Nou esquema segur de firma basat en atributs

En aquest treball proposem un nou esquema de firma basat en atributs. La idea bàsica d’un esquema de firma basat en atributs és que, enlloc de firmar com a una identitat es firma com a algú que conté una sèrie d’atributs. Un firmant demanarà claus secretes pel conjunt d’atributs que té i firmarà el missatge usant aquestes claus. Per exemple, jo podria firmar aquest treball com a una persona que ´es (1) estudiant i (2) menor de 25 anys. Quan algé volgués comprovar la firma, no podria deduir que sóc jo qui ha realitzat la firma sinó una persona amb aquestes dues propietats. De fet, una firma basada en atributs permet definir conjunts d’atributs que es poden usar per firmar. Dit d’una altra manera, una firma pot estar realitzada per algú que contingui un subconjunt d’atributs d’un conjunt donat. Seguint l’exemple d’abans, jo podria firmar un missatge com a algú que té tres dels quatre atributs següents:(1) ser un estudiant, (2) ser menor de 25 anys, (3) estar empadronat a les Illes Balears i (4) tenir llic`encia per conduir. Donada la firma, ning´u podria saber quins tres atributs posseeixo. Això podria ser útil en el cas que volgués optar a una beca que demanessin tenir tres d’aquestes característiques i no interessés saber exactament les característiques de cada persona per evitar discriminacions

Advanced cryptographic techniques for building verifiable and transparent electronic voting protocols

Electronic voting presents many challenges due to its multiple security requirements. Some of the challenges are related to guaranteeing voters' privacy and system's transparency, which are hard to satisfy simultaneously. Electronic voting also presents other challenges such as usability, particularly from the voter's side. We study two particular problems of electronic voting. Cast-as-intended verifiability comprises those mechanisms which assure the voter that her cast ballot corresponds to her chosen voting options. Current proposals put the verification burden on the voter, something which is undesirable in real-world elections, where both technically skilled and non-skilled voters participate. In this thesis, we introduce the concept of universal cast-as-intended verifiability, which provides mechanisms which allow any entity to check that any ballot corresponds to the voter's selections - without revealing them. We formally define what universal cast-as-intended verifiability is and we give an electronic voting protocol satisfying this property. The other problem we have studied is the problem of invalid votes in electronic elections. Since a common selling point of electronic voting is that it avoids voters inadvertently spoiling their votes, deliberately spoiled ballots appearing in the tallying phase of an electronic election can cause mistrust on the system. Indeed, election stakeholders might think that the system is flawed or that it was exploited somehow. To avoid this situation, we define the concept of vote validatability, which states the electronic voting system should be able to detect spoiled ballots before they are successfully cast. In addition to formally defining this notion, we design an electronic voting protocol satisfying this property. All these security requirements of electronic voting systems are implemented with cryptographic tools. In addition to encryption and signature schemes, another essential primitive for building electronic voting protocols is zero-knowledge proofs. Zero-knowledge proofs allow a prover to convince a verifier that a statement is true without leaking any other information. These zero-knowledge proofs can be used to, for example, prove that the tally of the election was done properly. Recently, Groth and Sahai constructed efficient non-interactive zero-knowledge proofs for a wide range of statements including, among others, statements appearing in electronic voting. In this thesis we give two contributions on Groth-Sahai proofs. On the one hand, we give a framework for deriving cryptographic assumptions from which to build secure cryptographic protocols. In particular, we build new Groth-Sahai proofs improving the efficiency of currently known constructions. Independently, we show how the original Groth-Sahai proofs can be extended to be compatible with even more statements, how to improve their out-of-the-box efficiency for many of these statements and how to improve their re-usability efficiency among multiple statements.Els sistemes de vot electrònic presenten molts reptes a causa dels seus múltiples requeriments. Alguns d'aquests reptes estan relacionats amb garantir la privacitat del votant i la transparència del sistema, requisits que són difícils de satisfer al mateix temps. D'altra banda, els sistemes de vot electrònic presenten altres reptes com la usabilitat, sobretot de cara als votants. En aquesta tesi estudiem dos problemes del vot electrònic. La verificabilitat "cast-as-intended" tracta d'obtenir mecanismes que garanteixin al votant que el seu vot correspon a les seves preferències. Les propostes actuals posen la càrrega de la verificació en el votant, cosa que no és desitjable en eleccions del món real, on participen votants amb diferents graus de coneixements tècnics. Nosaltres introduïm el concepte de "universal cast-as-intended verifiability", que proporciona mecanismes per a que qualsevol entitat de l'elecció pugui comprovar que qualsevol vot conté les preferències del votant que l'ha emès - sense revelar el contingut del vot. A banda de definir formalment el concepte de "universal cast-as-intended verifiability" també proposem un protocol de vot electrònic que satisfà aquesta propietat. L'altre problema que hem estudiat és el problema dels vots invàlids en eleccions electròniques. Un dels avantatges del vot electrònic és que permet evitar que els votants emetin vots nuls sense voler. Per això, si durant el recompte de l'elecció apareixen vots nuls construïts intencionadament es pot crear desconfiança en el sistema de vot. Els usuaris del sistema de vot poden pensar que el sistema té forats de seguretat o que ha estat atacat. Per evitar aquesta situació, definim el concepte de "vote validatability", una propietat dels sistemes de vot electrònic que garanteix que els vots nuls es poden identificar en el moment que s'emeten. En aquesta tesi hem definit formalment aquesta propietat i hem dissenyat un protocol que la satisfà. Tots aquests requisits de seguretat dels protocols de vot electrònic s'implementen amb eines criptogràfiques. Les principals eines que s'utilitzen són esquemes de xifrat, esquemes de firma i proves de coneixement zero. Una prova de coneixement zero permet a una entitat convèncer una altra entitat que una sentència és certa sense donar cap altra informació que la certesa de la sentència. Aquestes proves de coneixement zero es poden fer servir, per exemple, per demostrar que el recompte de l'elecció s'ha fet correctament. Recentment, Groth i Sahai han construït proves de coneixement zero que es poden fer servir per un ampli ventall de sentències com per exemple sentències que apareixen en protocols de vot electrònic. En aquesta tesi hem fet dos contribucions sobre les proves de Groth i Sahai. Per una banda donem un marc teòric que permet derivar hipòtesis criptogràfiques per construir protocols criptogràfics. En particular, construïm noves proves de Groth i Sahai millorant l'eficiència de les construccions existents. De manera independent, indiquem com les proves de Groth i Sahai es poden estendre per fer-les compatibles amb un ventall més ampli de sentències, millorem l'eficiència de les proves de Groth i Sahai per moltes d'aquestes sentències i, en particular, quan es fan servir per demostrar múltiples sentències

