random block verification
play

Random Block Verification : Improvements to the Norwegian electoral - PowerPoint PPT Presentation

Jan 22, 2024 •233 likes •511 views

Random Block Verification : Improvements to the Norwegian electoral mix net Denise Demirel, Hugo Jonker , Melanie Volkamer What is mixing?

  1. Random Block Verification : Improvements to the Norwegian electoral mix net Denise Demirel, Hugo Jonker , Melanie Volkamer

  2. What is mixing? Œ ß ‡ ¶ ✯ ✟ ✯ ✟ ✯ ✟ ❍ ❍ ❍ ✟ ✟ ✟ ❥ ❍ ❍ ❥ ❥ ❍ ¶ ¶ ‡ ‡ ❳ ❳ ❳ ❳ ③ ✘ ✿ ❳ ③ ✿ ✘ ③ ❳ ✘ ✿ ✘ ✘ ✘ Mix 1 Mix 2 Mix 3 Œ ‡ ❳ ❳ ❳ Œ Œ ✘ ✿ ③ ❳ ✘ ✿ ③ ❳ ✿ ✘ ③ ❳ ✘ ✘ ✘ ✯ ✟ ✟ ✯ ✟ ✯ ❍ ❍ ❍ ß ✟ ✟ ✟ ❍ ❥ ❥ ❍ ❍ ❥ ß ß ¶ evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 2/17

  3. How to verify correctness of a mix operation? ■ Using zero knowledge proofs efficiency problems, hard to understand, detects all fraud, no privacy loss evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 3/17

  4. Trading detection for efficiency ■ Randomized Partial Checking [JJR02] (RPC) doubles # operations, not all cheating detected, less privacy. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 4/17

  5. Trading detection for efficience (2) ■ Optimistic mixing [GZBJJ02] (OM) Needs crypto, not all fraud detected, privacy loss. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 5/17

  6. Combination: RPC+OM Can a combination improve the trade-off? evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 6/17

  7. Combination: RPC+OM Can a combination improve the trade-off? Puiggalí Allepuz and Guasch Castelló: [PG10]. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 6/17

  8. Verification of the [PG10] mix net √ n blocks, for m mix nodes and n votes. 1. Votes divided into l = m 2. For every block: ■ identify corresponding group of outputs ■ publish products of input and output blocks ■ publish zero knowledge proof of equality of products 3. votes in output blocks are somewhat dispersed over the input blocks of the next mix. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 7/17

  9. Remarks on Norwegian mix net ■ efficiency of proofs. - reveal re-encryption randomness - use more efficient proofs [JJ99] evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 8/17

  10. Remarks on Norwegian mix net ■ efficiency of proofs. - reveal re-encryption randomness - use more efficient proofs [JJ99] ■ speedup via parallelisation. parallel mixing (of blocks) vs sequential mixing. used in Norway too. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 8/17

  11. Remarks on Norwegian mix net ■ efficiency of proofs. - reveal re-encryption randomness - use more efficient proofs [JJ99] ■ speedup via parallelisation. parallel mixing (of blocks) vs sequential mixing. used in Norway too. ■ Reducing trust assumptions. - privacy in [PG10] preserved if all mix nets are honest (“ gradual dispersal”). - Use Fiat-Shamir to prevent first mix from predicting block assignment. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 8/17

  12. Randomized Block Verification evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 9/17

  13. Mixing in RBV 1. Divide the n votes into m subsets (for m mix nodes). 2. Mix i mixes subset i twice, and publishes intermediate and final results. 3. Next, mix i takes the final result of mix i − 1 as input. Repeat m times. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 10/17

  14. Verification of RBV ■ Divide input into l = ⌊√ n ⌋ blocks. - r = n − l · l blocks with l + 1 elements, and - l − r blocks with l elements. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 11/17

  15. Verification of RBV ■ Divide input into l = ⌊√ n ⌋ blocks. - r = n − l · l blocks with l + 1 elements, and - l − r blocks with l elements. ■ Determine blocks: input blocks = output blocks of previous mix. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 11/17

  16. Verification of RBV ■ Divide input into l = ⌊√ n ⌋ blocks. - r = n − l · l blocks with l + 1 elements, and - l − r blocks with l elements. ■ Determine blocks: input blocks = output blocks of previous mix. ■ Prove correspondence of input blocks with intermediate blocks (first mixing operation). Efficient ZK proof or reveal re-encryption randomness. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 11/17

