Markus Jakobsson scite author profile

We introduce a model for electronic election schemes that involves a more powerful adversary than previous work. In particular, we allow the adversary to demand of coerced voters that they vote in a particular manner, abstain from voting, or even disclose their secret keys. We define a scheme to be coercion-resistant if it is infeasible for the adversary to determine if a coerced voter complies with the demands.A first contribution of this paper is to describe and characterize a new and strengthened adversary for coercion in elections. (In doing so, we additionally present what we believe to be the first formal security definitions for electronic elections of any type.) A second contribution is to demonstrate a protocol that is secure against this adversary. While it is clear that a strengthening of attack models is of theoretical relevance, it is important to note that our results lie close to practicality. This is true both in that we model real-life threats (such as vote-buying and vote-canceling), and in that our proposed protocol combines a fair degree of efficiency with an unusual lack of structural complexity. Furthermore, previous schemes have required use of an untappable channel throughout. Ours only carries the much more practical requirement of an anonymous channel during the casting of ballots, and an untappable channel during registration (potentially using postal mail).This extended abstract is a heavily truncated version of the full paper available at http://eprint.iacr.org/2002/165.

show abstract

Social phishing

Jagatic

et al. 2007

View full text Add to dashboard Cite

show abstract

Designated Verifier Proofs and Their Applications

1996

View full text Add to dashboard Cite

Abstract. For many proofs of knowledge it is important that only the verifier designated by the confirmer can obtain any conviction of the correctness of the proof. A good example of such a situation is for undeniable signatures, where the confirmer of a signature wants t o make sure that only the intended verifier(s) in fact can be convinced about the validity or inva1idit)y of the signature. Generally, authentication of messages and off-the-record messages are in conflict with each other. We show how, using designation of verifiers, these notions can be combined, allowing authenticated but private conversations t o take place. Our solution guarantees that only the specified verifier can be convinced by t,he proof, even if he shares all his secret information wit,h entities that want to get convinced.Our solution is based on trup-door conim.itments [4], allowing the designated verifier t,o open up commitments in any way he wants. We demonstrate how a t r a p d o o r commitment scheme can be uscd to construct designated verifier proofs, both interactive and non-interactive. We examplify the verifier designation method for the confirmation protocol for undeniable signahires.

show abstract

Universal Re-encryption for Mixnets

Golle

Jakobsson²,

Juels³

et al. 2004

277

201

View full text Add to dashboard Cite

We introduce a new cryptographic technique that we call universal re-encryption. A conventional cryptosystem that permits re-encryption, such as ElGamal, does so only for a player with knowledge of the public key corresponding to a given ciphertext. In contrast, universal reencryption may be performed without knowledge of public keys. We demonstrate an asymmetric cryptosystem with universal re-encryption that is half as efficient as standard ElGamal in terms of both computation and storage. While technically and conceptually simple, universal re-encryption leads to new types of functionality in mixnet architectures. Conventional mixnets are often called upon to enable players to communicate with one another through channels that are externally anonymous, i.e., that hide information permitting traffic-analysis. Universal re-encryption permits a mixnet of this kind to be constructed in which servers hold no public or private keying material, and may therefore dispense with the cumbersome requirements of key generation, key distribution, and private-key management. We describe two practical mixnet constructions, one involving asymmetric input ciphertexts, and another with hybrid-ciphertext inputs.

show abstract

Proofs of Work and Bread Pudding Protocols(Extended Abstract)

Jakobsson

Juels²

1999

298

193

View full text Add to dashboard Cite

We formalize the notion of a proof of work (POW). In many cryptographie protocols, a prover seeks to convince a verifier that she possesses knowledge of a secret or that a certain mathematical relation holds true. By contrast, in a POW, a prover demonstrates to a verifier that she has performed a certain amount of computational work in a specified interval of time. POWs have served as the basis of a number of security protocols in the literat ure, but have hitherto lacked careful characterization. In this paper, we offer definitions treating the notion of a POW and related concepts.We also introduce the dependent idea of a bread pudding protocol. Bread pudding is a dish that originated with the purpose of reusing bread that has gone stale. In the same spirit, we define a bread pudding protocol to be a POW such that the computational effort invested in the proof may be reused by the verifier to achieve aseparate, useful, and verifiably correct computation. As an example of a bread pudding protocol, we show how the MicroMint scheme of Rivest and Shamir can be broken up into a collection of POW s. These POW s can not only serve in their own right as mechanisms for security protocols, but can also be harvested in order to outsource the MicroMint minting operation to a large group of untrusted computational devices.B. Preneel (ed.), Secure Information Networks

show abstract

Abuse-Free Optimistic Contract Signing

1999

View full text Add to dashboard Cite

A charging and rewarding scheme for packet forwarding in multi-hop cellular networks

et al. 2003

View full text Add to dashboard Cite

In multi-hop cellular networks, data packets have to be relayed hop by hop from a given mobile station to a base station and vice-versa. This means that the mobile stations must accept to forward information for the benefit of other stations. In this paper, we propose an incentive mechanism that is based on a charging/rewarding scheme and that makes collaboration rational for selfish nodes. We base our solution on symmetric cryptography to cope with the limited resources of the mobile stations. We provide a set of protocols and study their robustness with respect to various attacks. By leveraging on the relative stability of the routes, our solution leads to a very moderate overhead.

show abstract

A Micro-Payment Scheme Encouraging Collaboration in Multi-hop Cellular Networks

Jakobsson¹,

2003

View full text Add to dashboard Cite

We propose a micro-payment scheme for multi-hop cellular networks that encourages collaboration in packet forwarding by letting users benefit from relaying others' packets. At the same time as proposing mechanisms for detecting and rewarding collaboration, we introduce appropriate mechanisms for detecting and punishing various forms of abuse. We show that the resulting scheme-which is exceptionally lightweight-makes collaboration rational and cheating undesirable.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.