Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.649374
Title: Zero-knowledge proofs in theory and practice
Author: Bernhard, David
ISNI:       0000 0004 5354 7317
Awarding Body: University of Bristol
Current Institution: University of Bristol
Date of Award: 2014
Availability of Full Text:
Access from EThOS:
Abstract:
Zero-knowledge proof schemes are one of the main building blocks of modern cryptography. Using the Helios voting protocol as a practical example, we show mistakes in the previous understanding of these proof schemes and the resulting security problems. We proceed to define a hierarchy of security notions that solidifies our understanding of proof schemes: weak proof schemes, strong proof schemes and multi-proofs. We argue that the problems in Helios result from its use of weak proofs and show how these proofs can be made strong. We provide the first proof of ballot privacy for full Helios ballots with strong proofs. In Helios, a proof scheme commonly known as Fiat-Shamir-Schnorr is used to strengthen encryption, a construction also known as Signed E1Gamal or more generally, Encrypt+PoK. We show that in the Encrypt+PoK construction, our hierarchy of proof scheme notions corresponds naturally to a well-known hierarchy of security notions for public-key encryption: weal< proofs yield chosen-plain text secure encryption, strong proofs yield non-malleable encryption and multi-proofs yield chosen-ciphertext secure encryption. Next, we ask whether Signed E1Gamal is chosen-ciphertext secure, a question closely related but not identical to whether Fiat-Shamir-Schnorr proofs are multi-proofs. We answer both these questions negatively: under a reasonable assumption, the failure of which would cast doubt on the security of Schnorr-like proofs, we prove that Signed E1Gamal cannot be shown to be chosen-ciphertext secure by a reduction to the security of plain E1Gamal. This answers an open question, to our knowledge first asked by Shoup and Gennaro in a paper published in 1998.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.649374  DOI: Not available
Share: