Proofs of Knowledge with Several Challenge Values

In this paper we consider the problem of increasing the number of possible challenge values from 2 to $s$ in various zero-knowledge cut and choose protocols. First we discuss doing this for graph isomorphism protocol. Then we show how increasing this number improves efficiency of protocols for double discrete logarithm and $e$-th root of discrete logarithm which are potentially very useful tools for constructing complex cryptographic protocols. The practical improvement given by our paper is 2-4 times in terms of both time complexity and transcript size

Verifiable Encryption from MPC-in-the-Head

Verifiable encryption (VE) is a protocol where one can provide assurance that an encrypted plaintext satisfies certain properties. It is an important buiding block in cryptography with many useful applications, such as key escrow, group signatures, optimistic fair exchange, etc. However, a majority of previous VE schemes are restricted to instantiation with specific public-key encryption schemes or relations. In this work, we propose a novel framework that realizes VE protocols using the MPC-in-the-head zero-knowledge proof systems (Ishai et al. STOC 2007). Our generic compiler can turn a large class of MPC-in-the-head ZK proofs into secure VE protocols for any CPA secure public-key encryption (PKE) schemes with the undeniability property, a notion that essentially guarantees binding of encryption when used as a commitment scheme. Our framework is versatile: because the circuit proven by the MPC-in-the-head prover is decoupled from a complex encryption function, the prover’s work can be focused on proving properties (i.e. relation) about the encrypted data, not the proof of plaintext knowledge. Hence, our approach allows for instantiation with various combinations of properties about encrypted data and encryption functions. As concrete applications we describe new approaches to verifiably encrypting discrete logarithms in any prime order group and AES private keys

Digital Rights Management and the Process of Fair Use

Producers of digital media works increasingly employ technological protection measures, commonly referred to as digital rights management (or DRM ) technologies, that prevent the works from being accessed or used except upon conditions the producers themselves specify. These technologies have come under criticism for interfering with the rights users enjoy under copyright law, including the right to engage in fair uses of the DRM-protected works. Most DRM mechanisms are not engineered to include exceptions for fair use, and user circumvention of the DRM may violate the Digital Millennium Copyright Act even if the use for which the circumvention occurs is itself noninfringing. The academic literature on fair use in digital media has suggested several possible ways to resolve the tension between fair use on the one hand and DRM on the other. Among the more provocative possibilities is that DRM technologies themselves may evolve to incorporate greater built-in protections for end-user rights. This article examines several such proposals and finds that they are not likely to provide users with the same measure of protections for fair use of copyrighted works that exists in the offline world. The failure of these proposals, however, does not suggest that the broader goal of protecting fair use rights in digital media is unattainable. It is possible to advance much more closely towards that goal by altering the design philosophy of DRM technologies to focus more on the processes by which fair uses occur and less on attempting to replicate the substantive law of fair use in machine-administrable form. The article concludes by outlining one possible system engineered to protect the process of fair use

Democracy Enhancing Technologies: Toward deployable and incoercible E2E elections

End-to-end verifiable election systems (E2E systems) provide a provably correct tally while maintaining the secrecy of each voter's ballot, even if the voter is complicit in demonstrating how they voted. Providing voter incoercibility is one of the main challenges of designing E2E systems, particularly in the case of internet voting. A second challenge is building deployable, human-voteable E2E systems that conform to election laws and conventions. This dissertation examines deployability, coercion-resistance, and their intersection in election systems. In the course of this study, we introduce three new election systems, (Scantegrity, Eperio, and Selections), report on two real-world elections using E2E systems (Punchscan and Scantegrity), and study incoercibility issues in one deployed system (Punchscan). In addition, we propose and study new practical primitives for random beacons, secret printing, and panic passwords. These are tools that can be used in an election to, respectively, generate publicly verifiable random numbers, distribute the printing of secrets between non-colluding printers, and to covertly signal duress during authentication. While developed to solve specific problems in deployable and incoercible E2E systems, these techniques may be of independent interest

Escrowed deniable identification schemes

Generally, the goal of identification schemes is to provide security assurance against impersonation attacks. Identification schemes based on zero knowledge protocols have more advantages, for example, deniability, which enables the prover to deny an identification proof so that the verifier couldn’t persuade others that it is indeed the prover who identified itself to him. This kind of identifications is called ‘deniable identification’. However, in some applications we require the existence of a (trusted) party being able to find out an evidence that a party did identify itself to a verifier is required, in order to prevent parties from misbehavior. So in this case ‘undeniability’ is needed. To the best of our knowledge, an identification scheme that provides both deniability and undeniability does not exist in the literature. In this work we propose the notion of escrowed deniable identification schemes, which integrates both ‘escrowed deniability’ (undeniability) and ‘deniability’ properties. Intuitively, in the online communication, a verifier may sometimes need to provide an evidence of a conversation between himself and the prover, for instance, an evidence for the case of misuse of the prover’s privilege. We then provide an escrowed deniable identification scheme, and prove its security, i.e. impersonation, deniability and escrowed deniability, in the standard model based on some standard number theoretic assumptions

Law and Policy for the Quantum Age

Law and Policy for the Quantum Age is for readers interested in the political and business strategies underlying quantum sensing, computing, and communication. This work explains how these quantum technologies work, future national defense and legal landscapes for nations interested in strategic advantage, and paths to profit for companies