2.76k likes | 2.78k Views
Practical Aspects of Modern Cryptography. Josh Benaloh Brian LaMacchia. Winter 2011. Some Tools We’ve Developed. Homomorphic Encryption Secret Sharing Verifiable Secret Sharing Threshold Encryption Interactive Proofs. Secret Sharing Homomorphisms.
E N D
Practical Aspects of Modern Cryptography Josh Benaloh Brian LaMacchia Winter 2011
Some Tools We’ve Developed • Homomorphic Encryption • Secret Sharing • Verifiable Secret Sharing • Threshold Encryption • Interactive Proofs Practical Aspects of Modern Cryptography
Secret Sharing Homomorphisms Many secret sharing methods have an additional useful feature: If two secrets are separately shared amongst the same set of people in the same way, then the sum of the individual shares constitute shares of the sum of the secrets. Practical Aspects of Modern Cryptography
Secret Sharing Homomorphisms OR Secret: – Shares: , , …, Secret: – Shares: , , …, Secret sum: Share sums: , , …, Practical Aspects of Modern Cryptography
Secret Sharing Homomorphisms AND Secret: – Shares: , , …, Secret: – Shares: , , …, Secret sum: Share sums: , , …, Practical Aspects of Modern Cryptography
Secret Sharing Homomorphisms THRESHOLD Secret: – Shares:,, …, Secret: – Shares:,, …, Secret sum: Share sums:, , …, Practical Aspects of Modern Cryptography
Threshold Encryption I want to encrypt a secret message for a set of recipients such that • any of the recipients can uniquely decrypt the secret message , • but any set of fewer than recipients has no information whatsoever about the secret message . Practical Aspects of Modern Cryptography
Recall Diffie-Hellman • Alice • Randomly select a large integer and send . • Compute the key . • Bob • Randomly select a large integer and send . • Compute the key . Practical Aspects of Modern Cryptography
ElGamal Encryption Practical Aspects of Modern Cryptography
ElGamal Encryption • Alice selects a large random private key and computes an associated public key . Practical Aspects of Modern Cryptography
ElGamal Encryption • Alice selects a large random private key and computes an associated public key . • To send a message to Alice, Bob selects a random value and computes the pair . Practical Aspects of Modern Cryptography
ElGamal Encryption • Alice selects a large random private key and computes an associated public key . • To send a message to Alice, Bob selects a random value and computes the pair . • To decrypt, Alice computes . Practical Aspects of Modern Cryptography
ElGamal Re-Encryption If is a public key and the pair is an encryption of message , then for any value , the pair is an encryption of the same message , for any value . Practical Aspects of Modern Cryptography
Group ElGamal Encryption Practical Aspects of Modern Cryptography
Group ElGamal Encryption • Each recipient selects a large random private key and computes an associated public key . Practical Aspects of Modern Cryptography
Group ElGamal Encryption • Each recipient selects a large random private key and computes an associated public key . • The group key is . Practical Aspects of Modern Cryptography
Group ElGamal Encryption • Each recipient selects a large random private key and computes an associated public key . • The group key is . • To send a message to the group, Bob selects a random value and computes the pair . Practical Aspects of Modern Cryptography
Group ElGamal Encryption • Each recipient selects a large random private key and computes an associated public key . • The group key is . • To send a message to the group, Bob selects a random value and computes the pair . • To decrypt, each group member computes . The message . Practical Aspects of Modern Cryptography
Threshold Encryption (ElGamal) Practical Aspects of Modern Cryptography
Threshold Encryption (ElGamal) • Each recipient selects large random secret coefficients , , …, , and forms the polynomial Practical Aspects of Modern Cryptography
Threshold Encryption (ElGamal) • Each recipient selects large random secret coefficients , , …, , and forms the polynomial • Each polynomial is then verifiably shared with the other recipients by distributing each . Practical Aspects of Modern Cryptography
Threshold Encryption (ElGamal) • Each recipient selects large random secret coefficients , , …, , and forms the polynomial • Each polynomial is then verifiably shared with the other recipients by distributing each . • The joint (threshold) public key is . Practical Aspects of Modern Cryptography
Threshold Encryption (ElGamal) • Each recipient selects large random secret coefficients , , …, , and forms the polynomial • Each polynomial is then verifiably shared with the other recipients by distributing each . • The joint (threshold) public key is . • Any set of recipients can form the secret key to decrypt. Practical Aspects of Modern Cryptography
An Application Verifiable Elections Practical Aspects of Modern Cryptography
Verifiable Election Technologies As a voter, you can check that • your vote is correctly recorded • all recorded votes are correctly counted …even in the presence of malicious software, hardware, and election officials. Practical Aspects of Modern Cryptography
Traditional Voting Methods Practical Aspects of Modern Cryptography
Traditional Voting Methods • Hand-Counted Paper Practical Aspects of Modern Cryptography
Traditional Voting Methods • Hand-Counted Paper • Punch Cards Practical Aspects of Modern Cryptography
Traditional Voting Methods • Hand-Counted Paper • Punch Cards • Lever Machines Practical Aspects of Modern Cryptography
Traditional Voting Methods • Hand-Counted Paper • Punch Cards • Lever Machines • Optical Scan Ballots Practical Aspects of Modern Cryptography
Traditional Voting Methods • Hand-Counted Paper • Punch Cards • Lever Machines • Optical Scan Ballots • Electronic Voting Machines Practical Aspects of Modern Cryptography
Traditional Voting Methods • Hand-Counted Paper • Punch Cards • Lever Machines • Optical Scan Ballots • Electronic Voting Machines • Touch-Screen Terminals Practical Aspects of Modern Cryptography
Traditional Voting Methods • Hand-Counted Paper • Punch Cards • Lever Machines • Optical Scan Ballots • Electronic Voting Machines • Touch-Screen Terminals • Various Hybrids Practical Aspects of Modern Cryptography
Vulnerabilities and Trust • All of these systems have substantial vulnerabilities. • All of these systems require trust in the honesty and expertise of election officials (and usually the equipment vendors as well). Can we do better? Practical Aspects of Modern Cryptography
The Voter’s Perspective Practical Aspects of Modern Cryptography
The Voter’s Perspective Practical Aspects of Modern Cryptography
The Voter’s Perspective Practical Aspects of Modern Cryptography
The Voter’s Perspective Practical Aspects of Modern Cryptography
The Voter’s Perspective Practical Aspects of Modern Cryptography
The Voter’s Perspective Practical Aspects of Modern Cryptography
The Voter’s Perspective Practical Aspects of Modern Cryptography
The Voter’s Perspective Practical Aspects of Modern Cryptography
The Voter’s Perspective Practical Aspects of Modern Cryptography