  17. Verification of RBV ■ Divide input into l = ⌊√ n ⌋ blocks. - r = n − l · l blocks with l + 1 elements, and - l − r blocks with l elements. ■ Determine blocks: input blocks = output blocks of previous mix. ■ Prove correspondence of input blocks with intermediate blocks (first mixing operation). Efficient ZK proof or reveal re-encryption randomness. ■ Redistribute votes over blocks. l blocks with l elements = ⇒ perfect redistribution. We’re close. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 11/17

  18. Verification of RBV ■ Divide input into l = ⌊√ n ⌋ blocks. - r = n − l · l blocks with l + 1 elements, and - l − r blocks with l elements. ■ Determine blocks: input blocks = output blocks of previous mix. ■ Prove correspondence of input blocks with intermediate blocks (first mixing operation). Efficient ZK proof or reveal re-encryption randomness. ■ Redistribute votes over blocks. l blocks with l elements = ⇒ perfect redistribution. We’re close. ■ Prove correspondence intermediate blocks with output blocks. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 11/17

  19. Verification of RBV ■ Divide input into l = ⌊√ n ⌋ blocks. - r = n − l · l blocks with l + 1 elements, and - l − r blocks with l elements. ■ Determine blocks: input blocks = output blocks of previous mix. ■ Prove correspondence of input blocks with intermediate blocks (first mixing operation). Efficient ZK proof or reveal re-encryption randomness. ■ Redistribute votes over blocks. l blocks with l elements = ⇒ perfect redistribution. We’re close. ■ Prove correspondence intermediate blocks with output blocks. Done. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 11/17

  20. Comparison evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 12/17

  21. Detecting fraud mix chance of not detecting fraud P ( k undetected changes ) = 2 − k . RPC [JJR02] max( P ( k + 1 undetected changes )) = 5 PoS [GZBJJ02] 8 . √ n − 1 � k � m P ( k + 1 undetected changes ) = Norway [PG10] . n − 1 � √ n − 1 � k P ( k + 1 undetected changes ) = RBV . n − 1 Note: RBV not depending on # mix nodes. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 13/17

  22. Privacy mix size of anonymity group G | = n RPC | A 2 . n PoS | A G | = 2 α , (0 < α ≤ 5) . n Norway | A G | = √ n . m RBV | A G | = n . evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 14/17

  23. Efficiency of RBV mix #exp per mix node RPC 2 n . PoS 2 α · (2 m − 1) , 0 < α ≤ 5 . n Norway 6 · √ n . m n RBV 6 · ⌊√ n ⌋ . evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 15/17

  24. Conclusions ■ Improved privacy of [PG10]. ■ Some efficiency improvements. ■ Main cost: fraud detection. However, still too good for practical attacks. ■ For future: mix net verification using ZK proofs more and more efficient. evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 16/17

  25. Conclusions ■ Improved privacy of [PG10]. ■ Some efficiency improvements. ■ Main cost: fraud detection. However, still too good for practical attacks. ■ For future: mix net verification using ZK proofs more and more efficient. Thanks for your attention. Questions? evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 16/17

  26. References [JJR02] Jakobsson, M., Juels, A., Rivest, R.L.: Making mix nets robust for electronic voting by randomized partial checking. In: Proc. USENIX’02 (2002) [PG10] Puiggal í Allepuz, J., Guasch Castelló, S.: Universally verifiable efficient re-encryption mixnet. In: Proc. EVOTE 2010. LNI, vol. P-167, pp. 241–254. GI (2010) [GZBJJ02] Golle, P ., Zhong, S., Boneh, D., Jakobsson, M., Juels, A.: Optimistic mixing for exit-polls. In: Asiacrypt 2002, LNCS 2501. pp. 451–465. Springer-Verlag (2002) [JJ99] Jakobsson, M., Juels, A.: Millimix: Mixing in small batches. Tech. rep., Center for Discrete Mathematics #38; Theoretical Computer Science (1999) evote, 12 July 2012 Random Block Verification , Hugo Jonker - p. 17/17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PSEUDO-RANDOM FUNCTIONS We want to answer the question: What is a good block cipher? where

PSEUDO-RANDOM FUNCTIONS We want to answer the question: What is a good block cipher? where

Recall We studied security of function families (in particular, block ciphers) against key recovery. But we saw that security against key recovery is not su ffi cient to ensure that natural usages of a block cipher are secure. PSEUDO-RANDOM

268 views • 13 slides
Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1

Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1

Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1 , Jean-Sbastien Coron 2 Emmanuel

1.04k views • 99 slides
PSEUDO-RANDOM FUNCTIONS 1 / 65 Recall We studied security of a block cipher against key

