Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits,...
Transcript of Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits,...
![Page 1: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/1.jpg)
Cryptography IIBen Adida
CIS, CSAIL, MIT3 May 2006
http://ben.adida.net/presentations/
![Page 2: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/2.jpg)
Last Time....
![Page 3: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/3.jpg)
Secret-Key Encryption
m0 m1 m2 m3 m4
IV c0 c1 c2 c3 c4
EK EK EK EK EKEnc Encsk sk sk sk sk EncEncEnc
![Page 4: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/4.jpg)
Number Theory
computing logg y mod p is hard
computing gx
mod p is easy
![Page 5: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/5.jpg)
Diffie-Hellman Key Exchange
Alice Bob
xA xB
yA = gxA yB = g
xB
yxB
A= g
xAxByxA
B= g
xAxB
yA
yB
![Page 6: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/6.jpg)
Public-Key Encryption
Alice
pk
sk c = Encpk (m)
m = Decsk (c)
Bob
Charlie
![Page 7: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/7.jpg)
Hybrid Encryption
generate a session key session key
c = Encsession key(m), Encpk (session key)
![Page 8: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/8.jpg)
Signatures
Reverse the Public-Key Encryption operation!
Signsk (m) = !
Verifypk (m, !) = True/False
Signsk (m) = Decsk (m)
Verifypk (m, !) ! Encpk (!)?= m
![Page 9: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/9.jpg)
Hash Functions
• “fingerprint” of a long document
• MD5 hashes to 128 bits, SHA1 hashes to 160 bits
• Properties★ Collision Attack
★ Pre-Image Attack
★ Second Pre-Image Attack
H(m) = hash, Signsk (H(m))
![Page 10: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/10.jpg)
Certificates
Alice Bob
EncpkB(m)
TTP
cert = SignTTP (“Bob,pkB”)
pkB , cert
![Page 11: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/11.jpg)
PGP
Alice Bob
Charlie
pkBob
pkCharlie
SignCharlie(“Bob”, pkBob)
EncpkBob(message)
![Page 12: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/12.jpg)
Advanced Applications
![Page 13: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/13.jpg)
Anti-Phishing
![Page 14: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/14.jpg)
![Page 15: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/15.jpg)
![Page 16: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/16.jpg)
![Page 17: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/17.jpg)
![Page 18: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/18.jpg)
![Page 19: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/19.jpg)
![Page 20: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/20.jpg)
![Page 21: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/21.jpg)
Fax Attack
![Page 22: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/22.jpg)
Phone Attack
![Page 23: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/23.jpg)
DNS
foo.com
MX Record
mail.foo.com
Alice Bob
wonderland.com
outgoing
mail server
mail.foo.com
incoming
mail server
MX2
1
3
4
SMTP Today
![Page 24: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/24.jpg)
No Proof of Origin
Alice Bob
wonderland.com
outgoing
mail server
mail.foo.com
incoming
mail server
phish.com
?
![Page 25: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/25.jpg)
User Interface
Indicators
Reputation
Management
A Platform of Trust
SSL
Automatic
Filtering
Reputation
Management
Light Sigs
We want to provide Just Enough Trust
![Page 26: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/26.jpg)
Basic Signatures
Alice
SKalice
PKalice
signwonderland(PKalice , “alice@wonderland .com !!)
Authority
Wonderland
SKwonderland PKwonderland
![Page 27: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/27.jpg)
DNS to distributeDomain-Level Keys
[DomainKeys]
wonderland.com
SKwonderland.com
Publish
DNS
wonderland.com
foo.com
PKwonderland.com
PK foo.com
![Page 28: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/28.jpg)
From: AliceTo: BobSubject: 6.976
It's the best class I've ever taken, seriously. You should take it.
Alice
Email Authentication
Alice
Authority
wonderland
SKwonderland
DNS
wonderland.com
PKwonderland
SKalice
PKalice
PKalice
signwonderland(PKalice ,
“alice@wonderland .com!!)
Bob
signalice(message)
![Page 29: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/29.jpg)
Email Authentication
Alice
Authority
wonderland
SKwonderland
SKalice
PKalice
• certifying a user’s public key can add significant overhead.
• distributing the secret key to all user access points is tricky.
... unless we rethink the security requirements a bit.
![Page 30: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/30.jpg)
Email-BasedAuthentication
[Gar2003] Alice
wonderland.com
incoming
mail server
wonderland.com
keyserver
....
SKwonderland.com
SK
certifi
cate
(PK
alice@wonderla
nd.com
)
![Page 31: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/31.jpg)
Server-Managed User Keys
Authority
wonderland
SKwonderland
DNS
wonderland.com
PKwonderlandwonderland.com
incoming
mail server
SKalice
PKalice
Bob
From: AliceTo: BobSubject: 6.976
It's the best class I've ever taken, seriously. You should take it.
Alice
signwonderland(PKalice ,
“alice@wonderland .com!!)
PKalice
signalice(message)
![Page 32: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/32.jpg)
DomainKeys
Authority
wonderland
SKwonderland
DNS
wonderland.com
PKwonderland
From: AliceTo: BobSubject: 6.976
It's the best class I've ever taken, seriously. You should take it.
Alice
From: AliceTo: BobSubject: 6.976
It's the best class I've ever taken, seriously. You should take it.
Alice
![Page 33: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/33.jpg)
Can we get the benefits of both user keys and
domain keys?
