Local perspective of mixing - a CSP approach Stathis Stathakidis - - PowerPoint PPT Presentation

local perspective of mixing a csp approach
SMART_READER_LITE
LIVE PREVIEW

Local perspective of mixing - a CSP approach Stathis Stathakidis - - PowerPoint PPT Presentation

Oct 01, 2022 211 likes •726 views

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Local perspective of mixing - a CSP approach Stathis Stathakidis Department of Computing University of Surrey, UK 15 October 2012 E. Stathakidis Local

slide-1
SLIDE 1

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions

Local perspective of mixing - a CSP approach

Stathis Stathakidis

Department of Computing University of Surrey, UK

15 October 2012

  • E. Stathakidis

Local perspective of mixing

slide-2
SLIDE 2

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions

1

Mixnets

2

Assumptions

3

Algorithms

4

CSP

5

Problems and future work

6

Questions

  • E. Stathakidis

Local perspective of mixing

slide-3
SLIDE 3

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions General

1

Mixnets

2

Assumptions

3

Algorithms

4

CSP

5

Problems and future work

6

Questions

  • E. Stathakidis

Local perspective of mixing

slide-4
SLIDE 4

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions General

cryptographic protocol hides (unlink) the correspondence between its inputs and

  • utputs

consists of mix servers Chaum, 1981

  • E. Stathakidis

Local perspective of mixing

slide-5
SLIDE 5

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions General

Sender Si, 1 < i < n

  • E. Stathakidis

Local perspective of mixing

slide-6
SLIDE 6

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions General

Sender Si, 1 < i < n Si sends m i

  • E. Stathakidis

Local perspective of mixing

slide-7
SLIDE 7

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions General

Sender Si, 1 < i < n Si sends m i Mixnet operates

  • E. Stathakidis

Local perspective of mixing

slide-8
SLIDE 8

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions General

Sender Si, 1 < i < n Si sends m i Mixnet operates Outputs in random order

  • E. Stathakidis

Local perspective of mixing

slide-9
SLIDE 9

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Uses

RFID tags anonymous web browsing mainly in e-voting

  • E. Stathakidis

Local perspective of mixing

slide-10
SLIDE 10

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions E-voting systems with Mixnets

Prêt à Voter Helios Civitas . . .

  • E. Stathakidis

Local perspective of mixing

slide-11
SLIDE 11

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Constructions

Chaumian Mixnets

untraceable mail system - 1981 layers of encryptions - onion ciphertext proportional to the number of mix servers c = EPK1(EPK2 . . . EPKn−1(EPKn(m) . . . )) ciphertext c is delivered to the first mix server each mix server peels off the outer layer m = DSKn(DSKn−1 . . . DSK2(DSK1(c) . . . ))

  • E. Stathakidis

Local perspective of mixing

slide-12
SLIDE 12

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Constructions

Re-encryption Mixnets

Park et al., 1993 ciphertext’s size irrelevant to the number of servers two variations

decryption at the end of the process (threshold) partial decryption

  • E. Stathakidis

Local perspective of mixing

slide-13
SLIDE 13

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Constructions

Other

parallel Mixnet hybrid Mixnets

  • E. Stathakidis

Local perspective of mixing

slide-14
SLIDE 14

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions So far

global perspective of mixing when a server is found dishonest then it is either excluded

  • r replaced

no more information is given: how? who? when? a third party is involved - time consuming

  • E. Stathakidis

Local perspective of mixing

slide-15
SLIDE 15

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Motivation

local perspective - how each mix server behaves

  • utput the final result without delay

eliminate the existence of a third party

  • E. Stathakidis

Local perspective of mixing

slide-16
SLIDE 16

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions What we need

1

Mixnets

2

Assumptions

3

Algorithms

4

CSP

5

Problems and future work

6

Questions

  • E. Stathakidis

Local perspective of mixing

slide-17
SLIDE 17

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions What we need

Algorithm: unique unambiguous accurate run by each server

  • E. Stathakidis

Local perspective of mixing

slide-18
SLIDE 18

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Assumptions

WBB

secure and trusted public - anyone can read from it

  • nly servers can post on it

communication channels are secure (read and post) gives accurate record of what is posted

  • E. Stathakidis

Local perspective of mixing

slide-19
SLIDE 19

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Assumptions

Servers

know their positions in the Mixnet same potential view to the WBB active during the process can perform the basic cryptographic operations

  • E. Stathakidis

Local perspective of mixing

slide-20
SLIDE 20

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Assumptions

Other

do not model the underlying cryptography proofs and ciphertexts as an entity no network traffic manipulation return proofs and verdicts in a timely fashion

