1,352 research outputs found
Shorter lattice-based zero-knowledge proofs for the correctness of a shuffle
In an electronic voting procedure, mixing networks are used to ensure anonymity of the casted votes. Each node of the network re-encrypts the input list of ciphertexts and randomly permutes it in a process named shuffle, and must prove (in zero-knowledge) that the process was applied honestly. To maintain security of such a process in a post-quantum scenario, new proofs are based on different mathematical assumptions, such as lattice-based problems. Nonetheless, the best lattice-based protocols to ensure verifiable shuffling have linear communication complexity on N, the number of shuffled ciphertexts.
In this paper we propose the first sub-linear (on N) post-quantum zero-knowledge argument for the correctness of a shuffle, for which we have mainly used two ideas: arithmetic circuit satisfiability results from Baum et al. (CRYPTO'2018) and BeneĆĄ networks to model a permutation of N elements. The achieved communication complexity of our protocol with respect to N is O(v(N)log^2(N)), but we will also highlight its dependency on other important parameters of the underlying lattice ingredients.The work is partially supported by the Spanish Ministerio de Ciencia e InnovaciÂŽon (MICINN), under Project PID2019-109379RB-I00 and by the European
Union PROMETHEUS project (Horizon 2020 Research and Innovation Program, grant 780701). Authors thank Tjerand Silde for pointing out an incorrect
set of parameters (Section 4.1) that we had proposed in a previous version of
the manuscript.Postprint (author's final draft
Shorter Lattice-based Zero-Knowledge Proofs for the Correctness of a Shuffle
In an electronic voting procedure, mixing networks are used to ensure anonymity of the casted votes. Each node of the network re-encrypts the input list of ciphertexts and randomly permutes it in a process named shuffle, and must prove (in zero-knowledge) that the process was applied honestly. To maintain security of such a process in a post-quantum scenario, new proofs are based on different mathematical assumptions, such as lattice-based problems. Nonetheless, the best lattice-based protocols to ensure verifiable shuffling have linear communication complexity on , the number of shuffled ciphertexts.
In this paper we propose the first sub-linear (on ) post-quantum zero-knowledge argument for the correctness of a shuffle, for which we have mainly used two ideas: arithmetic circuit satisfiability results from Baum \textit{et al.} (CRYPTO\u272018) and Bene networks to model a permutation of elements. The achieved communication complexity of our protocol with respect to is , but we will also highlight its dependency on other important parameters of the underlying lattice ingredients
Lattice-Based proof of a shuffle
In this paper we present the first fully post-quantum proof of a shuffle for RLWE encryption schemes. Shuffles are commonly used to construct mixing networks (mix-nets), a key element to ensure anonymity in many applications such as electronic voting systems. They should preserve anonymity even against an attack using quantum computers in order to guarantee long-term privacy. The proof presented in this paper is built over RLWE commitments which are perfectly binding and computationally hiding under the RLWE assumption, thus achieving security in a post-quantum scenario. Furthermore we provide a new definition for a secure mixing node (mix-node) and prove that our construction satisfies this definition.Peer ReviewedPostprint (author's final draft
New lattice-based protocols for proving correctness of a shuffle
In an electronic voting procedure, mixing networks are used to ensure anonymity of the casted votes. Each node of the network re-encrypts the input and randomly permutes it in a process named shuffle, and must prove that the process was applied honestly. State-of-the-art classical proofs achieve logarithmic communication complexity on N (the number of votes to be shuffled) but they are based on assumptions which are weak against quantum computers. To maintain security in a post-quantum scenario, new proofs are based on different mathematical assumptions, such as lattice-based problems. Nonetheless, the best lattice-based protocols to ensure verifiable shuffling have linear communication complexity on N. In this thesis we propose the first sub-linear post-quantum proof for the correctness of a shuffe, for which we have mainly used two ideas: arithmetic circuit satisfiability and Benes networks to model a permutation of N elements
Conclave: secure multi-party computation on big data (extended TR)
Secure Multi-Party Computation (MPC) allows mutually distrusting parties to
run joint computations without revealing private data. Current MPC algorithms
scale poorly with data size, which makes MPC on "big data" prohibitively slow
and inhibits its practical use.
Many relational analytics queries can maintain MPC's end-to-end security
guarantee without using cryptographic MPC techniques for all operations.
Conclave is a query compiler that accelerates such queries by transforming them
into a combination of data-parallel, local cleartext processing and small MPC
steps. When parties trust others with specific subsets of the data, Conclave
applies new hybrid MPC-cleartext protocols to run additional steps outside of
MPC and improve scalability further.
Our Conclave prototype generates code for cleartext processing in Python and
Spark, and for secure MPC using the Sharemind and Obliv-C frameworks. Conclave
scales to data sets between three and six orders of magnitude larger than
state-of-the-art MPC frameworks support on their own. Thanks to its hybrid
protocols, Conclave also substantially outperforms SMCQL, the most similar
existing system.Comment: Extended technical report for EuroSys 2019 pape
Efektiivsed mitteinteraktiivsed nullteadmusprotokollid referentssÔne mudelis
VĂ€itekirja elektrooniline versioon ei sisalda publikatsioone.Koos digitaalse ajastu vĂ”idukĂ€iguga on interneti vahendusel vĂ”imalik sooritada ĂŒha ulmelisemana nĂ€ivaid tegevusi.
