Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malicious Participants

Published byAshley Stokes Modified over 5 years ago

Similar presentations

Presentation on theme: "Malicious Participants"— Presentation transcript:

1 Malicious Participants
Comparing various attempts of detecting malicious participants in DC networks

2 Approaches Chaum: Trap messages
Golle & Juels: Proof with bilinear maps Ahn, Bortz and Hopper: k-anonymous message transmission (for the case k=n)

3 Chaum: Trap Messages n Participants exchanging 1-bit keys pairwise
XOR of all keys equals to 0 One or zero participants send a 1-bit message Known and agreed key graph Commitment before publishing At least some throughput Existence of non-private blocks

4 Chaum: Trap Messages How to make non-private blocks?
Reservation scheme: Each participant reserves one block each round (easy detection of collisions in reservation block) Reservation block is non-private itself Commitment on dummy data to detect disturbers Improvement in Pfitzmann & Waidner (disco) 100n² bits in reservation block for 99% non- collision probability (Bos&Boer'90)

5 Chaum: Trap Messages How to set a trap:
Reservation block Data or Trap Data or Trap Data or Trap How to set a trap: Publish after Reservation: encs( r || i ) (r: random number, i: block index) Publish as trap data: r Publish after Trap: s (encryption secret key)

6 Golle & Juels Two protocols: short and long
Short: Overwhelming secure but limited block size Long: Arbitrary block size but only high secure Works on D-H generators over elliptic curves Reconstruction of messages for missing participants by threshold sharing of secret keys Basic idea is proof of both statements: The sum of keys is correct OR there is a message added There is at most one message added

7 Golle & Juels: Short DC n Participants
Participant i publish: Vi = ( Vi(0), ... , Vi(n) ) Vi(k) = m(k)·Wi(k), Wi(k) = ∏j ê( hash(k), yj )d·xi m(k) is message for a random k; 1 otherwise d is 1 for i<j; 0 for i=j; -1 for i>j xi resp. yi is secret / public key ê is an elliptic curve function Summary: multiplied in G, not added in GF(2)

8 Golle & Juels: Short DC Additional to Vi publish a verification vector σi g and h are random generators in G r1 .. rn are random numbers w(k) = g·hrk when msg sent in k; hrk otherwise σi = logh(g -1 ∏w) ??? Summary – Proof either one of: Wi(k) is correct AND knows logh(wk) OR knows logh(wk / g)

9 Golle & Juels: Short DC Unclear: Why does this prevent from sending multiple messages in one round?

10 Golle & Juils: Long DC PRNG(seed) like short DC and XOR message
Choose subset S = ( p1, ..., pn/2 ) without choosing the message pmsg Publish xi·hash(k) for all elements in S Idea: Attacker can not arbitrary select many places k for disturbing.

Download ppt "Malicious Participants"

Similar presentations

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Cryptography and Network Security

Cryptography and Network Security
The Dining Cryptographer Problem Security Presentation Nitesh Patel 2005h425.

The Dining Cryptographer Problem Security Presentation Nitesh Patel 2005h425.
Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 4 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 4 Lecturer: Moni Naor.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.

David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Aladdin Center, Carnegie Mellon University Deniable and Traceable Anonymity Andrew Bortz Joint work with: Luis von Ahn Nick Hopper Kevin O’Neill (Cornell)

Aladdin Center, Carnegie Mellon University Deniable and Traceable Anonymity Andrew Bortz Joint work with: Luis von Ahn Nick Hopper Kevin O’Neill (Cornell)
Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.

Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.

K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
Bob can sign a message using a digital signature generation algorithm

Bob can sign a message using a digital signature generation algorithm
Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN 317 12-03-2003.

Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS 4362 - CIS 5357 Network Security.

1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Topic 22: Digital Schemes (2)

Topic 22: Digital Schemes (2)
Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.

Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.

Similar presentations

Ads by Google