Dispute Resolution in Voting

In voting, disputes arise when a voter claims that the voting authority is dishonest and did not correctly process his ballot while the authority claims to have followed the protocol. A dispute can be resolved if any third party can unambiguously determine who is right. We systematically characterize all relevant disputes for a generic, practically relevant, class of voting protocols. Based on our characterization, we propose a new definition of dispute resolution for voting that accounts for the possibility that both voters and the voting authority can make false claims and that voters may abstain from voting. A central aspect of our work is timeliness: a voter should possess the evidence required to resolve disputes no later than the election's end. We characterize what assumptions are necessary and sufficient for timeliness in terms of a communication topology for our voting protocol class. We formalize the dispute resolution properties and communication topologies symbolically. This provides the basis for verification of dispute resolution for a broad class of protocols. To demonstrate the utility of our model, we analyze a mixnet-based voting protocol and prove that it satisfies dispute resolution as well as verifiability and receipt-freeness. To prove our claims, we combine machine-checked proofs with traditional pen-and-paper proofs

Enhancing the Privacy of Decentralized Identifiers with Ring Signatures

Most identifiers used today, such as OpenID Connect, are controlled by third parties, which can track how the identifier is used. To overcome this, self-sovereign identifiers, such as Decentralized Identifiers (DIDs), which are entirely owned and managed by the user, have been developed. However, in some cases even DIDs alone do not sufficiently protect the user's privacy. For example, if a service can be accessed at multiple fixed locations, using the same identifier repeatedly for each location may over time also reveal the user's location. One of the techniques to hide the exact service identifiers are ring signatures, which enable the generation of anonymous signatures where the real signer's identity is hidden in a set of possible signers. This thesis takes the use case of electric vehicle charging, where the electric vehicle location may be revealed if static identifiers are used by the electric vehicles and charging stations. A previous solution uses a new ephemeral DID for every interaction, but this requires the creation of a large number of DIDs. This thesis examines an alternative approach of using ring signatures to achieve better privacy with a lower number of DIDs. The major outcomes of this thesis include how to implement ring signatures for anonymous authentication, comparison of resource consumption with respect to the previous solution, and the applicability of ring signature technology on a broader scale such as in constrained devices. The performance of the new solution was compared with the existing solution by implementing prototypes on Android phones, which communicate over Bluetooth. An assumption on the number of charging events was made based on real data for the country of Norway. The results show that ring signatures are easy to implement and provide slightly better privacy but they are significantly more resource-intensive in terms of storage (about 2 times more) and processing (about 9 times slower). Therefore, large scale implementation of ring signatures on the constrained devices is challenging

CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows: 1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder. 2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agent’s capabilities. 3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information. 4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures. Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption