数学代写|密码学作业代写Cryptography代考|CIS455

2023年3月30日

couryes-lab™ 为您的留学生涯保驾护航 在代写密码学Cryptography方面已经树立了自己的口碑, 保证靠谱, 高质且原创的统计Statistics代写服务。我们的专家在代写密码学Cryptography代写方面经验极为丰富，各种代写密码学Cryptography相关的作业也就用不着说。

• Statistical Inference 统计推断
• Statistical Computing 统计计算
• (Generalized) Linear Models 广义线性模型
• Statistical Machine Learning 统计机器学习
• Longitudinal Data Analysis 纵向数据分析
• Foundations of Data Science 数据科学基础
couryes™为您提供可以保分的包课服务

数学代写|密码学作业代写Cryptography代考|Benaloh Challenges

Recall the discussion of the Schnorr identification scheme in Section 4.4. The verifier wants to check that the prover behaved correctly. It either asks the prover to reveal its randomness or some other computation. A rational actor will usually behave correctly, since otherwise the detection risk is too large.

We can use a similar idea to detect misbehaviour by the ballot casting device. The device first computes the encrypted ballot as usual. It then commits to the encrypted ballot and asks the voter if they want to cast the ballot or if they want to challenge the encrypted ballot. If the voter decides to cast the ballot, the device forwards it to the ballot box as usual. If the voter decides to challenge, the device reveals the randomness used to encrypt the ballot. The voter can use this randomness and the commitment to the encrypted ballot to check that the device behaved honestly. This is called a Benaloh challenge.
As usual, there are a number of practical issues with this idea. Some voters may find Benaloh challenges hard to understand. Unless the scheme is very carefully designed, there is a non-trivial risk that they end up not casting a ballot. Also, a more complicated voting process may cause some fraction of all voters not to vote. These issues can be mitigated, but mitigation will often be a trade-off between potential harm rate and the challenge rate.

The human voter cannot do any non-trivial calculation. This means that the voter needs a second device in order to check the computations of the ballot casting device. We cannot assume that the second device is uncorrupted (otherwise it should have cast the ballot in the first place), but the adversary must now corrupt two devices to guarantee success without detection.

We cannot require that voters have a second device, nor can we require that voters challenge. This may allow an adversary to adaptively select target voters. For instance, if the ballot casting device can detect candidate second devices nearby, it can desist from tampering. The voters who challenge (with significant probability) may also be distinguishable from voters who do not challenge, allowing the adversary to desist from tampering with certain voters.
Some voters may decide to challenge the ballot before they enter it into the ballot casting device. This may change their behaviour, something that may be detectable by the ballot casting device. For instance, if the ballot casting device knows what ballot the voter intends to cast, any other ballot suggests that the voter has decided to challenge the device.

Ensuring safe and effective deployment of Benaloh challenges is non-trivial.

数学代写|密码学作业代写Cryptography代考|Return Codes

Another approach for detecting tampering is for the ballot box to return some human-verifiable information related to the cast ballot that the ballot casting device cannot fake. If the set of possible ballots is small, this is possible.
Suppose we have a small set of possible ballots $\mathfrak{P}$. For each ballot $v \in$ $\mathfrak{P}$, sample a human-readable code $t$ from some suitable set $\mathfrak{T}$. This process defines a random function $\mu: \mathfrak{P} \rightarrow \mathfrak{T}$, which can be presented in a humanreadable form (for instance as a small table). The idea is that the human voter has $\mu$, the ballot box somehow computes a return code $t \leftarrow \mu(v)$ using the encrypted ballot sent by the ballot casting device, and then sends $t$ to the ballot casting device, which in turn presents $t$ to the voter. The voter may use the human-readable form of $\mu$ to verify that the return code presented by the ballot casting device equals $\mu(v)$. Or the voter may choose to ignore the return code.

There is some anecdotal evidence that voters do check return codes in practice. Laboratory studies suggest that return codes are vulnerable to an attack where the ballot casting device simply omits displaying the return code. One plausible explanation of this seeming contradiction is that displaying the return code reminds many voters to verify it, something they do not remember (or care about) if the return code is not displayed.

How would the ballot box compute $\mu(v)$ ? First, we may use a pseudorandom function instead of a random function. Second, the ballot casting device should not be able to compute the function itself, though it may participate in computing it. Third, the ballot box should not be able to learn anything about the ballot $v$ from $\mu(v)$. Fourth, while we could use any protocol for two-party computation (a slightly more restricted version of multiparty computation), we would prefer a two-move protocol where the ballot box computes a response to the encrypted ballot and the ballot argument.
One candidate function that works well with our ElGamal-based cryptosystems is the function $\mu: \mathfrak{K}_s \times{0,1, \ldots, p-1} \times \mathfrak{P} \rightarrow \mathfrak{T}$ given by
$$\mu(v)=f\left(k, v^d\right)$$
where $f: \mathfrak{K}_s \times G \rightarrow \mathfrak{T}$ is a suitable pseudo-random function. This function is a composition of $f(k, \cdot)$ and $v \mapsto v^d$, so it is a natural two-stage computation. Since $\mathfrak{P} \subseteq G$, the function $v \mapsto v^d$ is a group homomorphism that matches ElGamal as a homomorphic encryptiongroup-homomorphic cryptosystem, so the first stage can be computed on encrypted ballots.

密码学代写

数学代写|密码学作业代写Cryptography代考|Return Codes

$$\mu(v)=f\left(k, v^d\right)$$

有限元方法代写

tatistics-lab作为专业的留学生服务机构，多年来已为美国、英国、加拿大、澳洲等留学热门地的学生提供专业的学术服务，包括但不限于Essay代写，Assignment代写，Dissertation代写，Report代写，小组作业代写，Proposal代写，Paper代写，Presentation代写，计算机作业代写，论文修改和润色，网课代做，exam代考等等。写作范围涵盖高中，本科，研究生等海外留学全阶段，辐射金融，经济学，会计学，审计学，管理学等全球99%专业科目。写作团队既有专业英语母语作者，也有海外名校硕博留学生，每位写作老师都拥有过硬的语言能力，专业的学科背景和学术写作经验。我们承诺100%原创，100%专业，100%准时，100%满意。

MATLAB代写

MATLAB 是一种用于技术计算的高性能语言。它将计算、可视化和编程集成在一个易于使用的环境中，其中问题和解决方案以熟悉的数学符号表示。典型用途包括：数学和计算算法开发建模、仿真和原型制作数据分析、探索和可视化科学和工程图形应用程序开发，包括图形用户界面构建MATLAB 是一个交互式系统，其基本数据元素是一个不需要维度的数组。这使您可以解决许多技术计算问题，尤其是那些具有矩阵和向量公式的问题，而只需用 C 或 Fortran 等标量非交互式语言编写程序所需的时间的一小部分。MATLAB 名称代表矩阵实验室。MATLAB 最初的编写目的是提供对由 LINPACK 和 EISPACK 项目开发的矩阵软件的轻松访问，这两个项目共同代表了矩阵计算软件的最新技术。MATLAB 经过多年的发展，得到了许多用户的投入。在大学环境中，它是数学、工程和科学入门和高级课程的标准教学工具。在工业领域，MATLAB 是高效研究、开发和分析的首选工具。MATLAB 具有一系列称为工具箱的特定于应用程序的解决方案。对于大多数 MATLAB 用户来说非常重要，工具箱允许您学习应用专业技术。工具箱是 MATLAB 函数（M 文件）的综合集合，可扩展 MATLAB 环境以解决特定类别的问题。可用工具箱的领域包括信号处理、控制系统、神经网络、模糊逻辑、小波、仿真等。