In the last few years electronic voting has been used in an ever growing number of elections. Some of the reasons for this development include the necessity for a mechanized way of counting votes, and the comfort obtained from voting at home. The use of electronic voting raises a number of simple questions with regard to the privacy or verifiability of your vote: how can you be sure that your vote was counted, or is your vote private. These questions are becoming more difficult to answer, as new voting protocols and new definition of voting properties are introduced each year. Each protocol or definition has its own particular characteristic or addresses a particular voting concern. Additionally, the majority of security proofs are done by hand in a pen-and-paper style, and are error-prone and difficult to check. My research focuses on formal verification of protocols with a high degree of abstraction, such that it allows for the capture of hundreds of variants.
A modern research direction in cryptography proposes attribute-based encryption as a new paradigm, where messages are encrypted and decryption keys are computed in accordance with a given set of attributes and an access structure on the set of attributes. Attribute-based encryption (ABE, for short) was introduced in the form of fuzzy identity-based encryption, as a generalization of identity-based encryption. The first ABE schemes proposed take into consideration only access structures deffined by Boolean formulas (monotone Boolean circuits of fan-out one, with one output wire). However, there are access structures of practical importance that cannot be represented by Boolean formulas, such as multilevel access structures. In such a case, constructing ABE schemes for access structures defined by general Boolean circuits becomes a necessity.
Secret Sharing Schemes
This past research direction, used as topic for my PhD Thesis, has been focused on the design and security analysis of secret sharing schemes based on the Chinese Remainder Theorem (CRT, for short). We introduced (k-)compact sequences of co-primes, that may be significantly denser than sequences of consecutive primes of the same length, and their use in the construction of CRT-based schemes may lead to better security properties. Concerning the asymptotic idealness property for CRT-based threshold schemes, we have shown there exists a necessary and sufficient condition for the Goldreich-Ron-Sudan scheme and Asmuth-Bloom scheme if and only if (1-)compact sequences of co-primes are used. The Mignotte scheme is far from being asymptotically perfect and perfect zero-knowledge, no matter the sequences of co-primes used. We also consider the construction of a CRT-based scheme, called distributive weighted threshold secret sharing scheme, that satisfies the asymptotic perfectness and perfect zero-knowledge property. As the scheme allows for the share spaces to be arbitrarily large compared to the secret space, the scheme can not be asymptotically ideal.
Faculty of Computer-Science Alexandru Ioan Cuza University of Iasi, Romania
Information Security (Fall 2013)
Introduction to Cryptography (Fall 2011, Fall 2012)