![Page 35: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/35.jpg)
ID-based Domains
BobAlice
[email protected] [email protected]
MPKwonderland.com MPKfoo.com
wonderland.com
keyserver
MSKwonderland.com
foo.com
keyserver
MSKfoo.com
![Page 36: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/36.jpg)
DNS to distributeMaster Public Keys
wonderland.com
key server
MSKwonderland.com
DNS
wonderland.com
foo.com
MPKwonderland.com
MPKfoo.com
Publish
![Page 37: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/37.jpg)
Email-Based Authentication for User Secret Keys
Alice
wonderland.com
incoming
mail server
wonderland.com
keyserver
MSKwonderland.com
SK
![Page 38: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/38.jpg)
Lightweight Signatures
Wonderland.comNetwork
wonderland.com
key server
Alice
foo.comNetwork
foo.com
key server
Bob
PUBLISH
DNS
wonderland.com
foo.com
PUBLISH
MPKfoo
1 1
MPKwonderland
SKA 2
4
MPKbank
5
6
From: Alice
To: Bob
Subject: 6.976!
Dev is the best
professor ever!
Signed:
Alice
![Page 39: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/39.jpg)
So What?
• Alice likes Bob
• Eve likes Bob
• Bob likes to gloat.BobAlice
Eve
Bob's Blog
Alice's Email -August 30th, 2005Check out what Alice wrote
me earlier today! Crazy
stuff.... who knew?
What if Bob publishes Alice’s Email on his blog?
This changes the nature of email.
![Page 40: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/40.jpg)
Ad-Hoc Group SigsFrom: Alice
To: Bob
Subject: Coffee?
Hey Bob,
Wanna meet for coffee? I'd
love to get to know you
better.
Signed:
Alice or Bob
![Page 41: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/41.jpg)
A Taste of Voting
![Page 42: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/42.jpg)
Voting is Hard
Verifiability Anonymity
![Page 43: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/43.jpg)
The Point of An Election
“The People have spoken....the bastards!”
Dick Tuck1966 Concession Speech
Provide enough evidenceto convince the loser.
concession speeches given before acceptance speeches.
![Page 44: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/44.jpg)
![Page 45: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/45.jpg)
Bulletin Board
Ben: “Bob”
Franz: “Alice” Whit:
“Bob”
Kevin: “Alice”
Ron: “Bob”
![Page 46: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/46.jpg)
Can we getballot secrecy and
election audit-ability?
![Page 47: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/47.jpg)
Encrypted Bulletin Board
Ben: d9cv0
Franz: e3s823 Whit:
n7390n
Kevin: x38vf
Ron: dfuciv2
![Page 48: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/48.jpg)
Verification?
Universal VerifiabilityBallot Casting Assurance
Ben:
d9cv0
Franz:
e3s823 Whit:
n7390n
Kevin: x38vf
Ron:
dfuciv2
Kevin
Vote:
Alice
Tally:
Bob
![Page 49: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/49.jpg)
Zero-Knowledge Proofs
![Page 50: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/50.jpg)
“How to Explain Zero-Knowledge to Your Children”
Quisquater & Guillou
graphics from Wikipedia
![Page 51: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/51.jpg)
“How to Explain Zero-Knowledge to Your Children”
Quisquater & Guillou
graphics from Wikipedia
![Page 52: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/52.jpg)
“How to Explain Zero-Knowledge to Your Children”
Quisquater & Guillou
graphics from Wikipedia
![Page 53: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/53.jpg)
Envelopes
Favorite:
Alice
President:
Mickey MousePresident:
Mickey MousePresident:
Mickey MousePresident:
Mickey MousePresident:
Mickey MousePresident:
Mickey MouseFavorite:
Alice
This last envelope probably contains “Alice”
![Page 54: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/54.jpg)
Graph 3-Coloring
![Page 55: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/55.jpg)
Graph 3-Coloring
![Page 56: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/56.jpg)
Graph 3-Coloring
![Page 57: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/57.jpg)
Graph 3-Coloring
![Page 58: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/58.jpg)
What did you learn?
Nothing more than the fact that I probably know a true 3-coloring.
![Page 59: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/59.jpg)
In particular
You did not learn enough to prove this same property to someone else.
Smells like....Proving the content of a vote while
preventing vote selling!
![Page 60: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/60.jpg)
Alice
Voter
Registration Database
Bob
Voter
Carol
Voter
anonymization
decryption
Results
Encrypted Votes
encryption
![Page 61: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/61.jpg)
Mixnet
Republicans Democrats Independents
Each mix server shuffles and rerandomizes the ciphertexts in private.
![Page 62: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/62.jpg)
Decryption Mixnet
c = Encpk0(Encpk1
(Encpk2(m)))
Each mix server “unwraps”a layer of this encryption onion.
![Page 63: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/63.jpg)
Verifying a Dec. Mixnet
Randomized Partial Checking - Juels, Jakobsson, Rivest 2002
1/2 of mix servers honest =no complete path is revealed
![Page 64: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/64.jpg)
Prêt-à-Voter
_______
_______
_______
_______
Alice
Bob
Charlie
David
8c3859x0dfsw
_______
_______
_______
_______
Bob
Charlie
David
Alice
3l0c8v3923434
_______
_______
_______
_______
Charlie
David
Alice
Bob
uyq838v8i348j
H(Onion) that routes the ballot througha Chaumian mixnet to recover the candidate order
![Page 65: Cryptography IIassets.adida.net/presentations/6976-spring06-crypto2.pdf• MD5 hashes to 128 bits, SHA1 hashes to 160 bits ... phish.com? User Interface Indicators Reputation Management](https://reader034.fdocuments.us/reader034/viewer/2022042921/5f6adf03fdb30b51c83103f6/html5/thumbnails/65.jpg)
Questions?