Implementation of a Secure Internet Voting Protocol

Voting is one of the most important activities in a democratic society. In a traditional voting environment voting process sometimes becomes quite inconvenient due to the reluctance of certain voters to visit a polling booth to cast votes besides involving huge social and human resources. The development of computer networks and elaboration of cryptographic techniques facilitate the implementation of electronic voting. In this work we propose a secure electronic voting protocol that is suitable for large scale voting over the Internet. The protocol allows a voter to cast his or her ballot anonymously, by exchanging untraceable yet authentic messages. The e-voting protocol is based on blind signatures and has the properties of anonymity, mobility, efficiency, robustness, authentication, uniqueness, and universal verifiability and coercion-resistant. The proposed protocol encompasses three distinct phases - that of registration phase, voting phase and counting phase involving five parties, the voter, certification centre, authentication server, voting server and a tallying server

Function and secret sharing extensions for Blakley and Asmuth-Bloom secret sharing schemes

Ankara : The Department of Computer Engineering and the Institute of Engineering and Science of Bilkent University, 2009.Thesis (Master's) -- Bilkent University, 2009.Includes bibliographical references leaves 65-69.Threshold cryptography deals with situations where the authority to initiate or perform cryptographic operations is distributed amongst a group of individuals. Usually in these situations a secret sharing scheme is used to distribute shares of a highly sensitive secret, such as the private key of a bank, to the involved individuals so that only when a sufficient number of them can reconstruct the secret but smaller coalitions cannot. The secret sharing problem was introduced independently by Blakley and Shamir in 1979. They proposed two different solutions. Both secret sharing schemes (SSS) are examples of linear secret sharing. Many extensions and solutions based on these secret sharing schemes have appeared in the literature, most of them using Shamir SSS. In this thesis, we apply these ideas to Blakley secret sharing scheme. Many of the standard operations of single-user cryptography have counterparts in threshold cryptography. Function sharing deals with the problem of distribution of the computation of a function (such as decryption or signature) among several parties. The necessary values for the computation are distributed to the participants using a secret sharing scheme. Several function sharing schemes have been proposed in the literature with most of them using Shamir secret sharing as the underlying SSS. In this work, we investigate how function sharing can be achieved using linear secret sharing schemes in general and give solutions of threshold RSA signature, threshold Paillier decryption and threshold DSS signature operations. The threshold RSA scheme we propose is a generalization of Shoup’s Shamir-based scheme. It is similarly robust and provably secure under the static adversary model. In threshold cryptography the authorization of groups of people are decided simply according to their size. There are also general access structures in which any group can be designed as authorized. Multipartite access structures constitute an example of general access structures in which members of a subset are equivalent to each other and can be interchanged. Multipartite access structures can be used to represent any access structure since all access structures are multipartite. To investigate secret sharing schemes using these access structures, we used Mignotte and Asmuth-Bloom secret sharing schemes which are based on the Chinese remainder theorem (CRT). The question we tried to asnwer was whether one can find a Mignotte or Asmuth-Bloom sequence for an arbitrary access structure. For this purpose, we adapted an algorithm that appeared in the literature to generate these sequences. We also proposed a new SSS which solves the mentioned problem by generating more than one sequence.Bozkurt, İlker NadiM.S

Secure identity management in structured peer-to-peer (P2P) networks

Structured Peer-to-Peer (P2P) networks were proposed to solve routing problems of big distributed infrastructures. But the research community has been questioning their security for years. Most prior work in security services was focused on secure routing, reputation systems, anonymity, etc. However, the proper management of identities is an important prerequisite to provide most of these security services. The existence of anonymous nodes and the lack of a centralized authority capable of monitoring (and/or punishing) nodes make these systems more vulnerable against selfish or malicious behaviors. Moreover, these improper usages cannot be faced only with data confidentiality, nodes authentication, non-repudiation, etc. In particular, structured P2P networks should follow the following secure routing primitives: (1) secure maintenance of routing tables, (2) secure routing of messages, and (3) secure identity assignment to nodes. But the first two problems depend in some way on the third one. If nodes’ identifiers can be chosen by users without any control, these networks can have security and operational problems. Therefore, like any other network or service, structured P2P networks require a robust access control to prevent potential attackers joining the network and a robust identity assignment system to guarantee their proper operation. In this thesis, firstly, we analyze the operation of the current structured P2P networks when managing identities in order to identify what security problems are related to the nodes’ identifiers within the overlay, and propose a series of requirements to be accomplished by any generated node ID to provide more security to a DHT-based structured P2P network. Secondly, we propose the use of implicit certificates to provide more security and to exploit the improvement in bandwidth, storage and performance that these certificates present compared to explicit certificates, design three protocols to assign nodes’ identifiers avoiding the identified problems, while maintaining user anonymity and allowing users’ traceability. Finally, we analyze the operation of the most used mechanisms to distribute revocation data in the Internet, with special focus on the proposed systems to work in P2P networks, and design a new mechanism to distribute revocation data more efficiently in a structured P2P network.Las redes P2P estructuradas fueron propuestas para solventar problemas de enrutamiento en infraestructuras de grandes dimensiones pero su nivel de seguridad lleva años siendo cuestionado por la comunidad investigadora. La mayor parte de los trabajos que intentan mejorar la seguridad de estas redes se han centrado en proporcionar encaminamiento seguro, sistemas de reputación, anonimato de los usuarios, etc. Sin embargo, la adecuada gestión de las identidades es un requisito sumamente importante para proporcionar los servicios mencionados anteriormente. La existencia de nodos anónimos y la falta de una autoridad centralizada capaz de monitorizar (y/o penalizar) a los nodos hace que estos sistemas sean más vulnerables que otros a comportamientos maliciosos por parte de los usuarios. Además, esos comportamientos inadecuados no pueden ser detectados proporcionando únicamente confidencialidad de los datos, autenticación de los nodos, no repudio, etc. Las redes P2P estructuradas deberían seguir las siguientes primitivas de enrutamiento seguro: (1) mantenimiento seguro de las tablas de enrutamiento, (2) enrutamiento seguro de los mensajes, and (3) asignación segura de las identidades. Pero la primera de los dos primitivas depende de alguna forma de la tercera. Si las identidades de los nodos pueden ser elegidas por sus usuarios sin ningún tipo de control, muy probablemente aparecerán muchos problemas de funcionamiento y seguridad. Por lo tanto, de la misma forma que otras redes y servicios, las redes P2P estructuradas requieren de un control de acceso robusto para prevenir la presencia de atacantes potenciales, y un sistema robusto de asignación de identidades para garantizar su adecuado funcionamiento. En esta tesis, primero de todo analizamos el funcionamiento de las redes P2P estructuradas basadas en el uso de DHTs (Tablas de Hash Distribuidas), cómo gestionan las identidades de sus nodos, identificamos qué problemas de seguridad están relacionados con la identificación de los nodos y proponemos una serie de requisitos para generar identificadores de forma segura. Más adelante proponemos el uso de certificados implícitos para proporcionar más seguridad y explotar las mejoras en consumo de ancho de banda, almacenamiento y rendimiento que proporcionan estos certificados en comparación con los certificados explícitos. También hemos diseñado tres protocolos de asignación segura de identidades, los cuales evitan la mayor parte de los problemas identificados mientras mantienen el anonimato de los usuarios y la trazabilidad. Finalmente hemos analizado el funcionamiento de la mayoría de los mecanismos utilizados para distribuir datos de revocación en Internet, con especial interés en los sistemas propuestos para operar en redes P2P, y hemos diseñado un nuevo mecanismo para distribuir datos de revocación de forma más eficiente en redes P2P estructuradas.Postprint (published version

Efficient threshold cryptosystems

Thesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001.Includes bibliographical references (p. 181-189).A threshold signature or decryption scheme is a distributed implementation of a cryptosystem, in which the secret key is secret-shared among a group of servers. These servers can then sign or decrypt messages by following a distributed protocol. The goal of a threshold scheme is to protect the secret key in a highly fault-tolerant way. Namely, the key remains secret, and correct signatures or decryptions are always computed, even if the adversary corrupts less than a fixed threshold of the participating servers. We show that threshold schemes can be constructed by putting together several simple distributed protocols that implement arithmetic operations, like multiplication or exponentiation, in a threshold setting. We exemplify this approach with two discrete-log based threshold schemes, a threshold DSS signature scheme and a threshold Cramer-Shoup cryptosystem. Our methodology leads to threshold schemes which are more efficient than those implied by general secure multi-party computation protocols. Our schemes take a constant number of communication rounds, and the computation cost per server grows by a factor linear in the number of the participating servers compared to the cost of the underlying secret-key operation. We consider three adversarial models of increasing strength. We first present distributed protocols for constructing threshold cryptosystems secure in the static adversarial model, where the players are corrupted before the protocol starts. Then, under the assumption that the servers can reliably erase their local data, we show how to modify these protocols to extend the security of threshold schemes to an adaptive adversarial model,(cont.) where the adversary is allowed to choose which servers to corrupt during the protocol execution. Finally we show how to remove the reliable erasure assumption. All our schemes withstand optimal thresholds of a minority of malicious faults in a realistic partially-synchronous insecure-channels communication model with broadcast. Our work introduces several techniques that can be of interest to other research on secure multi-party protocols, e.g. the inconsistent player simulation technique which we use to construct efficient schemes secure in the adaptive model, and the novel primitive of a simultaneously secure encryption which provides an efficient implementation of private channels in an adaptive and erasure-free model for a wide class of multi-party protocols. We include extensions of the above results to: (1) RSA-based threshold cryptosystems; and (2) stronger adversarial models than a threshold adversary, namely to proactive and creeping adversaries, who, under certain assumptions regarding the speed and detectability of corruptions, are allowed to compromise all or almost all of the participating servers.by StanisÅaw Jarecki.Ph.D

Non-interactive classical verification of quantum computation

In a recent breakthrough, Mahadev constructed an interactive protocol that enables a purely classical party to delegate any quantum computation to an untrusted quantum prover. In this work, we show that this same task can in fact be performed non-interactively and in zero-knowledge. Our protocols result from a sequence of significant improvements to the original four-message protocol of Mahadev. We begin by making the first message instance-independent and moving it to an offline setup phase. We then establish a parallel repetition theorem for the resulting three-message protocol, with an asymptotically optimal rate. This, in turn, enables an application of the Fiat-Shamir heuristic, eliminating the second message and giving a non-interactive protocol. Finally, we employ classical non-interactive zero-knowledge (NIZK) arguments and classical fully homomorphic encryption (FHE) to give a zero-knowledge variant of this construction. This yields the first purely classical NIZK argument system for QMA, a quantum analogue of NP. We establish the security of our protocols under standard assumptions in quantum-secure cryptography. Specifically, our protocols are secure in the Quantum Random Oracle Model, under the assumption that Learning with Errors is quantumly hard. The NIZK construction also requires circuit-private FHE.Comment: 37 page