Results 1 - 10 of 30

A Verifiable Secret Shuffle of Homomorphic Encryptions

by Jens Groth , 2003
"... We show how to prove in honest verifier zero-knowledge the correctness of a shuffle of homomorphic encryptions (or homomorphic commitments.) A shuffle consists in a rearrangement of the input ciphertexts and a reencryption of them so that the permutation is not revealed. Our scheme ..."
Abstract - Cited by 80 (7 self) - Add to MetaCart
We show how to prove in honest verifier zero-knowledge the correctness of a shuffle of homomorphic encryptions (or homomorphic commitments.) A shuffle consists in a rearrangement of the input ciphertexts and a reencryption of them so that the permutation is not revealed. Our scheme
(Show Context)

A universally composable mix-net.

by Douglas Wikström - TCC 2004. LNCS, , 2004
"... Abstract. A mix-net is a cryptographic protocol executed by a set of mix-servers that provides anonymity for a group of senders. The main application is electronic voting. Numerous mix-net constructions and stand-alone definitions of security are proposed in the literature, but only partial proofs ..."
Abstract - Cited by 30 (5 self) - Add to MetaCart
Abstract. A mix-net is a cryptographic protocol executed by a set of mix-servers that provides anonymity for a group of senders. The main application is electronic voting. Numerous mix-net constructions and stand-alone definitions of security are proposed in the literature, but only partial proofs of security are given for most constructions and no construction has been proved secure with regards to any kind of composition. We define an ideal mix-net in the universally composable security framework of Canetti
(Show Context)

Efficient Anonymity-Preserving Data Collection

by Justin Brickell, Vitaly Shmatikov , 2006
"... The output of a data mining algorithm is only as good as its inputs, and individuals are often unwilling to provide accurate data about sensitive topics such as medical history and personal finance. Individuals may be willing to share their data, but only if they are assured that it will be used in ..."
Abstract - Cited by 21 (1 self) - Add to MetaCart
The output of a data mining algorithm is only as good as its inputs, and individuals are often unwilling to provide accurate data about sensitive topics such as medical history and personal finance. Individuals may be willing to share their data, but only if they are assured that it will be used in an aggregate study and that it cannot be linked back to them. Protocols for anonymity-preserving data collection provide this assurance, in the absence of trusted parties, by allowing a set of mutually distrustful respondents to anonymously contribute data to an untrusted data miner. To effectively provide anonymity, a data collection protocol must be collusion resistant, which means that even if all dishonest respondents collude with a dishonest data miner in an attempt to learn the associations between honest respondents and their responses, they will be unable to do so. To achieve collusion resistance, previously proposed protocols for anonymity-preserving data collection have quadratically many communication rounds in the number of respondents, and employ (sometimes incorrectly) complicated cryptographic techniques such as zero-knowledge proofs. We describe a new protocol for anonymity-preserving, collusion resistant data collection. Our protocol has linearly many communication rounds, and achieves collusion resistance without relying on zero-knowledge proofs. This makes it especially suitable for data mining scenarios with a large number of respondents.

Analysis, improvement, and simplification of Prêt à Voter with Paillier encryption. In Electronic Voting Technology Workshop (EVT), 2008. Cited on page 63. Wissenschaftlicher Werdegang November 2010 - November 2013 Wissenschaftliche Mitarbeiterin und Do

by Zhe Xia, Steve A Schneider, James Heather, Jacques Traoré
"... ..."
Abstract - Cited by 16 (1 self) - Add to MetaCart
Abstract not found
(Show Context)

A Sender Verifiable Mix-Net and a New Proof of a Shuffle

by Douglas Wikström , 2005
"... We introduce the first El Gamal based mix-net in which each mix-server partially decrypts and permutes its input, i.e., no reencryption is necessary. An interesting property of the construction is that a sender can verify non-interactively that its message is processed correctly. We call this sende ..."
Abstract - Cited by 12 (2 self) - Add to MetaCart
We introduce the first El Gamal based mix-net in which each mix-server partially decrypts and permutes its input, i.e., no reencryption is necessary. An interesting property of the construction is that a sender can verify non-interactively that its message is processed correctly. We call this sender verifiability. The mix-net is provably UC-secure against static adversaries corrupting any minority of the mix-servers. The result holds under the decision Diffie-Hellman assumption, and assuming an ideal bulletin board and an ideal zero-knowledge proof of knowledge of a correct shuffle. Then we construct the first proof of a decryption-permutation shuffle, and show how this can be transformed into a zero-knowledge proof of knowledge in the UC-framework. The protocol is sound under the strong RSA-assumption and the discrete logarithm assumption. Our proof of a shuffle is not a variation of existing methods. It is based on a novel idea of independent interest, and we argue that it is at least as efficient as previous constructions.