TĂ€ielikule krĂŒpteeringule ehitatud mobiilsed rakendused, nagu nĂ€iteks WhatsApp, suudavad tagada, et kĂ”ne vĂ”i sĂ”num jĂ”uaksid ĂŒksnes Ă”ige adressaadini.
Enamik pangasĂŒsteeme garanteerivad TLS protokolli kasutades, et arvete maksmisel ja ĂŒlekannete tegemisel poleks nende andmeid kellelgi vĂ”imalik lugeda ega muuta.
MĂ”ned riigid pakuvad vĂ”imalust elektroonilisel teel hÀÀletada (nĂ€iteks Eesti) vĂ”i referendumeid lĂ€bi viia (nĂ€iteks Ć veits), tagades sealjuures traditsioonilise paberhÀÀletuse tasemel turvalisuse kriteeriumid.
KĂ”ik eelnevalt kirjeldatud tegevused vajavad kasutajate turvalisuse tagamiseks krĂŒptograafilist protokolli.
Tegelikkuses ei saa me kunagi eeldada, et kÔik protokolli osapooled jÀrgivad protokolli spetsifikatsiooni.
Reaalses elus peab protokolli turvalisuseks iga osapool tÔestama, et ta seda jÀrgis ilma privaatsuse ohverdamiseta.
Ăks viis seda teha on nullteadmusprotokolli abil. Nullteadmusprotokoll on tĂ”estus, mis ei lekita mingit informatsiooni peale selle, et vĂ€ide on tĂ”ene.
Tihti tahame, et nullteadmusprotokoll oleks mitteinteraktiivne. Sellisel juhul piisab, kui tĂ”estus on arvutatud ainult ĂŒhe korra ning verifitseerijatel on igal ajal vĂ”imalik seda kontrollida.
On kaks peamist mudelit, mis vÔimaldavad mitteinteraktiivsete nullteadmusprotokollide loomist: juhusliku oraakli (JO) mudel ja referentssÔne mudel.
JO mudeli protokollid on vÀga efektiivsed, kuid mÔningate piirangute tÔttu eelistame referentssÔne mudelit.
Selles töös esitleme kolme stsenaariumit, milles mitteinteraktiivne nullteadmus on asjakohane: verifitseeritav arvutamine, autoriseerimine ja elektrooniline hÀÀletamine.
Igas stsenaariumis pakume vÀlja nullteadmusprotokolli referentssÔne mudelis, mis on seni efektiivseim ning vÔrreldava efektiivsusega protokollidega JO mudelis.In the current digital era, we can do increasingly astonishing activities remotely using only our electronic devices.
Using mobile applications such as WhatsApp, we can contact someone with the guarantee, using an end-to-end encryption protocol, that only the recipient can know the conversation's contents.
Most banking systems enable us to pay our bills and perform other financial transactions, and use the TLS protocol to guarantee that no one can read or modify the transaction data.
Some countries provide an option to vote electronically in an election (e.g. Estonia) or referendum (e.g. Switzerland) with similar privacy guarantees to traditional paper voting.
In all these activities, a cryptographic protocol is required to ensure users' privacy.
In reality, some parties participating in a protocol might not act according to what was agreed in the protocol specification.
Hence, for a real world protocol to be secure, we also need each party to prove that it behaves honestly, but without sacrificing privacy of its inputs.
This can be done using a zero-knowledge argument: a proof by a polynomial-time prover that gives nothing else away besides its correctness.
In many cases, we want a zero-knowledge argument to be non-interactive and transferable, so that it is computed only once, but can be verified by many verifiers at any future time.
There are two main models that enable transferable non-interactive zero-knowledge (NIZK) arguments: the random oracle (RO) model and the common reference string (CRS) model.
Protocols in the RO model are very efficient, but due to some of its limitations, we prefer working in the CRS model.
In this work we provide three scenarios where NIZK arguments are relevant: verifiable computation, authorization, and electronic voting.
In each scenario, we propose NIZK arguments in the CRS model that are more efficient than existing ones, and are comparable in efficiency to the best known NIZK arguments in the RO model
Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols
Code voting was introduced by Chaum as a solution for using a possibly
infected-by-malware device to cast a vote in an electronic voting application.
Chaum's work on code voting assumed voting codes are physically delivered to
voters using the mail system, implicitly requiring to trust the mail system.
This is not necessarily a valid assumption to make - especially if the mail
system cannot be trusted. When conspiring with the recipient of the cast
ballots, privacy is broken.
It is clear to the public that when it comes to privacy, computers and
"secure" communication over the Internet cannot fully be trusted. This
emphasizes the importance of using: (1) Unconditional security for secure
network communication. (2) Reduce reliance on untrusted computers.
In this paper we explore how to remove the mail system trust assumption in
code voting. We use PSMT protocols (SCN 2012) where with the help of visual
aids, humans can carry out addition correctly with a 99\% degree of
accuracy. We introduce an unconditionally secure MIX based on the combinatorics
of set systems.
Given that end users of our proposed voting scheme construction are humans we
\emph{cannot use} classical Secure Multi Party Computation protocols.
Our solutions are for both single and multi-seat elections achieving:
\begin{enumerate}[i)]
\item An anonymous and perfectly secure communication network secure against
a -bounded passive adversary used to deliver voting,
\item The end step of the protocol can be handled by a human to evade the
threat of malware. \end{enumerate} We do not focus on active adversaries
- âŠ