PSEUDO-RANDOM FUNCTIONS 1 / 65 Recall We studied security of a block cipher against key

PSEUDO-RANDOM FUNCTIONS 1 / 65 Recall We studied security of a block cipher against key recovery. But we saw that security against key recovery is not sufficient to ensure that natural usages of a block cipher are secure. We want to answer the

920 views • 88 slides
Pseudo-Random Numbers and Stream PRNG+Block Ciphers Stream Ciphers RC4 CSS441: Security and

Pseudo-Random Numbers and Stream PRNG+Block Ciphers Stream Ciphers RC4 CSS441: Security and

CSS441 Random Numbers Principles PRNGs Pseudo-Random Numbers and Stream PRNG+Block Ciphers Stream Ciphers RC4 CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven

460 views • 24 slides
Quantum Position Verification in the random oracle model Dominique Unruh University of Tartu

Quantum Position Verification in the random oracle model Dominique Unruh University of Tartu

Quantum Position Verification in the random oracle model Dominique Unruh University of Tartu Dominique Unruh Position Verification Speed of light Position verified Quantum Position Verification 2 Dominique Unruh A generic protocol

409 views • 21 slides
A Random Walk Around The Block Johan Ugander Stanford University Joint work with: Isabel

A Random Walk Around The Block Johan Ugander Stanford University Joint work with: Isabel

A Random Walk Around The Block Johan Ugander Stanford University Joint work with: Isabel Kloumann (Facebook) &amp; Jon Kleinberg (Cornell) Google Mountain View August 17, 2016 S e e d s e t e x p a n s i o n Given a

724 views • 44 slides
Block modified Random Matrices Octavio Arizmendi CIMAT joint work with I. Nechita and C. Vargas

Block modified Random Matrices Octavio Arizmendi CIMAT joint work with I. Nechita and C. Vargas

Preliminaries in Free Probability Block modified matrices Operator-Valued free probability Explicit solutions Block modified Random Matrices Octavio Arizmendi CIMAT joint work with I. Nechita and C. Vargas Bedlewo, 18.05.2017 Octavio

808 views • 67 slides
Constructing Tweakable Block Ciphers in the Random Permutation Model Yannick Seurin ANSSI,

Constructing Tweakable Block Ciphers in the Random Permutation Model Yannick Seurin ANSSI,

Tweakable BC Tweakable EM Birthday Security BBB Security Conclusion Constructing Tweakable Block Ciphers in the Random Permutation Model Yannick Seurin ANSSI, France September 30, 2015 ASK 2015 Based on joint work with Benot Cogliati

1.79k views • 120 slides
Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1 cole Normale

Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1 cole Normale

Block ciphers with non-standard sizes Choosing uniformly a random permutation P ERMUTATOR Sampling following the Hypergeometric Distribution Security Analysis Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1

550 views • 23 slides
Limiting Spectral Distribution of Stochastic Block Model Yizhe Zhu University of Washington

Limiting Spectral Distribution of Stochastic Block Model Yizhe Zhu University of Washington

Limiting Spectral Distribution of Stochastic Block Model Yizhe Zhu University of Washington December 30, 2016 SJTU Joint Work with Ioana Dumitriu Overview Semicircle Law 1 Erd os R enyi random graph 2 Stochastic Block Model 3

615 views • 42 slides
Introducing EF Block TM Introduction to EF Block Building Materials Overview of EF

Introducing EF Block TM Introduction to EF Block Building Materials Overview of EF

Introducing EF Block TM Introduction to EF Block Building Materials Overview of EF Block and the competition The EF Block System Proprietary (Patent Pending) Plant, Product and Processes of the EF Block system Homes

792 views • 34 slides
E-verifikation Anita Finne Grahnn, LIF E- verification Pharmaceutical Pharmacist Wholesaler

E-verifikation Anita Finne Grahnn, LIF E- verification Pharmaceutical Pharmacist Wholesaler

E-verifikation Anita Finne Grahnn, LIF E- verification Pharmaceutical Pharmacist Wholesaler Patient Wholesaler Manufacturer Product Flow Unique Verification Serialisation with upon Dispense Random Numbers Voluntary to Patient

397 views • 5 slides
Random Numbers RANDOM VS PSEUDO RANDOM Truly Random numbers From Wolfram: A random number

Random Numbers RANDOM VS PSEUDO RANDOM Truly Random numbers From Wolfram: A random number

Random Numbers RANDOM VS PSEUDO RANDOM Truly Random numbers From Wolfram: A random number is a number chosen as if by chance from some specified distribution such that selection of a large set of these numbers reproduces the underlying