Nou esquema segur de firma basat en atributs

En aquest treball proposem un nou esquema de firma basat en atributs. La idea bàsica d’un esquema de firma basat en atributs és que, enlloc de firmar com a una identitat es firma com a algú que conté una sèrie d’atributs. Un firmant demanarà claus secretes pel conjunt d’atributs que té i firmarà el missatge usant aquestes claus. Per exemple, jo podria firmar aquest treball com a una persona que ´es (1) estudiant i (2) menor de 25 anys. Quan algé volgués comprovar la firma, no podria deduir que sóc jo qui ha realitzat la firma sinó una persona amb aquestes dues propietats. De fet, una firma basada en atributs permet definir conjunts d’atributs que es poden usar per firmar. Dit d’una altra manera, una firma pot estar realitzada per algú que contingui un subconjunt d’atributs d’un conjunt donat. Seguint l’exemple d’abans, jo podria firmar un missatge com a algú que té tres dels quatre atributs següents:(1) ser un estudiant, (2) ser menor de 25 anys, (3) estar empadronat a les Illes Balears i (4) tenir llic`encia per conduir. Donada la firma, ning´u podria saber quins tres atributs posseeixo. Això podria ser útil en el cas que volgués optar a una beca que demanessin tenir tres d’aquestes característiques i no interessés saber exactament les característiques de cada persona per evitar discriminacions

Training and certificate guidance - part 12 Safety training for concessionaires working on passenger ships

To be read in conjunction with Merchant Shipping Notice no. MSN 1692(M) (or subsequent amendments) and parts 5 and 6 of this seriesAvailable from British Library Document Supply Centre-DSC:5375.550(MGN 120(M)) / BLDSC - British Library Document Supply CentreSIGLEGBUnited Kingdo

