Secure and Efficient Mix-Nets

Mix-net on süsteem, mis võimaldab saavutada anonüümsuse arvutite vahelises suhtluses. Mix-net võtab sisendiks kasutajate krüptogrammid ja väljastab krüptogrammid juhuslikult segatud järjekorras. Mix-net'id võimaldavad turvalise e-valimise ning paljude teiste anonüümsust vajavate rakenduste konstrueerimist. Mix-net'ide ehitamisel on oluline võimalus veenduda, et segamine toimuks korrektselt. Samas ei saa mix-net avaldada, kuidas segamine toimus, kuna sellega kaoks anonüümsus. Võimalik lahendus sellele probleemile on nullteadmusprotokolli kasutamine.\n\r\n\rAntud magistritöös uuritakse J. Furukawa 2005. aastal välja pakutud nullteadmusprotokolli krüptogrammide segamise jaoks. Esiteks antakse detailne ja kergemini loetav kirjeldus Furukawa segamise ja segamis-dekrüpteerimise nullteadmusprotokollidest. Lisaks pakutakse välja kaks uut permutatsioonimaatriksi kirjeldust ning kaks lihtsat muudatust segamise protokollile, mis aitavad vähendada ajalist keerukust.Mix-net is a system that can provide anonymity in a computer network. Mix-net takes as an input user's ciphertexts and outputs them in a shuffled order. Secure e-voting and variety of other applications can be built on top of mix-net architecture.\n\r\n\rMajor challenge of constructing mix-nets lies in efficiently proving that shuffling was done correctly. Mix-net cannot reveal the permutation because that would break the anonymity. One solution is to provide a zero-knowledge proof.\n\r\n\rThis thesis studies a zero-knowledge shuffle argument proposed by J. Furukawa in 2005.\n\r\n\rFirstly, we provide a more detailed and easily readable description of the shuffle and shuffle-decryption zero-knowledge protocols than in the original paper. Secondly, we provide two new characterizations of a permutation matrix and two simple modifications of\n\rthe shuffle protocol that reduce the computational complexity

Computerization of Graph Theory Exercises

H. Pärn tegi 2013. aastal oma bakalaureusetöö raames prototüübi graafiteooria õpiprogrammist, millega oleks võimalik koostada ja lahendada erinevaid graafiteooriaga seotud ülesandeid. Antud lõputöö eesmärgiks sai seatud selle prototüübi edasiarendamine ja keerukamate ülesandetüüpide sissetoomine. Lisaks uuriti, milliseid ülesandetüüpe on üldse mõttekas sellises keskkonnas kasutada. Töö tulemusena realiseeriti 5 uut ülesandetüüpi ja lisaks täiendati keskkonda mitme olulise üldise täiendusega nagu näiteks suunatud graafide joonistamise võimalusega.In 2013 in the context of his bachelor’s thesis H. Pärn developed a prototype for educational software that would allow to create and solve different types of exercises related to graph theory. Current thesis sets its goal to develop that prototype and to introduce new and more complex exercise types. In addition, it is examined what types of exercises of graph theory can be computerized in the first place. As the result of this thesis 5 new exercise types were added to the software and also many general advances were made e.g. possibility to use directed graphs

Robotics

Robotics course materials

Counting Vampires: From Univariate Sumcheck to Updatable ZK-SNARK

We propose a univariate sumcheck argument $\mathfrak{Count}$ of essentially optimal communication efficiency of one group element. While the previously most efficient univariate sumcheck argument of Aurora is based on polynomial commitments, $\mathfrak{Count}$ is based on inner-product commitments. We use $\mathfrak{Count}$ to construct a new pairing-based updatable and universal zk-SNARK $\mathfrak{Vampire}$ with the shortest known argument length (four group and two finite field elements) for $\mathsf{NP}$. In addition, $\mathfrak{Vampire}$ uses the aggregated polynomial commitment scheme of Boneh \emph{et al}

Algebraic Group Model with Oblivious Sampling

In the algebraic group model (AGM), an adversary has to return with each group element a linear representation with respect to input group elements. In many groups, it is easy to sample group elements obliviously without knowing such linear representations. Since the AGM does not model this, it can be used to prove the security of spurious knowledge assumptions. We show several well-known zk-SNARKs use such assumptions. We propose AGM with oblivious sampling (AGMOS), an AGM variant where the adversary can access an oracle that allows sampling group elements obliviously from some distribution. We show that AGM and AGMOS are different by studying the family of ``total knowledge-of-exponent\u27\u27 assumptions, showing that they are all secure in the AGM, but most are not secure in the AGMOS if the DL holds. We show an important separation in the case of the KZG commitment scheme. We show that many known AGM reductions go through also in the AGMOS, assuming a novel falsifiable assumption TOFR. We prove that TOFR is secure in a version of GGM with oblivious sampling

On Trade-offs of Applying Block Chains for Electronic Voting Bulletin Boards

This paper takes a critical look at the recent trend of building electronic voting systems on top of block chain technology. Even though being very appealing from the election integrity perspective, block chains have numerous technical, economical and even political drawbacks that need to be taken into account. Selecting a good trade-off between desirable properties and restrictions imposed by different block chain implementations is a highly non-trivial task. This paper aims at bringing some clarity into performing this task. We will mostly be concentrating on public permissionless block chains and their applications as bulletin board implementations as these are the favourite choices in majority of the recent block chain based voting protocol proposals

On Subversion-Resistant SNARKs

While NIZK arguments in the CRS model are widely studied, the question of what happens when the CRS was subverted has received little attention. In ASIACRYPT 2016, Bellare, Fuchsbauer, and Scafuro showed the first negative and positive results in the case of NIZK, proving also that it is impossible to achieve subversion soundness and (even non-subversion) zero-knowledge at the same time. On the positive side, they constructed an involved sound and subversion-zero-knowledge (Sub-ZK) non-succinct NIZK argument for NP. We consider the practically very relevant case of zk-SNARKs. We make Groth\u27s zk-SNARK for \textsc{Circuit-SAT} from EUROCRYPT 2016 computationally knowledge-sound and perfectly composable Sub-ZK with minimal changes. We only require the CRS trapdoor to be extractable and the CRS to be publicly verifiable. To achieve the latter, we add some new elements to the CRS and construct an efficient CRS verification algorithm. We also provide a definitional framework for knowledge-sound and Sub-ZK SNARKs

Somewhere Statistically Binding Commitment Schemes with Applications

We define a new primitive that we call a somewhere statistically binding (SSB) commitment scheme, which is a generalization of dual-mode commitments but has similarities with SSB hash functions (Hubacek and Wichs, ITCS 2015) without local opening. In (existing) SSB hash functions, one can compute a hash of a vector v that is statistically binding in one coordinate of v. Meanwhile, in SSB commitment schemes, a commitment of a vector v is statistically binding in some coordinates of v and is statistically hiding in the other coordinates. The set of indices where binding holds is predetermined but known only to the commitment key generator. We show that the primitive can be instantiated by generalizing the succinct Extended Multi-Pedersen commitment scheme (González et al., Asiacrypt 2015). We further introduce the notion of functional SSB commitment schemes and, importantly, use it to get an efficient quasi-adaptive NIZK for arithmetic circuits and efficient oblivious database queries