1 / 21

Electronic National Lotteries

Electronic National Lotteries. Jessica Greer. Agenda. Large-scale electronic lotteries: What are they good for? (absolutely nothin’?) Requirements for electronic lottery systems Lotteries vs. Casinos Konstantinou’s protocol – does it meet the requirements?. Large-scale E-Lotteries.

kineta
Télécharger la présentation

Electronic National Lotteries

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic National Lotteries Jessica Greer CS 551: CRyptography Applications Bistro

  2. Agenda • Large-scale electronic lotteries: What are they good for? (absolutely nothin’?) • Requirements for electronic lottery systems • Lotteries vs. Casinos • Konstantinou’s protocol – does it meet the requirements? CS 551: CRyptography Applications Bistro

  3. Large-scale E-Lotteries • Advantages over mechanical systems: • Fast (high frequency) • Dynamic • Accessible • Efficient micropayment scheme CS 551: CRyptography Applications Bistro

  4. Requirements • Uniform distribution of generated numbers • Unpredictable by anyone (even with access to history, audit logs) • Unalterable – drawing and winner declaration • Able to detect interference, errors (UK Lotto) • Standardized, certifiable CS 551: CRyptography Applications Bistro

  5. Requirements, cont’d.. • Under regular scrutiny • Details publicly available • High availability • Scalability CS 551: CRyptography Applications Bistro

  6. Casinos vs. Lotteries • Schneier’s solution: collaboration of gamblers for random number generation • Lotteries: Users’ selections independent of one another CS 551: CRyptography Applications Bistro

  7. Protocol Overview Initialization: Generator and verifier exchange keys for encryption, signature CS 551: CRyptography Applications Bistro

  8. Protocol Overview 1. Generator draws sequence of bits from TRNG for seeding CS 551: CRyptography Applications Bistro

  9. Protocol Overview 1. Generator draws sequence of bits from TRNG for seeding 2. Generator executes bit-commitment protocol* on seed bit sequence * Seed commitment based on RSA encryption & RIPEMD-160 hashing CS 551: CRyptography Applications Bistro

  10. Protocol Overview 2. Generator executes bit-commitment protocol* on seed bit sequence 3. Resulting packet sent to Verifier, which signs the commitment * Seed commitment based on RSA encryption & RIPEMD-160 hashing CS 551: CRyptography Applications Bistro

  11. Protocol Overview 4. Verifier sends generator a hash of file containing the coupons 3. Resulting packet sent to Verifier, which signs the commitment CS 551: CRyptography Applications Bistro

  12. Protocol Overview 5. Generator concatenates seed with hash value from Verifier* 4. Verifier sends generator a hash of file containing the coupons *State-stamping step – freezes coupons CS 551: CRyptography Applications Bistro

  13. Protocol Overview 6. Generator feeds first part of original TRNG-generated bit sequence through Naor-Reingold function 5. Generator concatenates seed with hash value from Verifier CS 551: CRyptography Applications Bistro

  14. Protocol Overview 7. Resulting bit stream XORed with 2nd part of initial seed; this result is sent through several pseudorandom number generators 6. Generator feeds first part of original TRNG-generated bit sequence through Naor-Reingold function CS 551: CRyptography Applications Bistro

  15. Protocol Overview 8. Generator opens initial random seed bits (de-commitment). Encrypts and signs seed & numbers; sends file to Verifier. Stops. 7. Resulting bit stream XORed with 2nd part of initial seed; this result is sent through several pseudorandom number generators CS 551: CRyptography Applications Bistro

  16. Protocol Overview 9. Verifier authenticates file, decrypts it, recovers winning numbers + seed used to generate them 8. Generator opens initial random seed bits (de-commitment). Encrypts and signs seed & numbers; sends file to Verifier. Stops. CS 551: CRyptography Applications Bistro

  17. Protocol Overview 9. Verifier authenticates file, decrypts it, recovers winning numbers + seed used to generate them 10. Verifier checks that Generator has committed to seed CS 551: CRyptography Applications Bistro

  18. Protocol Overview 10. Verifier uses seed to duplicate Generator’s tasks. If results match, finalize; if not, restart with Gen2 10. Verifier checks that Generator has committed to seed CS 551: CRyptography Applications Bistro

  19. Requirements • Uniform distribution of generated numbers – TRNG’s + Naor-Reingold • Unpredictable by anyone (even with access to history) - same • Unalterable – drawing and winner declaration – Verifier auditing • Able to detect interference, errors (UK Lotto) – Verifier auditing, audit logs • Standardized, certifiable - ? CS 551: CRyptography Applications Bistro

  20. Requirements, cont’d.. • Under periodic scrutiny – alert function in case of discrepancies • Details publicly available – paper… • High availability – depends on hardware; some redundancy built-in • Scalability - ? CS 551: CRyptography Applications Bistro

  21. UK’s version http://www.national-lottery.co.uk/player/p/home/home.do CS 551: CRyptography Applications Bistro

More Related