1 / 17

Dining Cryptographers

Dining Cryptographers. Paper by David Chaum (1988) Presentation by Glenn Fink. Dining Cryptographers: Overview. Who says all the tough papers are at the end of the semester? Anyone know what the Frobenius automorphism of the Galois group GF(p n ) is?

stefan
Télécharger la présentation

Dining Cryptographers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dining Cryptographers Paper by David Chaum (1988) Presentation by Glenn Fink Dining Cryptographers, Glenn Fink

  2. Dining Cryptographers: Overview • Who says all the tough papers are at the end of the semester? • Anyone know what the Frobenius automorphism of the Galois group GF(pn) is? • But apart from this, there is still much of practical utility in the paper. Dining Cryptographers, Glenn Fink

  3. Dining Cryptographers Act I: Three of a kind “Same” “Same” • Flip Coins • Make Observations • Count Observations Result: #Diffs: 0 (Even) NSA Pays “Same” Dining Cryptographers, Glenn Fink

  4. Dining Cryptographers Act II: Two of a kind “Different” “Same” • Flip Coins • Make Observations • Count Observations Result: #Diffs: 2 (Even) NSA Pays “Different” Dining Cryptographers, Glenn Fink

  5. Dining Cryptographers Act III: Two of a kind + Inversion “Different” “Different” * Inverted * I’m paying, but no one knows it’s me! • Flip Coins • Make Observations • Count Observations Result: #Diffs: 3 (Odd) Some Cryptographer Pays “Different” Dining Cryptographers, Glenn Fink

  6. T H T T H H H T H H Diffs Diffs H H H H H H H H T T H H H H T H Diffs Diffs H H H H Proof Sketch (By Induction) T • All heads or all tails: 0 Diffs • One tail, rest heads: 2 Diffs • On each side of tail • Two tails, rest heads: 2 cases: • Two tails are adjacent: 2 Diffs • Two tails nonadjacent: 4 Diffs • N+1 tails, rest heads: three cases: • New tail is adjacent to one string of tails: No change • New tail is nonadjacent to any string of tails: Two more diffs • New tail connects two strings of tails: Two fewer diffs Result: If everyone tells the truth, there will always be an even number of differences T T Dining Cryptographers, Glenn Fink

  7. Anonymity Set 0 Graph Theory Interpretation Anonymity Set • Persons=Nodes • Keys=Edges • Shared by nodes • Anonymity Set: • The set of nodes whose transmissions are indistinguishable • Collusion • Sharing keys to expose another person’s transmissions Anonymity Set 1 Partial Collusion: Not all keys shared Dining Cryptographers, Glenn Fink

  8. Keys and Compromises • A “key” is really just a history of all the quarters that will ever be flipped between two participants. • E.g., a string of bits • Key compromise means that a third party also knows the results of each flip. Shared Keys Dining Cryptographers, Glenn Fink

  9. Practical Considerations • Key Generation • Generate a true one-time pad via a physical random process • Generate a short key and expand it via pseudo-random process • Key Distribution • Covertly: in person or via pre-shared symmetric cipher • Publicly: via a public-key-enabled key exchange • Key Usage • Everyone sees the stream of bits from the message • Everyone sees the sum of the outputs of all the nodes • Comparing the sum at each round tells whether someone is transmitting, but… • … No one knows the originator of the message Dining Cryptographers, Glenn Fink

  10. Transmission Example Round 1 yx 10 = 1 1100 10 = 1 1011 x1=y y1=x 10 = 1 1001 y1=x y x1=y 0111 10 = 1 y0=y y0=y • Flip Coins • Make Observations • Count Observations 00 = 0 0010 0100 00 = 0 Dining Cryptographers, Glenn Fink

  11. Transmission Example Round 2 yx 00 = 0 1100 00 = 0 1011 “yx” y0=y y0=y 10 = 1  0 1001 y0=y y x y1=x 0111 01 = 1 x0=x x0=x • Flip Coins • Make Observations • Count Observations 11 = 0 0010 0100 11 = 0 Dining Cryptographers, Glenn Fink

  12. Transmission Example Round 3 yx 11 = 0 1100 10 = 1 1011 “yx” y0=y y1=x 11 = 0  1 1001 x1=y y x y x0=x 0111 00 = 0 x1=y x0=x • Flip Coins • Make Observations • Count Observations 01 = 1 0010 0100 00 = 0 Dining Cryptographers, Glenn Fink

  13. Transmission Example Round 4 yx 11 = 0 1100 11 = 0 1011 y0=y y0=y 11 = 0 1001 y0=y y x y x y1=x 0111 10 = 1 x1=y x0=x • Flip Coins • Make Observations • Count Observations 01 = 1 0010 0100 00 = 0 Dining Cryptographers, Glenn Fink

  14. Transmission Example Summary y x “ ” y x y y x x y x y x  0 1 1 0 Anonymous Transmission Dining Cryptographers, Glenn Fink

  15. Attacking the Dining Cryptographers By partitioning a non-fully-connected network “1” Sum = 1; Transmitter is on this side. Sum = 1; Someone transmitted. Sum = 0; Transmitter is not on this side. Ring network can be attacked in n log n rounds Fully-connected network requires n-1 attackers! Dining Cryptographers, Glenn Fink

  16. Conclusion • Chaum’s protocol allows parties to transmit anonymous messages in public. • The protocol is highly resistant to collusion attacks. • But attacks are possible because anonymity degrades with time. • Protocol does not protect physical path tracing. • Protocol does not provide for message confidentiality. • Communication via this protocol is four times less efficient on average than traceable transmission protocols. • Protocol forms the basis for Chaum’s DC-Net. Dining Cryptographers, Glenn Fink

  17. Other References • Good source of information on all sorts of anonymity schemes: • http://www.freehaven.net/anonbib • Tutorial presentation given at ACM CCS 2004 on anonymity: • http://www.cs.georgetown.edu/~clay/ccs-anon.ppt Dining Cryptographers, Glenn Fink

More Related