1 / 16

Threshold Paillier Encryption Web Service

Threshold Paillier Encryption Web Service. A Master’s Project Proposal by Brett Wilson. Motivation. Secure Electronic Voting Research Interest in improving current voting process is high 2000 Presidential election snafu Improved access/availability (voter turnout)

hedva
Download Presentation

Threshold Paillier Encryption Web Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson

  2. Motivation • Secure Electronic Voting Research • Interest in improving current voting process is high • 2000 Presidential election snafu • Improved access/availability (voter turnout) • Cryptographic research has led to new solutions to problems with electronic voting • Basic requirements for electronic voting • Privacy – All votes should be kept secret • Completeness – All valid votes should be counted correctly • Soundness – Any invalid vote should not be counted • Unreusability – No voter can vote twice • Eligibility – Only authorized voters can cast a vote • Fairness – Nothing can affect the voting • Extended Requirements for electronic voting • Robustness – faulty behavior of any reasonably sized coalition of participants can be tolerated • Universal Verifiability – any party can verify the result of the voting • Recipt-freeness – Voters are unable to prove the content of his/her vote • Incoercibility – Voter cannot be coerced into casting a particular vote by a coercer

  3. Motivation • Many of the proposed electronic voting protocols utilize threshold homomorhpic encryption schemes as part of the protocol • Protects voter privacy • Individual vote can not be decrypted without cooperation of t of l “authorities” • Efficient, universally verifiable vote tallying • Only sum of votes is decrypted • Individuals can compute encrypted sum, verify proof of correct decryption of sum • Implementations of threshold homomorphic encryption algorithms are not freely available

  4. Threshold Encryption • Public key encryption as usual • Distribute secret key “shares” among l participants • Decryption can only be accomplished if a threshold number t of the l participants cooperate • No information about m can be obtained with less than t participants cooperating • Proof of valid decryption is provided

  5. Paillier Encryption • Trapdoor Discrete Logarithm Scheme • c = gMrn mod n2 • n is an RSA modulus • g is an integer of order nα mod n2 • r is a random number in Zn* • M = L(cλ(n) mod n2)/L(gλ(n) mod n2) mod n • L(u) = (u-1)/n, λ(n)=lcm((p-1)(q-1)) • Important Properties • Homomorphic • E(M1 + M2) = E(M1) x E(M2), E(k x M) = E(M)k • Self-blinding • Re-encryption with a different r doesn’t change M

  6. Threshold Paillier Encryption • Different public key and secret key generation algorithm • Distribute key shares using RSA public key encryption • Distribute secret key shares using Shamir Secret Sharing scheme • Web Service will be an implementation of scheme proposed in “Sharing Decryption in the Context of Voting or Lotteries” Fouque, Poupard, and Stern 2000

  7. Use of Threshold Paillier Encryption in Secure Voting • Ballot format: pick 1 out of c candidates • Let N be number of voters, k such that N<2k • Vote = 2ck where c is the desired candidate number (0…c) • All Paillier-encrypted votes could be publicly posted • Votes include proof of validity (v lies in a given set of valid votes) • At end of election, all invalid votes are removed, all encrypted votes are then multiplied together to get encrypted sum (publicly verifiable) • With cooperation of the required threshold number of “authorities”, the final product could be decrypted to reveal the vote total (sum of individual votes). • A threshold number of authorities would not agree to decrypt a single particular vote, and thus the individual votes would remain private • All computations are publicly verifiable given the validity proofs that prove the decryption was done correctly

  8. Web Service Design Goals • Platform Independent • Use of web service • XML input/output • Extensible • Additional encryption algorithms could be added • Additional services could be offered • Threshold signatures • Verifiable Mix Net

  9. Implementation Tools • Visual Studio 2005 • VB.NET • Gnu Multiprecision Library (Gmp) • Open source arbitrary precision numeric library • Compiled under Visual Studio 2005 • NGmp • Open source VB.NET binding of gmp.dll • Enables calling of gmp library functions through VB.NET • Compiled under Visual Studio 2005

  10. Threshold Paillier EncryptionWeb Service • Key generation algorithm • Input • k – size of key • l – number of shares to generate • One RSA public key (of the designated participant) for each share • t – threshold parameter • Output • Public Key PK • List SK1, …, SKl of private key shares • Encrypted with supplied RSA keys so only designated participant can recover the key share • List of Verifier Keys VK, VK1, …,VKl • Used for proving validity of decryption

  11. Threshold Paillier EncryptionWeb Service • Encryption Algorithm • Input • Public Key PK • Random string r • Cleartext M • Output • Ciphertext c

  12. Threshold Paillier EncryptionWeb Service • Share Decryption Algorithm • Input • Ciphertext c • Private Key Share Ski • Encrypted with public key of webservice • Output • Decryption share ci • Validity proof pi

  13. Threshold Paillier EncryptionWeb Service • Combining Algorithm • Input • Ciphertext c • List of decryption shares c1,…,cl • List of verification keys VK, VK1…VKl • List of validity proofs P1,…Pl • Output • M

  14. Project Deliverables • A working prototype of Paillier Threshold Encryption Web Service (PTEWS) • A simple demo of applying PTEWS in online voting • A master project report documenting the research findings and lessons learned

  15. Tasks and Milestones • Week 1: Proposal Briefing/Approval • Week 2: WebService “skeleton” complete • WebMethod stubs created, classes for passing parameters and return results complete • Week 3: Encryption algorithms implemented • WebMethod stubs completely implemented with encryption and utility algorithms • Week 4: Testing Interface complete • Windows application for testing of Web Service • Simple test of voting application • Week 5: Final Report complete • Week 1 ends Oct 30, Week 5 ends Nov 27

  16. References • “Sharing Decryption in the Context of Voting or Lotteries” P. Fouque, G. Poupard, and J. Stern, 2000 • “Public Key Cryptosystems Based on Composite Degree Residuosity Classes” P. Paillier, 1999 • “How to Share a Secret” A. Shamir, 1979 • Big Number Libraries • Gnu Multiprecision Library – Opensource C language library • http://swox.com/gmp/ • J# BigInteger – J# library available from Microsoft • http://msdn.microsoft.com/msdnmag/issues/05/12/NETMatters/default.aspx • C# BigInteger – Opensource implementation of Java BigInteger • http://www.codeproject.com/csharp/biginteger.asp • NGmp .NET Mono Multiprecision Library (gmp binding to .NET) • http://sourceforge.net/projects/ngmp • Building Gmp with Visual Studio 2005 • http://fp.gladman.plus.com/computing/gmp4win.htm

More Related