Filters








36 Hits in 2.7 sec

A Mix-Net from Any CCA2 Secure Cryptosystem [chapter]

Shahram Khazaei, Tal Moran, Douglas Wikström
2012 Lecture Notes in Computer Science  
Properties of Chaum's Mix-Net • Works with any cryptosystem. • Only secure against passive attacks on mix-servers (if implemented correctly). • However, a voter that submitted c 0,i = Enc pk 1 (Enc pk  ...  • Works with any cryptosystem. • Only secure against passive attacks on mix-servers (if implemented correctly). • However, a voter that submitted c 0,i = Enc pk 1 (Enc pk 2 (· · · Enc pk k (m i , r k  ... 
doi:10.1007/978-3-642-34961-4_37 fatcat:geh3h7z56fb3bi7gwjtesqxtqm

Simplified Submission of Inputs to Protocols [chapter]

Douglas Wikström
2008 Lecture Notes in Computer Science  
Our solution is surprisingly simple and can be based on various Cramer-Shoup cryptosystems. To capture its security properties we introduce a variation of CCA2-security.  ...  The mix-net accepts an encrypted vote from each voter and outputs the set of votes in sorted order without revealing the permutation used.  ...  Clearly, any cryptosystem can be viewed as a trivial augmentation of itself, and if it is CCA2-secure then the trivial augmentation is also submission secure as defined below.  ... 
doi:10.1007/978-3-540-85855-3_20 fatcat:ln53gnrn6ncc3gfdq76nlxvy74

Rerandomizable and Replayable Adaptive Chosen Ciphertext Attack Secure Cryptosystems [chapter]

Jens Groth
2004 Lecture Notes in Computer Science  
For this notion we provide a construction (inspired by Cramer and Shoup's CCA2 secure cryptosystems) that is both rerandomizable and provably WRCCA secure.  ...  Essentially a cryptosystem that is RCCA secure has full CCA2 security except for the little detail that it may be possible to modify a ciphertext into another ciphertext containing the same plaintext.  ...  Consider for instance a cryptosystem that expands a CCA2 secure cryptosystem with a single bit, which is ignored in decryption.  ... 
doi:10.1007/978-3-540-24638-1_9 fatcat:rqwdddbzovb3tf5bmeaewckuxi

Randomized Partial Checking Revisited [chapter]

Shahram Khazaei, Douglas Wikström
2013 Lecture Notes in Computer Science  
The idea is to relax the correctness and privacy requirements to achieve a more efficient mix-net.  ...  RPC is a technique to verify the correctness of an execution both for Chaumian and homomorphic mix-nets.  ...  Currently, it is also the only viable option to construct a universally verifiable mix-net from any cryptosystem.  ... 
doi:10.1007/978-3-642-36095-4_8 fatcat:3dat2hsybvhodfhq5rlf3vdzim

Publicly verifiable ciphertexts

Juan González Nieto, Mark Manulis, Bertram Poettering, Jothi Rangasamy, Douglas Stebila, Ivan Visconti
2013 Journal of Computer Security  
In many applications where encrypted traffic flows from an open (public) domain to a protected (private) domain there exists a gateway that bridges these two worlds, faithfully forwarding all incoming  ...  We observe that the notion of indistinguishability against (adaptive) chosen-ciphertext attacks (IND-CCA2), which is a mandatory goal in face of active attacks in a public domain, can be relaxed to indistinguishability  ...  For efficiency and re-randomization reasons, most mix-net approaches require homomorphic properties of the input ciphertexts.  ... 
doi:10.3233/jcs-130473 fatcat:aulmb2ir6rdtlc7kziptgapzme

Conscript your friends into larger anonymity sets with JavaScript

Henry Corrigan-Gibbs, Bryan Ford
2013 Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society - WPES '13  
Our implementation results demonstrate the practicality of ConScript: a workstation running our prototype ConScript JavaScript client generates a dummy message for a mix-net in 81 milliseconds and it generates  ...  a dummy message for a DoS-resistant DC-net in 156 milliseconds.  ...  A number of standard cryptosystems, including RSA-OAEP, provide IND-CCA2 security under standard hardness assumptions [11] .  ... 
doi:10.1145/2517840.2517866 dblp:conf/wpes/Corrigan-GibbsF13 fatcat:2h2xt7s475hozlh37j7ibd5joq

Conscript Your Friends into Larger Anonymity Sets with JavaScript [article]

Henry Corrigan-Gibbs, Bryan Ford
2013 arXiv   pre-print
Our implementation results demonstrate the practicality of ConScript: a workstation running our ConScript prototype JavaScript client generates a dummy message for a mix-net in 81 milliseconds and it generates  ...  a dummy message for a DoS-resistant DC-net in 156 milliseconds.  ...  A number of standard cryptosystems, including RSA-OAEP, provide IND-CCA2 security under standard hardness assumptions [11] .  ... 
arXiv:1309.0958v1 fatcat:u6besj6wmfgedcsumujqhml6km

A Review of Cryptographic Electronic Voting

Yun-Xing Kho, Swee-Huay Heng, Ji-Jian Chin
2022 Symmetry  
A vast number of e-voting schemes including mix-net-based e-voting, homomorphic e-voting, blind signature-based e-voting, blockchain-based e-voting, post-quantum e-voting, and hybrid e-voting have been  ...  In addition, we provide a comprehensive review of various types of e-voting approaches in terms of their security properties, underlying tools, distinctive features, and weaknesses.  ...  and a secure mix-net does not need a blind signature.  ... 
doi:10.3390/sym14050858 fatcat:6dzkgrpxgfaanfaxwu3t7teco4