Cryptanalysis of a universally verifiable efficient re-encryption mixnet

by Shahram Khazaei, Björn Terelius - In International conference on Electronic Voting Technology/Workshop on Trustworthy Elections , 2012
"... We study the heuristically secure mix-net proposed by Puiggalí and Guasch (EVOTE 2010). We present practical attacks on both correctness and privacy for some sets of parameters of the scheme. Although our attacks only allow us to replace a few inputs, or to break the privacy of a few voters, this sh ..."
Abstract - Cited by 7 (0 self) - Add to MetaCart
We study the heuristically secure mix-net proposed by Puiggalí and Guasch (EVOTE 2010). We present practical attacks on both correctness and privacy for some sets of parameters of the scheme. Although our attacks only allow us to replace a few inputs, or to break the privacy of a few voters, this shows that the scheme can not be proven secure. 1
(Show Context)

A mix-net from any cca2 secure cryptosystem

by Shahram Khazaei, Tal Moran - In ASIACRYPT , 2012
"... Abstract. We construct a provably secure mix-net from any CCA2 secure cryp-tosystem. The mix-net is secure against active adversaries that statically corrupt less than λ out of k mix-servers, where λ is a threshold parameter, and it is robust provided that at most min(λ − 1, k − λ) mix-servers are c ..."
Abstract - Cited by 5 (0 self) - Add to MetaCart
Abstract. We construct a provably secure mix-net from any CCA2 secure cryp-tosystem. The mix-net is secure against active adversaries that statically corrupt less than λ out of k mix-servers, where λ is a threshold parameter, and it is robust provided that at most min(λ − 1, k − λ) mix-servers are corrupted. The main component of our construction is a mix-net that outputs the correct re-sult if all mix-servers behaved honestly, and aborts with probability 1−O(H−(t−1)) otherwise (without disclosing anything about the inputs), where t is an auxiliary security parameter and H is the number of honest parties. The running time of this protocol for long messages is roughly 3tc, where c is the running time of Chaum’s mix-net (1981). 1
(Show Context)

Randomized Partial Checking Revisited

by Shahram Khazaei, Douglas Wikström , 2012
"... We study mix-nets with randomized partial checking (RPC) as proposed by Jakobsson, Juels, and Rivest (2002). RPC is a technique to verify the correctness of an execution both for Chaumian and homomorphic mix-nets. The idea is to relax the correctness and privacy requirements to achieve a more effici ..."
Abstract - Cited by 3 (0 self) - Add to MetaCart
We study mix-nets with randomized partial checking (RPC) as proposed by Jakobsson, Juels, and Rivest (2002). RPC is a technique to verify the correctness of an execution both for Chaumian and homomorphic mix-nets. The idea is to relax the correctness and privacy requirements to achieve a more efficient mix-net. We identify serious issues in the original description of mix-nets with RPC and show how to exploit these to break both correctness and privacy, both for Chaumian and homomorphic mix-nets. Our attacks are practical and applicable to real world mix-net implementations, e.g., the Civitas and the Scantegrity voting systems. 1
(Show Context)

Designing and Attacking Anonymous Communication Systems

by George Danezis , 2004
"... This report contributes to the field of anonymous communications over widely deployed communication networks. It describes ..."
Abstract - Cited by 3 (1 self) - Add to MetaCart
This report contributes to the field of anonymous communications over widely deployed communication networks. It describes

Privacy and Verifiability in Voting Systems: Methods, Developments and Trends

by Hugo Jonker , Sjouke Mauw , Jun Pang , 2013
"... One of the most challenging aspects in computer-supported voting is to combine the apparently conflicting requirements of privacy and verifiability. On the one hand, privacy requires that a vote cannot be traced back from the result to a voter, while on the other hand, verifiability states that a vo ..."
Abstract - Cited by 2 (0 self) - Add to MetaCart
One of the most challenging aspects in computer-supported voting is to combine the apparently conflicting requirements of privacy and verifiability. On the one hand, privacy requires that a vote cannot be traced back from the result to a voter, while on the other hand, verifiability states that a voter can trace the effect of her vote on the result. This can be addressed using various privacy-enabling cryptographic primitives which also offer verifiability. As more and more refined voting systems were proposed, understanding of first privacy and later verifiability in voting increased, and notions of privacy as well as notions of verifiability in voting became increasingly more refined. This has culminated in a variety of verifiable systems that use cryptographic primitives to ensure specific kinds of privacy. However, the corresponding privacy and verifiability claims are not often verified independently. When they are investigated, claims have been invalidated sufficiently often to warrant a cautious approach to them. The multitude of notions, primitives and proposed solutions that claim to achieve both privacy and verifiability form an interesting but complex landscape. The purpose of this paper is to survey this landscape by providing an overview of the methods, developments and current trends regarding privacy and verifiability in voting systems.