Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Pairing-Based Blind Signature

Published byEdgardo Wyler Modified over 9 years ago

Similar presentations

Presentation on theme: "A Pairing-Based Blind Signature"— Presentation transcript:

1 A Pairing-Based Blind Signature
E-Voting Scheme LOURDES L O PEZ-GARC I A, LUIS J. DOMINGUEZ PEREZ, FRANCISCO RODR I GUEZ-HENR I QUEZ The Computer Journal July 2013 Presenter:陳昱安 Date:2013/10/14

2 Outline Introduction Mathematical Background Digital Signatures
The Proposed E-Voting Scheme Security Analysis Implementation Aspects Conclusions 2

3 Outline Introduction Mathematical Background Digital Signatures
The Proposed E-Voting Scheme Security Analysis Implementation Aspects Conclusions 3

4 Introduction(1/2) 4

5 Introduction(2/2) Eligibility Uniqueness No-coercion Accuracy
Receipt-freeness Variability 5

6 Outline Introduction Mathematical Background Digital Signatures
The Proposed E-Voting Scheme Security Analysis Implementation Aspects Conclusions 6

7 Mathematical Background
Elliptic curves Bilinear pairings over Barreto-Naehig curves Security assumptions 7

8 Outline Introduction Mathematical Background Digital Signatures
The Proposed E-Voting Scheme Security Analysis Implementation Aspects Conclusions 8

9 Digital Signatures(1/4)
The Boneh-Lynn-Shacham short signature scheme Let (𝔾1 =〈P〉 , 𝔾2 =〈Q〉) : additive groups of order r P , Q : points over an elliptic curve r : a prime number H1 : the map-to-point function H1 : 0,1 ∗ → 𝔾1 9

10 Digital Signatures(2/4)
Key generation Pick a random integer d ∈ ℤr and compute V = dQ. V ∈ 𝔾2 : public key , d : private key. Signing Given a private key d, a message m ∈ 0,1 ∗ . Compute M = H1(m) and S = dM. The signature of m is S ∈ 𝔾1. Verification Given a public key V ∈ 𝔾2, a message m ∈ 0,1 ∗ , and a signature S ∈ 𝔾1. 𝑒 𝑄, 𝑆 = 𝑒 (V,H1(m)) ? 10

11 Digital Signatures(3/4)
Blind signatures (𝔾1 , 𝔾2, P , Q , r , H1) Key generation Pick a random integer d ∈ ℤr and compute V = dQ. V ∈ 𝔾2 : public key , d : private key. Blinding (user) Given a message m , calculate M = H1(m) , randomly find b ∈ ℤ 𝑟 ∗ ; compute 𝑀 =𝑏𝑀. 11

12 Digital Signatures(4/4)
Signature (signer) Given a blind message 𝑀 ; d : private key of the signer, compute S =𝑑 𝑀 ; Unblinding (user) Given a blind signature S and a blind factor b, calculate 𝑆=𝑏 −1 𝑆 . Then S is the signature of the message m. Signature Verification (third party) Given a message m, a signature S ; V : public key of the signer , check 𝑒 𝑄, 𝑆 = 𝑒 (V,H1(m)) ? 12

13 Outline Introduction Mathematical Background Digital Signatures
The Proposed E-Voting Scheme Security Analysis Implementation Aspects Conclusions 13

14 The Proposed E-Voting Scheme(1/4)
Registration Authentication Voting Counting 14

15 The Proposed E-Voting Scheme(2/4)
Protocol dataflow Notation Authentication Server (AS) ; Voting Server (VS) {dAS , VAS}: private/public key pair of AS. {dVS , VVS}: private/public key pair of VS. {IDV , dV , VV}: identifier and private/public key 15

16 The Proposed E-Voting Scheme(3/4)
16

17 The Proposed E-Voting Scheme(4/4)
17

18 Outline Introduction Mathematical Background Digital Signatures
The Proposed E-Voting Scheme Security Analysis Implementation Aspects Conclusions 18

19 Security Analysis (1/6) Voter privacy randomly generated.
The pseudonym private key dt and public key Vt are randomly generated. Knowing the message m implies finding b in the equation. 19

20 Security Analysis (2/6) Eligibility will be accepted as legitimate.
The voter requests from the AS a blind signed ballot that will be accepted as legitimate. Before producing the blind signature , the AS must authenticate the voter by reviewing the nominal list, S M using the public key of the voter who is requesting the blank ballot. 20

21 Security Analysis (3/6) Uniqueness
During the authentication phase the AS marks the voter record in the nominal list. In the voting phase, the VS checks the ballots, if both signatures are valid, then the ballot is stored as valid or invalid otherwise. In the counting phase, the VS verifies the signatures with which was generated for the ballot. 21

22 Security Analysis (4/6) No-coercion ; Receipt-freeness
When the results are published after the counting phase, the voter cannot prove who she voted for. This is because of the generation of a random value a that adds randomness to the hash message used as a receipt. The ACK has the goal to show to the voter that the ballot was received by the VS. 22

23 Security Analysis (5/6) Accuracy
To identify a fraudulent ballot means to find a pair that uses the same value for Vt . If when comparing two ballots, both have the same Vt , then the VS discards the second ballot as fraudulent/repeated and counts only the first one. 23

24 Security Analysis (6/6) Verifiability The ACK guarantees two things :
a. The voter can verify if her ACK is found in the list of valid votes , no chance to extract the value of the vote, due to the random number a and the hash of all values mentioned. b. The VS can prove the accuracy of the results to show that all ACK are unique. 24

25 Outline Introduction Mathematical Background Digital Signatures
The Proposed E-Voting Scheme Security Analysis Implementation Aspects Conclusions 25

26 Implementation Aspects (1/4)
26

27 Implementation Aspects (2/4)
27

28 Implementation Aspects (3/4)
28

29 Implementation Aspects (4/4)
29

30 Outline Introduction Mathematical Background Digital Signatures
The Proposed E-Voting Scheme Security Analysis Implementation Aspects Conclusions 30

31 Conclusions An electronic voting scheme based on blind signature is proposed which meets the necessary requirements to guarantee a reliable election. This proposal requires a minimal number of interactions with electoral entities and more efficient than other e-voting schemes based on RSA or DSA crypto schemes. 31

Download ppt "A Pairing-Based Blind Signature"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Analysis of an Internet Voting Protocol Dale Neal Garrett Smith.

Analysis of an Internet Voting Protocol Dale Neal Garrett Smith.
1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
Course summary COS 433: Crptography -Spring 2010 Boaz Barak.

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Prepared by :  Zain Al Ardah.  Renan Atrash. Supervisor :  Haya Sammaneh.

Prepared by :  Zain Al Ardah.  Renan Atrash. Supervisor :  Haya Sammaneh.
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.

Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.
Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.

Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.
Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)

Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.

Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Similar presentations

Ads by Google