Guillaume Poupard

Practical multi-candidate election system

The aim of electronic voting schemes is to provide a set of protocols that allow voters to cast ballots while a group of authorities collect the votes and output the final tally. In this paper we describe a practical multi-candidate election scheme that guarantees privacy of voters, public verifiability, and robustness against a coalition of malicious authorities. Furthermore, we address the problem of receipt-freeness and incoercibility of voters. Our new scheme is based on the Paillier cryptosystem and on some related zero-knowledge proof techniques. The voting schemes are very practical and can be efficiently implemented in a real system.

Security analysis of a practical “on the fly” authentication and signature generation

In response to the current need for fast, secure and cheap public-key cryptography, we study an interactive zero-knowledge identification scheme and a derived signature scheme that combine provable security based on the general problem of computing discrete logarithms modulo any number, short identity-based keys, very short transmission and minimal on-line computation. This leads to both efficient and secure applications well suited to the implementation on low cost smart cards. We develop complete proofs of completeness, soundness and statistical zero-knowledge property of the identification scheme. The security analysis of the signature scheme leads to present a novel number theoretical lemma of independent interest and an original use of the “forking lemma” technique. From a practical point of view, the possible choice of parameters is discussed and we submit performances of an actual implementation on a cheap smart card. As an example, a complete and secure authentication can be performed in less than 20 ms with low cost equipment.

On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order

In response to the current need for fast, secure and cheap public-key cryptography, we propose an interactive zero-knowledge identification scheme and a derived signature scheme that combine provable security based on the problem of computing discrete logarithms in any group, short keys, very short transmission and minimal on-line computation. This leads to both efficient and secure applications well suited to implementation on low cost smart cards. We introduce GPS, a Schnorr-like scheme that does not require knowledge of the order of the group nor of the group element. As a consequence, it can be used with most cryptographic group structures, including those of unknown order. Furthermore, the computation of the provers response is done over the integers, hence can be done with very limited computational capabilities. This paper provides complete security proofs of the identification scheme. From a practical point of view, the possible range of parameters is discussed and a report on the performances of an actual implementation on a cheap smart card is included: a complete and secure authentication can be performed in less than 20 milliseconds with low cost equipment.

On the fly signatures based on factoring

In response to the current need for fast, secure and cheap public-key cryptography largely induced by the fast development of electronic commerce, we propose a new on the fly signature scheme, i.e. a scheme that requires very small on-line work for the signer It combines provable security based on the factorization problem, short public and secret keys, short transmission and minimal on-line computation. It is the first RSA-like signature scheme that can be used for both efficient and secure applications based on low cost or contactless smart cards.

Practical Symmetric On-Line Encryption

This paper addresses the security of symmetric cryptosystems in the blockwise adversarial model. At Crypto 2002, Joux, Martinet and Valette have proposed a new kind of attackers against several symmetric encryption schemes. In this paper, we first show a generic technique to thwart blockwise adversaries for a specific class of encryption schemes. It consists in delaying the output of the ciphertext block. Then we provide the first security proof for the CFB encryption scheme, which is naturally immune against such attackers.

Short Proofs of Knowledge for Factoring

The aim of this paper is to design a proof of knowledge for the factorization of an integer n. We propose a statistical zero-knowledge protocol similar to proofs of knowledge of discrete logarithm a la Schnorr. The efficiency improvement in comparison with the previously known schemes can be compared with the difference between the Fiat-Shamir scheme and the Schnorr one. Furthermore, the proof can be made non-interactive. From a practical point of view, the improvement is dramatic: the size of such a non-interactive proof is comparable to the size of the integer n and the computational resources needed can be kept low; three modular exponentiations both for the prover and the verifier are enough to reach a high level of security.

Efficient scalable fair cash with off-line extortion prevention

There have been many proposals to realize anonymous electronic cash. Although these systems offer high privacy to the users, they have the disadvantage that the anonymity might be misused by criminals to commit perfect crimes. The recent research focuses therefore on the realization of fair electronic cash systems where the anonymity of the coins is revocable by a trustee in the case of fraudulent users. In this paper, we propose a new efficient fair cash system which offers scalable security with respect to its efficiency. Our system prevents extortion attacks, like blackmailing or the use of blindfolding protocols under off-line payments and with the involvement of the trustee only at registration of the users. Another advantage is, that it is assembled from well studied cryptographic techniques, such that its security can easily be evaluated. The strength of this approach is clearly its simplicity. Although it might astonish the reader that the design matters little from existing schemes, it is nevertheless the first scheme offering these properties.

A New \mathcal{NP} -Complete Problem and Public-Key Identification

AbstractThe appearance of the theory of zero-knowledge, presented by Goldwasser, Micali and Rackoff in 1985, opened a way to secure identification schemes. The first application was the famous Fiat-Shamir scheme based on the problem of modular square roots extraction. In the following years, many other schemes have been proposed, some Fiat-Shamir extensions but also new discrete logarithm based schemes. Therefore, all of them were based on problems from number theory. Their main common drawback is high computational load because of arithmetical operations modulo large integers. Implementation on low-cost smart cards was made difficult and inefficient.With the Permuted Kernels Problem (PKP), Shamir proposed the first efficient scheme allowing for an implementation on such low-cost smart cards, but very few others have afterwards been suggested.In this paper, we present an efficient identification scheme based on a combinatorial

Blockwise adversarial model for on-line ciphers and symmetric encryption schemes

\mathcal{N}\mathcal{P}