Efficient anonymity-preserving data collection

Justin Brickell, Vitaly Shmatikov
2006 Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '06  
To effectively provide anonymity, a data collection protocol must be collusion resistant, which means that even if all dishonest respondents collude with a dishonest data miner in an attempt to learn the  ...  We describe a new protocol for anonymity-preserving, collusion resistant data collection.  ...  A cryptosystem is IND-CCA2 if, for all probabilistic polynomial-time challengers, the advantage in the distinguishing game is negligible (dominated by 1 f (ρ) , where f is any polynomial and ρ is a security  ... 
doi:10.1145/1150402.1150415 dblp:conf/kdd/BrickellS06 fatcat:4ialv7oauvbwvbbd5a6nfxm35e

Atom: Horizontally Scaling Strong Anonymity [article]

Albert Kwon, Henry Corrigan-Gibbs, Srinivas Devadas, Bryan Ford
2017 arXiv   pre-print
Atom is most suitable for sending a large number of short messages, as in a microblogging application or a high-security communication bootstrapping ("dialing") for private messaging systems.  ...  of the system's servers, and any number of malicious users.  ...  Abe also proposed building a distributed mix-net from a butterfly permutation network [4] , though the construction had a flawed security analysis [5] .  ... 
arXiv:1612.07841v3 fatcat:6bvpcxo3sfh4vmftukvhtvs5dq

Homomorphic Encryption — Theory and Application [chapter]

Jaydip Sen
2013 Theory and Practice of Cryptography and Network Security Protocols and Technologies  
Mix-nets: Mix-nets are protocols that provide anonymity for senders by collecting encrypted messages from several users.  ...  A desirable property to build such mix-nets is re-encryption which is achieved by using homomorphic encryption.  ... 
doi:10.5772/56687 fatcat:amgaohpdbnal3ly6nsx4nvasmm

Homomorphic Encryption for Multiplications and Pairing Evaluation [chapter]

Guilhem Castagnos, Fabien Laguillaumie
2012 Lecture Notes in Computer Science  
From this generic method, we deduce a new homomorphic encryption scheme in a composite-order subgroup of points of an elliptic curve which admits a pairing e : G × G → Gt.  ...  We prove the semantic security under chosen plaintext attack of our scheme under a generalized subgroup membership assumption, and we also prove that it cannot achieve ind-cca1 security.  ...  Regarding the security against adaptive chosen ciphertexts attacks, the cryptosystem being homomorphic, it cannot be even one-way (ow − cca2) in this scenario.  ... 
doi:10.1007/978-3-642-32928-9_21 fatcat:47ac3ta75jdo3f6usc4stnf5oa

Dissent

Henry Corrigan-Gibbs, Bryan Ford
2010 Proceedings of the 17th ACM conference on Computer and communications security - CCS '10  
A working prototype demonstrates the protocol's practicality for anonymous messaging in groups of 40+ members.  ...  The N group members first cooperatively shuffle an N × N matrix of pseudorandom seeds, then use these seeds in N "pre-planned" DC-nets protocol runs.  ...  We also require a public-key cryptosystem, which must be IND-CCA2 secure [2] .  ... 
doi:10.1145/1866307.1866346 dblp:conf/ccs/Corrigan-GibbsF10 fatcat:4pvzl5qvhfbnddyaxh5uune63q

On the Security of Multiple Encryption or CCA-security+CCA-security=CCA-security? [chapter]

Rui Zhang, Goichiro Hanaoka, Junji Shikata, Hideki Imai
2004 Lecture Notes in Computer Science  
Additionally, new features may be achieved by multiple encrypting a message for a scheme, such as the key-insulated cryptosystems [13] and anonymous channels [8] .  ...  Since CCA security seems so stringent, we further relax it by introducing weak ME-CCA (ME-wCCA), and prove IND-ME-wCCA secure multiple encryption can be acquired from IND-gCCA secure component ciphers.  ...  Implementations achieving sender anonymity such as Mix-net [8] , onion routing [8, 23] , and the key-insulated cryptosystems [13] are all practical examples of multiple encryptions.  ... 
doi:10.1007/978-3-540-24632-9_26 fatcat:mdlloxy2dvbnbphg6om4kcj5ri

Security Analysis of Accountable Anonymity in Dissent

Ewa Syta, Henry Corrigan-Gibbs, Shu-Chun Weng, David Wolinsky, Bryan Ford, Aaron Johnson
2014 ACM Transactions on Privacy and Security  
Dining Cryptographers Networks (DC-nets) leave groups vulnerable to denial-of-service and Sybil attacks; mix networks are difficult to protect against traffic analysis; and accountable voting schemes are  ...  The new protocol also addresses several nontrivial attacks on the original DISSENT protocol stemming from subtle design flaws.  ...  We assume that the underlying public-key cryptosystem provides indistinguishable ciphertexts against a chosen-ciphertext attack, that is, that the cryptosystem is IND-CCA2 secure [Bellare et al. 1998  ... 
doi:10.1145/2629621 fatcat:xpscgxab7zakpeme6ocwxjxoqu
« Previous Showing results 1 — 15 out of 36 results