Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols

Code voting was introduced by Chaum as a solution for using a possibly infected-by-malware device to cast a vote in an electronic voting application. Chaum's work on code voting assumed voting codes are physically delivered to voters using the mail system, implicitly requiring to trust the mail system. This is not necessarily a valid assumption to make - especially if the mail system cannot be trusted. When conspiring with the recipient of the cast ballots, privacy is broken. It is clear to the public that when it comes to privacy, computers and "secure" communication over the Internet cannot fully be trusted. This emphasizes the importance of using: (1) Unconditional security for secure network communication. (2) Reduce reliance on untrusted computers. In this paper we explore how to remove the mail system trust assumption in code voting. We use PSMT protocols (SCN 2012) where with the help of visual aids, humans can carry out $\mod 10$ addition correctly with a 99\% degree of accuracy. We introduce an unconditionally secure MIX based on the combinatorics of set systems. Given that end users of our proposed voting scheme construction are humans we \emph{cannot use} classical Secure Multi Party Computation protocols. Our solutions are for both single and multi-seat elections achieving: \begin{enumerate}[i)] \item An anonymous and perfectly secure communication network secure against a $t$-bounded passive adversary used to deliver voting, \item The end step of the protocol can be handled by a human to evade the threat of malware. \end{enumerate} We do not focus on active adversaries

Practical threshold signatures with linear secret sharing schemes

Function sharing deals with the problem of distribution of the computation of a function (such as decryption or signature) among several parties. The necessary values for the computation are distributed to the participating parties using a secret sharing scheme (SSS). Several function sharing schemes have been proposed in the literature, with most of them using Shamir secret sharing as the underlying SSS. In this paper, we investigate how threshold cryptography can be conducted with any linear secret sharing scheme and present a function sharing scheme for the RSA cryptosystem. The challenge is that constructing the secret in a linear SSS requires the solution of a linear system, which normally involves computing inverses, while computing an inverse modulo φ(N) cannot be tolerated in a threshold RSA system in any way. The threshold RSA scheme we propose is a generalization of Shoup's Shamir-based scheme. It is similarly robust and provably secure under the static adversary model. At the end of the paper, we show how this scheme can be extended to other public key cryptosystems and give an example on the Paillier cryptosystem. © 2009 Springer Berlin Heidelberg

A kilobit hidden SNFS discrete logarithm computation

We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software. Our chosen prime $p$ looks random, and $p--1$ has a 160-bit prime factor, in line with recommended parameters for the Digital Signature Algorithm. However, our p has been trapdoored in such a way that the special number field sieve can be used to compute discrete logarithms in $\mathbb{F}\_p^*$ , yet detecting that p has this trapdoor seems out of reach. Twenty-five years ago, there was considerable controversy around the possibility of back-doored parameters for DSA. Our computations show that trapdoored primes are entirely feasible with current computing technology. We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild. As can be expected from a trapdoor mechanism which we say is hard to detect, our research did not reveal any trapdoored prime in wide use. The only way for a user to defend against a hypothetical trapdoor of this kind is to require verifiably random primes

Undetachable threshold signatures

A major problem of mobile agents is their inability to authenticate transactions in a hostile environment. Users will not wish to equip agents with their private signature keys when the agents may execute on untrusted platforms. Undetachable signatures were introduced to solve this problem by allowing users to equip agents with the means to sign signatures for tightly constrained transactions, using information especially derived from the user private signature key. However, the problem remains that a platform can force an agent to commit to a sub-optimal transaction. In parallel with the work on undetachable signatures, much work has been performed on threshold signature schemes, which allow signing power to be distributed across multiple agents, thereby reducing the trust in a single entity. We combine these notions and introduce the concept of an undetachable threshold signature scheme, which enables constrained signing power to be distributed across multiple agents, thus reducing the necessary trust in single agent platforms. We also provide an RSA-based example of such a scheme based on a combination of Shoup's threshold signature scheme, [7] and Kotzanikolaou et al's undetachable signature scheme, [3]

The effect of water immersion on short-latency somatosensory evoked potentials in human

<p>Abstract</p> <p>Background</p> <p>Water immersion therapy is used to treat a variety of cardiovascular, respiratory, and orthopedic conditions. It can also benefit some neurological patients, although little is known about the effects of water immersion on neural activity, including somatosensory processing. To this end, we examined the effect of water immersion on short-latency somatosensory evoked potentials (SEPs) elicited by median nerve stimuli. Short-latency SEP recordings were obtained for ten healthy male volunteers at rest in or out of water at 30°C. Recordings were obtained from nine scalp electrodes according to the 10-20 system. The right median nerve at the wrist was electrically stimulated with the stimulus duration of 0.2 ms at 3 Hz. The intensity of the stimulus was fixed at approximately three times the sensory threshold.</p> <p>Results</p> <p>Water immersion significantly reduced the amplitudes of the short-latency SEP components P25 and P45 measured from electrodes over the parietal region and the P45 measured by central region.</p> <p>Conclusions</p> <p>Water immersion reduced short-latency SEP components known to originate in several cortical areas. Attenuation of short-latency SEPs suggests that water immersion influences the cortical processing of somatosensory inputs. Modulation of cortical processing may contribute to the beneficial effects of aquatic therapy.</p> <p>Trial Registration</p> <p>UMIN-CTR (UMIN000006492)</p

Threshold password-authenticated key exchange

Abstract. In most password-authenticated key exchange systems there is a single server storing password verification data. To provide some resilience against server compromise, this data typically takes the form of a one-way function of the password (and possibly a salt, or other public values), rather than the password itself. However, if the server is compromised, this password verification data can be used to perform an offline dictionary attack on the user’s password. In this paper we propose an efficient password-authenticated key exchange system involving a set of servers, in which a certain threshold of servers must participate in the authentication of a user, and in which the compromise of any fewer than that threshold of servers does not allow an attacker to perform an offline dictionary attack. We prove our system is secure in the random oracle model under the Decision Diffie-Hellman assumption against an attacker that may eavesdrop on, insert, delete, or modify messages between the user and servers, and that compromises fewer than that threshold of servers.

Minimizing Trust in Hardware Wallets with Two Factor Signatures

We introduce the notion of two-factor signatures (2FS), a generalization of a two-out-of-two threshold signature scheme in which one of the parties is a hardware token which can store a high-entropy secret, and the other party is a human who knows a low-entropy password. The security (unforgeability) property of 2FS requires that an external adversary corrupting either party (the token or the computer the human is using) cannot forge a signature. This primitive is useful in contexts like hardware cryptocurrency wallets in which a signature conveys the authorization of a transaction. By the above security property, a hardware wallet implementing a two-factor signature scheme is secure against attacks mounted by a malicious hardware vendor; in contrast, all currently used wallet systems break under such an attack (and as such are not secure under our definition). We construct efficient provably-secure 2FS schemes which produce either Schnorr signature (assuming the DLOG assumption), or EC-DSA signatures (assuming security of EC-DSA and the CDH assumption) in the Random Oracle Model, and evaluate the performance of implementations of them. Our EC-DSA based 2FS scheme can directly replace currently used hardware wallets for Bitcoin and other major cryptocurrencies to enable security against malicious hardware vendors