  • E. Stathakidis

Local perspective of mixing

slide-21
SLIDE 21

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Mixing and Checking

1

Mixnets

2

Assumptions

3

Algorithms

4

CSP

5

Problems and future work

6

Questions

  • E. Stathakidis

Local perspective of mixing

slide-22
SLIDE 22

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Mixing and Checking

Algorithm 1 Mixserver

1: if i == j then 2:

Mixing(i, j)

3: else 4:

Checking(i, j)

5: end if

  • E. Stathakidis

Local perspective of mixing

slide-23
SLIDE 23

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Mixing and Checking

Mixing(i,j)

i looking for latest server j with “good” proofs i operates on j’s ciphertexts i posts its proofs and verdicts on the WBB i claims its proofs as “good” update the last server with “good” proofs

  • E. Stathakidis

Local perspective of mixing

slide-24
SLIDE 24

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Mixing and Checking

Algorithm 2 Mixing

1: if i == 1 then 2:

ReadProofs(i, lastGood, WBB)

3:

Operate(i)

4:

PostProofs(i, Pi)

5:

PostVerdict(i, Verdict)

6:

Mixserver(i, j + 1, lastGood + 1)

7: else 8:

ReadProofs(i, lastGood, WBB)

9:

Operate(i)

10:

PostProofs(i, Pi)

11:

PostVerdict(i, Verdict)

12:

Mixserver(i, j + 1, i)

13: end if

  • E. Stathakidis

Local perspective of mixing

slide-25
SLIDE 25

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Mixing and Checking

Checking(i,j)

i reads j’s proofs from the WBB i posts its verdict about j’s proofs on the WBB (update) if the read proofs are “good” then j + + update the last server j with “good” proofs else j is not considered as server with “good” proofs

  • E. Stathakidis

Local perspective of mixing

slide-26
SLIDE 26

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Mixing and Checking

Algorithm 3 Checking

1: ReadProofs(i, j, Pj, WBB) 2: PostVerdict(i, j, Verdict) 3: if Pj == good then 4:

Mixserver(i, j + 1, j)

5: else 6:

Mixserver(i, j + 1, lastGood)

7: end if

  • E. Stathakidis

Local perspective of mixing

slide-27
SLIDE 27

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Dishonest

can do anything can refuse to read and produce proofs CHAOS in CSP - most non deterministic process too dishonest! is STOP enough?

  • E. Stathakidis

Local perspective of mixing

slide-28
SLIDE 28

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Dishonest

can do anything can refuse to read and produce proofs CHAOS in CSP - most non deterministic process too dishonest! is STOP enough? probably not

  • E. Stathakidis

Local perspective of mixing

slide-29
SLIDE 29

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions WBB

accepts read and post queries anyone can read from it

  • nly servers can post on it

initially consists of sequence of pending proofs and sequence of unknown verdicts

  • E. Stathakidis

Local perspective of mixing

slide-30
SLIDE 30

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Background

1

Mixnets

2

Assumptions

3

Algorithms

4

CSP

5

Problems and future work

6

Questions

  • E. Stathakidis

Local perspective of mixing

slide-31
SLIDE 31

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Background

Communicating Sequential Processes Hoare, 1978 tool for specifying and verifying concurrent systems subsystems which operate concurrently and interact each

  • ther

need of a model checker - FDR

  • E. Stathakidis

Local perspective of mixing

slide-32
SLIDE 32

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Datatypes

Datatypes N: number of mix servers nametype NumberOfServers = {1..N} nametype Servers = NumberOfServers datatype Proofs = good | bad | pending Verdicts = {true, false}

  • E. Stathakidis

Local perspective of mixing

slide-33
SLIDE 33

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Channels

Channels

  • perate: Servers

read proofs: Servers.Servers.Proofs read verdicts: Servers.Servers.Verdicts post proofs: Servers.Proofs post verdicts: Servers.Servers.Verdicts

  • E. Stathakidis

Local perspective of mixing

slide-34
SLIDE 34

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Mixserver

Mixserver’s alphabet alphaMIXSERVER(i) = {read proofs.i.j.p, read verdicts.i.j.v, post proofs.i.p, post verdicts.i.j.check(p),

  • perates.i

| j ← Servers, p ← Proofs, v ← Verdicts} Disjoint alphabet

  • E. Stathakidis

Local perspective of mixing

slide-35
SLIDE 35

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Dishonest

DISHONEST DISHONEST(i) = CHAOS{alphaDISHONEST(i)} Dishonest’s alphabet alphaDISHONEST(i) = {read proofs.i.j.p, read verdicts.i.j.v, post proofs.i.p, post verdicts.i.j.check(p),

