Jeroen van de Graaf

Security of Quantum Key Distribution Against All Collective Attacks

Abstract. Security of quantum key distribution against sophisticated attacks is among the most important issues in quantum information theory. In this work we prove security against a very important class of attacks called collective attacks (under a compatible noise model) which use quantum memories and gates, and which are directed against the final key. This work was crucial for a full proof of security (against the joint attack) recently obtained by Biham, Boyer, Boykin, Mor, and Roychowdhury [1].

Oblivious Transfer Based on the McEliece Assumptions

We implement one-out-of-two bit oblivious transfer (OT) based on the assumptions used in the McEliece cryptosystem: the hardness of decoding random binary linear codes, and the difficulty of distinguishing a permuted generating matrix of Goppa codes from a random matrix. To our knowledge this is the first OT reduction to these problems only.

A verifiable voting protocol based on farnel

Farnel is a voting system proposed in 2001 in which each voter signs a ballot. It uses two ballot boxes to avoid the association between a voter and a vote. In this paper we first point out a flaw in the ThreeBallot system proposed by Rivest that seems to have gone unnoticed so far: it reveals statistical information about who is winning the election. Then, trying to resolve this and other flaws, we present a new, voter-verifiable version of the Farnel voting system in which voters retain copies of ballot IDs as receipts.

Gradual and Verifiable Release of a Secret (Extended Abstract)

Protocols are presented allowing someone with a secret discrete logarithm to release it, bit by bit, such that anyone can verify each bit’s correctness as they receive it. This new notion of release of secrets generalizes and extends that of the already known exchange of secrets protocols. Consequently, the protocols presented allow exchange of secret discrete logs between any number of parties.

Towards a Publicly-Verifiable Mix-Net Providing Everlasting Privacy

All implementations of verifiable mix-nets provide computational privacy only, because the audit information published is encrypted using some public key algorithm. Consequently, at some time in the future, when the underlying cryptographic assumption is broken, privacy is violated, and each output message can be traced back to its input. We address this problem by presenting a mix-net that uses a homomorphic, unconditionally hiding commitment scheme to encrypt the audit information, implying unconditional or everlasting privacy towards the public. The correctness of our mix-net is guaranteed with overwhelming probability even if all authorities conspire, under the assumption that the commitment scheme is computationally binding until the mixing process has ended. An implication of our result is that many current applications that use mix-nets can be upgraded to unconditional privacy.

Prêt à voter providing everlasting privacy

This paper shows how Pret a Voter can be adjusted in order to provide everlasting privacy. This is achieved by adapting the ballot generation and anonymisation process, such that only unconditional hiding commitments and zero knowledge proofs are published for verification, thus ensuring privacy towards the public. This paper presents a security analysis carried out in a collaboration between computer scientists and legal researchers. On the technical side it is shown that the modified Pret a Voter provides verifiability, robustness, and everlasting privacy towards the public. Everlasting privacy towards the authorities can be achieved by implementing several organisational measures. A legal evaluation of these measures demonstrates that the level of privacy achieved would be acceptable under German law.

Anonymous one-time broadcast using non-interactive dining cryptographer nets with applications to voting

All voting protocols proposed so far, with the exception of a few, have the property that the privacy of the ballot is only computational. In this paper we outline a new and conceptually simple approach allowing us to construct a protocol in which the privacy of the ballot is unconditional. Our basic idea is to modify the protocol of Fujioka, Okamoto and Ohta[1], which uses blind signatures so that the voter can obtain a valid ballot. However, instead of using a MIX net, we use a new broadcast protocol for anonymously publishing the vote, a Non-Interactive variation of the Dining Cryptographer Net.

A two-party protocol with trusted initializer for computing the inner product

We propose the first protocol for securely computing the inner product modulo an integer m between two distrustful parties based on a trusted initializer, i.e. a trusted party that interacts with the players solely during a setup phase. We obtain a very simple protocol with universally composable security. As an application of our protocol, we obtain a solution for securely computing linear equations.

Storage Optimization for Non Interactive Dining Cryptographers (NIDC)

In many applications, such as e-voting, it is imperative that the privacy scope unconditional security levels, i.e. that it is protected regardless of the resources and the time available to attack. In this context, protocols that verify that condition reach maximum interest. Probably, the most interesting of them is Non Interactive Dining cryptographers (NIDC), that relaxes the condition of concurrency online for all participants. This paper proposes a new technique, based in parallel channels, to optimize the storage of the votes in the model NIDC.

Beating the Birthday Paradox in Dining Cryptographer Networks

A Dining Cryptographer Network (DC-Net) allows multiple players to broadcast messages without disclosing the identity of the sender. However, due to their probabilistic nature, message collisions can occur, meaning that two or more messages sent by different participants end up occupying the same slot, causing these messages to be lost. In this work, we evaluate two different strategies to deal with collisions. When repeating a DC-net sequentially, honest parties who see that their message did not collide can switch to sending a null message, effectively decreasing the collision probability in subsequent rounds. When repeating a DC-net in parallel, no feedback exists, and there will always remain a non-zero probability that one message collides in every round. We analyze both strategies with respect to the number of parties, the number of slots, the number of repetitions and the probability of success. We obtain exact but rather convoluted combinatorial formulas for both cases, together with more tractable approximations, the correctness of which has been demonstrated by simulations.