Some Aspects of Cryptographic Protocols

Time: Fri 2015-05-22 14.00

Location: Kollegiesalen Brinellvägen 8

Subject area: Computer Science

Doctoral student: Björn Terelius , TCS

Opponent: Ass. Professor Helger Lipmaa

Supervisor: Docent Douglas Wikström

Abstract


Cryptographic protocols are widely used on the internet, from relatively
simple tasks such as key-agreement and authentication to much more complex
problems like digital cash and electronic voting. Electronic voting in
particular is a problem we investigate in this thesis.
In a typical election, the main goals are to ensure that the votes are
counted correctly and that the voters remain anonymous, i.e. that nobody,
not even the election authorities, can trace a particular vote back to the voter.
There are several ways to achieve these properties, the most general being a
mix-net with a proof of a shuffle to ensure correctness. We propose a new,
conceptually simple, proof of a shuffle. We also investigate a mix-net which
omits the proof of a shuffle in favor of a faster, heuristically secure verification.
We demonstrate that this mix-net is susceptible to both attacks on correctness
and anonymity. A version of this mix-net was tested in the 2011 elections in
Norway.
We also look at a simple and widely used proof of knowledge of a discrete
logarithm in groups of prime order. While the requirement of prime order is
well known, we give a precise characterization of what the protocol proves in
a group of composite order. Furthermore, we present attacks against a class
of protocols of the same form, which shows that the protocol cannot easily be
extended to groups where the order is composite or unknown.
We finally look at the problem of music and video piracy. Using a buyerseller
watermark to embed a unique watermark in each sold copy has been
proposed as a deterrent since it allows a seller who discovers a pirated copy to
extract the watermark and find out which buyer released it. Existing buyerseller
watermarking schemes assume that all copies are downloaded directly
from the seller. In practice, however, the seller wants to save bandwidth by
allowing a paying customer to download most of the content from other buyers.
We introduce this as an interesting open research problem and present
a proof-of-concept protocol which allows transfer of content between buyers
while keeping the seller’s communication proportional to the size of the
watermark rather than the size of the content.