  • perates.i

| j ← Servers, p ← Proofs, v ← Verdicts}

  • E. Stathakidis

Local perspective of mixing

slide-36
SLIDE 36

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions WBB process

the choice of what happens is in the hands of the

environment

⊓ the choice of what happens is in the hands of the process

? input ! output neither an input nor an output can occur until the environment is willing to allow it

  • E. Stathakidis

Local perspective of mixing

slide-37
SLIDE 37

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions WBB process

WBB WBB (Sqp, Sqv) = read proofs?i?j!nth(Sqp, j) → WBB(Sqp, Sqv)

  • read verdicts?i?j!nth(Sqv, j) → WBB(Sqp, Sqv)
  • post proofs?i?proof → WBB(update(Sqp, i, proof), Sqv)
  • post verdicts?i?j?verdict → WBB(Sqp, update(Sqv, j, verdict))

WBB’s alphabet alphaWBB = {| read proofs, read verdicts, post proofs, post verdicts |}

  • E. Stathakidis

Local perspective of mixing

slide-38
SLIDE 38

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions “Good” servers

Interleave means no explicit communication GOOD SERVERS GOOD SERVERS = |||i∈setOfHonestServers Mixserver(i, 1, 0) GOOD SERVER’s alphabet alphaGOOD = ∪(alphaMIXSERVER(i))

  • E. Stathakidis

Local perspective of mixing

slide-39
SLIDE 39

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions “Bad” servers

Interleave means no explicit communication BAD SERVERS BAD SERVERS = |||i∈setOfDishonestServers DISHONEST(i) BAD SERVER’s alphabet alphaBAD = ∪(alphaDISHONEST(i))

  • E. Stathakidis

Local perspective of mixing

slide-40
SLIDE 40

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Servers together

There is no direct communication between servers We use interleaving instead of parallel SERVERS SERVERS = GOOD SERVERS ||| BAD SERVERS SERVERS’s alphabet alphaSERVERS = ∪(alphaGOOD, alphaBAD) Interleaved processes do not synchronise on events even when their alphabets do overlap

  • E. Stathakidis

Local perspective of mixing

slide-41
SLIDE 41

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions System

SERVERS and WBB in parallel Use of alphabetised parallel SERVERS SYSTEM = SERVERS alphaSERVERSalphaWBB WBB SERVERS’s alphabet alphaSYSTEM = ∪(alphaSERVERS, alphaWBB)

  • E. Stathakidis

Local perspective of mixing

slide-42
SLIDE 42

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Tally event

SPEC SPEC = tally → STOP

  • E. Stathakidis

Local perspective of mixing

slide-43
SLIDE 43

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Assertions - sanity checks

Assertions

checks to be carried out used to state properties which are believed to hold load in FDR alongside the processes deadlock and livelock freedom, traces, failures divergence etc

  • E. Stathakidis

Local perspective of mixing

slide-44
SLIDE 44

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Assertions - sanity checks

Checks

hide the tally event deadlock free - never stop (robustness) livelock free divergence free - no unlimited sequences of internal action τ SYSTEM failures/divergences-refines SPEC SPEC assertSPEC ⊑FD SYSTEM \ {| tally |}

  • E. Stathakidis

Local perspective of mixing

slide-45
SLIDE 45

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Remarks

1

Mixnets

2

Assumptions

3

Algorithms

4

CSP

5

Problems and future work

6

Questions

  • E. Stathakidis

Local perspective of mixing

slide-46
SLIDE 46

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Remarks

the servers run this algorithm at the same time no one can block the protocol from happening

  • E. Stathakidis

Local perspective of mixing

slide-47
SLIDE 47

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions To come soon

control process which prevents the WBB from reading pending proofs → time is involved more sanity checks

  • E. Stathakidis

Local perspective of mixing

slide-48
SLIDE 48

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions Future work

split into proofs and ciphertexts add time restrictions - timed CSP drop the WBB - single point of failure - Verificatum uses no WBB - huge challenge distributed WBB? yes, but in CSP . . . ? state space explosion - reduce it model the decryption

  • E. Stathakidis

Local perspective of mixing

slide-49
SLIDE 49

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions

1

Mixnets

2

Assumptions

3

Algorithms

4

CSP

5

Problems and future work

6

Questions

  • E. Stathakidis

Local perspective of mixing

slide-50
SLIDE 50

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions

Thank you!

  • E. Stathakidis

Local perspective of mixing

slide-51
SLIDE 51

Outline Mixnets Assumptions Algorithms CSP Problems and future work Questions

Thank you! Questions?

  • E. Stathakidis

Local perspective of mixing