Key Compression and Its Application to Digital Fingerprinting‟,

Abstract. Digital fingerprinting technologies are becoming an increasingly important tool to protect valuable content and other intellectual property. This paper describes an efficient method whereby any watermarking technology can be utilized to construct digital fingerprints that can distinguish individual instantiations of protected data without requiring replication of the data. This technology enables large amounts of data to be selectively distributed to large numbers of people over a limited medium such as a broadcast channel or CD-ROM. An application of this technology -protection of motion pictures for in-flight entertainment systems -will be specifically discussed. Note: This is a reprint of an article that was originally submitted for publication in April 2001

DEMOS-2:scalable E2E verifiable elections without random oracles

Recently, Kiayias, Zacharias and Zhang-proposed a new E2E verifiable e-voting system called 'DEMOS' that for the first time provides E2E verifiability without relying on external sources of randomness or the random oracle model; the main advantage of such system is in the fact that election auditors need only the election transcript and the feedback from the voters to pronounce the election process unequivocally valid. Unfortunately, DEMOS comes with a huge performance and storage penalty for the election authority (EA) compared to other e-voting systems such as Helios. The main reason is that due to the way the EA forms the proof of the tally result, it is required to {\em precompute} a number of ciphertexts for each voter and each possible choice of the voter. This approach clearly does not scale to elections that have a complex ballot and voters have an exponential number of ways to vote in the number of candidates. The performance penalty on the EA appears to be intrinsic to the approach: voters cannot compute an enciphered ballot themselves because there seems to be no way for them to prove that it is a valid ciphertext. In contrast to the above, in this work, we construct a new e-voting system that retains the strong E2E characteristics of DEMOS (but against computational adversaries) while completely eliminating the performance and storage penalty of the EA. We achieve this via a new cryptographic construction that has the EA produce and prove, using voters' coins, the security of a common reference string (CRS) that voters subsequently can use to affix non-interactive zero-knowledge (NIZK) proofs to their ciphertexts. The EA itself uses the CRS to prove via a NIZK the tally correctness at the end. Our construction has similar performance to Helios and is practical. The privacy of our construction relies on the SXDH assumption over bilinear groups via complexity leveraging

End-to-end verifiability

This pamphlet describes end-to-end election verifiability (E2E-V) for a nontechnical audience: election officials, public policymakers, and anyone else interested in secure, transparent, evidence-based electronic elections. This work is part of the Overseas Vote Foundation's End-to-End Verifiable Internet Voting: Specification and Feasibility Assessment Study (E2E VIV Project), funded by the Democracy Fund

Design and Implementation of Cast-as-Intended Verifiability for a Blockchain-Based Voting System

Digitization of electoral processes depends on confident systems that produce verifiable evidence. The design and implementation of voting systems has been widely studied in prior research, bringing together expertise in many fields. Switzerland is organized in a federal, decentralized structure of independent governmental entities. Thus, its decentralized structure is a real-world example for implementing an electronic voting system, where trust is distributed among multiple authorities. This work outlines the design and implementation of a blockchain-based electronic voting system providing cast-as-intended verifiability. The generation of non-interactive zero-knowledge proofs of knowledge enables every voter to verify the encrypted vote, while maintaining the secrecy of the ballot. The Public Bulletin Board (PBB) is a crucial component of every electronic voting system, serving as a publicly verifiable log of communication and ballots - here a blockchain is used as the PBB. Also, the required cryptographic operations are in linear relation to the number of voters, making the outlined system fit for large-scale elections

The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption

A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys

The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption

A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys

Uncoercible Communication

This paper describes a model and method whereby one agent can send a private message to another over a public channel from within a "hostile" environment in which the sending agent may be subject to extreme coercion both before and after the sending of the message. Coercive forces may demand that certain information be or not be sent, may monitor the channel over which the transmission will take place, and may require that the sending agent reveal all information after the transmission is complete. Nevertheless, the sending agent may claim to have sent one message while actually having sent another and will be unable to provide any kind of receipt to the coercer to show what message was actually sent. 1 Introduction A central issue in many cryptographic protocols is secrecy --- intuitively, the property that when a plaintext M is encrypted to ciphertext C = E(M ), only the intended recipient(s) can decrypt the message. In public-key cryptosystems, the sender cannot (necessari..