compute their partial signatures without communication with other servers -- with adaptive security ({\it i.e.}, the adversary corrupts servers dynamically based on its full view of the history of the system). Our schemes are very efficient in terms of computation, communication, and scalable storage (with private key shares of size , where certain solutions incur storage costs at each server). Unlike other adaptively secure schemes, our schemes are erasure-free (reliable erasure is a hard to assure and hard to administer property in actual systems). To the best of our knowledge, such a fully distributed highly constrained scheme has been an open problem in the area. In particular, and of special interest, is the fact that Pedersen's traditional distributed key generation (DKG) protocol can be safely employed in the initial key generation phase when the system is born -- although it is well-known not to ensure uniformly distributed public keys. An advantage of this is that this protocol only takes one round optimistically (in the absence of faulty player)
- …