720 views • 12 slides
B.c) DES W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.61 Remark There exist (2

B.c) DES W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.61 Remark There exist (2

1 B.c) DES W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.61 Remark There exist (2 n )! permutations {0,1} n {0,1} n . Clearly, | K | (2 n )! for any block cipher with block length n. In a true random block cipher

998 views • 58 slides
Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the

1.11k views • 63 slides
Disclosures Research Grant support to UCSF from Advanced HCV management AbbVie Gilead

Disclosures Research Grant support to UCSF from Advanced HCV management AbbVie Gilead

12/8/17 Disclosures Research Grant support to UCSF from Advanced HCV management AbbVie Gilead Annie Luetkemeyer, MD Merck Division of HIV, ID and Global Medicine Proteus ZSFG, UCSF NIH Overview Renal failure

566 views • 13 slides
OS Layer 2: Remember OS is a layer bet ween t he under lying Archit ect ural Underpinnings

OS Layer 2: Remember OS is a layer bet ween t he under lying Archit ect ural Underpinnings

OS Layer 2: Remember OS is a layer bet ween t he under lying Archit ect ural Underpinnings har dwar e and applicat ion demands OS f unct ionalit y det er mined by bot h and Applicat ion Requirement s Feat ur es of t he har dwar e

642 views • 7 slides
Plans for Crab Cavity Produc3on Pre-Series &amp; Series L. Ristori SRFD Department - Fermilab 1

Plans for Crab Cavity Produc3on Pre-Series &amp; Series L. Ristori SRFD Department - Fermilab 1

Plans for Crab Cavity Produc3on Pre-Series &amp; Series L. Ristori SRFD Department - Fermilab 1 LARP/HiLumi CM SLAC, May 18 th 20 th , 2016 Outline LARP Crab Cavity Contribu3on Strategic Plan Supplier Qualifica3ons

341 views • 14 slides
D.S.G. POLLOCK: TOPICS IN ECONOMETRICS 2011 1. EXPECTATIONS AND CONDITIONAL EXPECTATIONS The joint

D.S.G. POLLOCK: TOPICS IN ECONOMETRICS 2011 1. EXPECTATIONS AND CONDITIONAL EXPECTATIONS The joint

D.S.G. POLLOCK: TOPICS IN ECONOMETRICS 2011 1. EXPECTATIONS AND CONDITIONAL EXPECTATIONS The joint density function of x and y is f ( x, y ) = f ( x | y ) f ( y ) = f ( y | x ) f ( x ) , (1) where f ( x ) = f ( x, y ) dx and f ( y ) =

592 views • 21 slides
A Unified Approach to State Constrained Optimal Control, Based on Distance Estimates Richard B.

A Unified Approach to State Constrained Optimal Control, Based on Distance Estimates Richard B.

A Unified Approach to State Constrained Optimal Control, Based on Distance Estimates Richard B. Vinter, Imperial College State Constrained Dynamical Systems Conference Dip. di Matematica Tullio Levi-Civita, Univ. di Padova

653 views • 30 slides
Volatility Modulated Volterra Processes Ole E. Barndorff-Nielsen Thiele Centre Department of

Volatility Modulated Volterra Processes Ole E. Barndorff-Nielsen Thiele Centre Department of

THIELE CENTRE for applied mathematics in natural science Volatility Modulated Volterra Processes Ole E. Barndorff-Nielsen Thiele Centre Department of Mathematical Sciences University of Aarhus THIELE CENTRE for applied mathematics in natural

918 views • 72 slides
RCH EMR Team #RCHbigbang #HIC19 Mike.south@rch.org.au April 2016 EMR implemented Why might

RCH EMR Team #RCHbigbang #HIC19 Mike.south@rch.org.au April 2016 EMR implemented Why might

RCH EMR Team #RCHbigbang #HIC19 Mike.south@rch.org.au April 2016 EMR implemented Why might this be of interest &amp; why now? 1 st Epic implementation in Australasia Extensive Big - Bang methodology 1 st Hospital patient / family portal

727 views • 28 slides
Mesh Generation Jean-Daniel Boissonnat Geometrica, INRIA http://www-sop.inria.fr/geometrica

Mesh Generation Jean-Daniel Boissonnat Geometrica, INRIA http://www-sop.inria.fr/geometrica

Mesh Generation Jean-Daniel Boissonnat Geometrica, INRIA http://www-sop.inria.fr/geometrica Winter School, University of Nice Sophia Antipolis January 26-30, 2015 Winter School 4 Mesh generation Sophia Antipolis 1 / 23 Meshing surfaces and

610 views • 29 slides

More recommend