Vote validatability in Mix-Net-based eVoting

One way to build secure electronic voting systems is to use Mix-Nets, which break any correlation between voters and their votes. One of the characteristics of Mix-Net-based eVoting is that ballots are usually decrypted individually and, as a consequence, invalid votes can be detected during the tallying of the election. In particular, this means that the ballot does not need to contain a proof of the vote being valid. However, allowing for invalid votes to be detected only during the tally- ing of the election can have bad consequences on the reputation of the election. First, casting a ballot for an invalid vote might be considered as an attack against the eVoting system by non-technical people, who might expect that the system does not accept such ballots. Besides, it would be impossible to track the attacker due to the anonymity provided by the Mix-Net. Second, if a ballot for an invalid vote is produced by a software bug, it might be only detected after the election period has nished. In particular, voters would not be able to cast a valid vote again. In this work we formalize the concept of having a system that detects invalid votes during the election period. In addition, we give a general construction of an eVoting system satisfying such property and an e - cient concrete instantiation based on well-studied assumptionsOne way to build secure electronic voting systems is to use Mix-Nets, which break any correlation between voters and their votes. One of the characteristics of Mix-Net-based eVoting is that ballots are usually decrypted individually and, as a consequence, invalid votes can be detected during the tallying of the election. In particular, this means that the ballot does not need to contain a proof of the vote being valid. However, allowing for invalid votes to be detected only during the tally- ing of the election can have bad consequences on the reputation of the election. First, casting a ballot for an invalid vote might be considered as an attack against the eVoting system by non-technical people, who might expect that the system does not accept such ballots. Besides, it would be impossible to track the attacker due to the anonymity provided by the Mix-Net. Second, if a ballot for an invalid vote is produced by a software bug, it might be only detected after the election period has nished. In particular, voters would not be able to cast a valid vote again. In this work we formalize the concept of having a system that detects invalid votes during the election period. In addition, we give a general construction of an eVoting system satisfying such property and an e - cient concrete instantiation based on well-studied assumptionsPeer Reviewe

An algebraic framework for Diffie-Hellman assumptions

The final publication is available at Springer via http://dx.doi.org/10.1007/s00145-015-9220-6We put forward a new algebraic framework to generalize and analyze Di e-Hellman like Decisional Assumptions which allows us to argue about security and applications by considering only algebraic properties. Our D`;k-MDDH assumption states that it is hard to decide whether a vector in G` is linearly dependent of the columns of some matrix in G` k sampled according to distribution D`;k. It covers known assumptions such as DDH, 2-Lin (linear assumption), and k-Lin (the k-linear assumption). Using our algebraic viewpoint, we can relate the generic hardness of our assumptions in m-linear groups to the irreducibility of certain polynomials which describe the output of D`;k. We use the hardness results to nd new distributions for which the D`;k-MDDH-Assumption holds generically in m-linear groups. In particular, our new assumptions 2-SCasc and 2-ILin are generically hard in bilinear groups and, compared to 2-Lin, have shorter description size, which is a relevant parameter for e ciency in many applications. These results support using our new assumptions as natural replacements for the 2-Lin Assumption which was already used in a large number of applications. To illustrate the conceptual advantages of our algebraic framework, we construct several fundamental primitives based on any MDDH-Assumption. In particular, we can give many instantiations of a primitive in a compact way, including public-key encryption, hash-proof systems, pseudo-random functions, and Groth-Sahai NIZK and NIWI proofs. As an independent contribution we give more e cient NIZK and NIWI proofs for membership in a subgroup of G`. The results imply very signi cant e ciency improvements for a large number of schemes.Peer Reviewe

An algebraic framework for Diffie–Hellman assumptions

We put forward a new algebraic framework to generalize and analyze Diffie-Hellman like Decisional Assumptions which allows us to argue about security and applications by considering only algebraic properties. Our D`,k-MDDH assumption states that it is hard to decide whether a vector in ¿ìs linearly dependent of the columns of some matrix in ¿`×k sampled according to distribution D`,k. It covers known assumptions such as DDH, 2-Lin (linear assumption), and k-Lin (the k-linear assumption). Using our algebraic viewpoint, we can relate the generic hardness of our assumptions in m-linear groups to the irreducibility of certain polynomials which describe the output of D`,k. We use the hardness results to find new distributions for which the D`,k-MDDH-Assumption holds generically in m-linear groups. In particular, our new assumptions 2-SCasc and 2-ILin are generically hard in bilinear groups and, compared to 2-Lin, have shorter description size, which is a relevant parameter for efficiency in many applications. These results support using our new assumptions as natural replacements for the 2-Lin Assumption which was already used in a large number of applications. To illustrate the conceptual advantages of our algebraic framework, we construct several fundamental primitives based on any MDDH-Assumption. In particular, we can give many instantiations of a primitive in a compact way, including public-key encryption, hash-proof systems, pseudo-random functions, and Groth-Sahai NIZK and NIWI proofs. As an independent contribution we give more efficient NIZK and NIWI proofs for membership in a subgroup of ¿` . The results imply very significant efficiency improvements for a large number of schemes.Peer Reviewe