Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Faculty of Computer Science Institute of Systems Architecture, Chair of Privacy and Data Security
Privacy-Enhanced Event Scheduling
http://dudle.inf.tu-dresden.de
D19E 04A8 8895 020A 8DF60092 3501 1A32 491A 3D9C
Berlin, December 29, 2009
PrimeLife is a research projectfunded by the European Commis-
sion's 7th Framework Programme
Event Scheduling
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 2 of 31
Privacy ProblemsDirect Inference
Will my husband vote for
the date of our
wedding anniversary?
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 3 of 31
Privacy ProblemsDirect Inference
Will my husband vote for
the date of our
wedding anniversary?
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 3 of 31
Privacy ProblemsIndirect Inference
The availability pattern of user bunny23 looks
suspiciously like the one of my employee John Doe!
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 4 of 31
Privacy ProblemsIndirect Inference
The availability pattern of user bunny23 looks
suspiciously like the one of my employee John Doe!
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 4 of 31
Table of Contents
Problem Statement
Scheme
Extensions
Evaluation
Demo
Conclusion and Outlook
GFDL Hajotthu
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 5 of 31
Requirements
• Untrusted Server
• Privacy
• Veri�ability
• Low Communication
Complexity
• Low Computational
Complexity
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 6 of 31
Requirements
• Untrusted Server
• Privacy
• Veri�ability
• Low Communication
Complexity
• Low Computational
Complexity
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 6 of 31
Requirements
• Untrusted Server
• Privacy
• Veri�ability
• Low Communication
Complexity
• Low Computational
Complexity
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 6 of 31
E-Voting vs. Event Scheduling
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
scales
scales
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
scales
one vote per column
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 7 of 31
E-Voting vs. Event Scheduling
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
scales
scales
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
scales
one vote per column
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 7 of 31
E-Voting vs. Event Scheduling
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
scales
scales
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
scales
one vote per column
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 7 of 31
E-Voting vs. Event Scheduling
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
Vote
Candidate #1
Candidate #2 8
.
.
.
Candidate #10
scales
scales
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
Date
#1
Date
#2
. . . Date
#320
Yes 8 8
No 8
scales
one vote per column
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 7 of 31
Scheme
Problem Statement
Scheme
Extensions
Evaluation
Demo
Conclusion and Outlook
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 8 of 31
Superposed Sending
Alice Bob
Carol
ka,b
ka,c k b,
c
ma
+ ka,b
+ ka,c mb
− ka,b
+ kb,c
mc − ka,c − kb,c
ma
+ ka,b + ka,c
+mb
− ka,b + kb,c
+mc
− ka,c − kb,c
D. Chaum, �The dining cryptographers problem: Unconditional sender and recipient untraceability,� Journal ofCryptology, vol. 1, no. 1, pp. 65�75, Jan. 1988
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 9 of 31
Superposed Sending
Alice Bob
Carol
ka,b
ka,c k b,
c
ma
+ ka,b
+ ka,c mb
− ka,b
+ kb,c
mc − ka,c − kb,c
ma
+ ka,b + ka,c
+mb
− ka,b + kb,c
+mc
− ka,c − kb,c
D. Chaum, �The dining cryptographers problem: Unconditional sender and recipient untraceability,� Journal ofCryptology, vol. 1, no. 1, pp. 65�75, Jan. 1988
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 9 of 31
Superposed Sending
Alice Bob
Carol
ka,b
ka,c k b,
c
ma
+ ka,b
+ ka,c mb
− ka,b
+ kb,c
mc − ka,c − kb,c
ma
+ ka,b + ka,c
+mb
− ka,b + kb,c
+mc
− ka,c − kb,c
D. Chaum, �The dining cryptographers problem: Unconditional sender and recipient untraceability,� Journal ofCryptology, vol. 1, no. 1, pp. 65�75, Jan. 1988
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 9 of 31
Superposed Sending
Alice Bob
Carol
ka,b
ka,c k b,
c
ma
+ ka,b + ka,c
mb
− ka,b + kb,c
mc
− ka,c − kb,c
ma
+ ka,b + ka,c
+mb
− ka,b + kb,c
+mc
− ka,c − kb,c
D. Chaum, �The dining cryptographers problem: Unconditional sender and recipient untraceability,� Journal ofCryptology, vol. 1, no. 1, pp. 65�75, Jan. 1988
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 9 of 31
Superposed Sending
Alice Bob
Carol
ka,b
ka,c k b,
c
ma + ka,b + ka,c mb − ka,b + kb,c
mc − ka,c − kb,c
ma
+ ka,b + ka,c
+mb
− ka,b + kb,c
+mc
− ka,c − kb,c
D. Chaum, �The dining cryptographers problem: Unconditional sender and recipient untraceability,� Journal ofCryptology, vol. 1, no. 1, pp. 65�75, Jan. 1988
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 9 of 31
Superposed Sending
Alice Bob
Carol
ka,b
ka,c k b,
c
ma + ka,b + ka,c mb − ka,b + kb,c
mc − ka,c − kb,c
ma + ka,b + ka,c+mb − ka,b + kb,c+mc − ka,c − kb,c
D. Chaum, �The dining cryptographers problem: Unconditional sender and recipient untraceability,� Journal ofCryptology, vol. 1, no. 1, pp. 65�75, Jan. 1988
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 9 of 31
Superposed Sending
Alice Bob
Carol
ka,b
ka,c k b,
c
ma
+ ka,b + ka,c
mb
− ka,b + kb,c
mc
− ka,c − kb,c
ma + ka,b + ka,c+mb − ka,b + kb,c+mc − ka,c − kb,c
D. Chaum, �The dining cryptographers problem: Unconditional sender and recipient untraceability,� Journal ofCryptology, vol. 1, no. 1, pp. 65�75, Jan. 1988
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 9 of 31
Superposed Sending
Alice Bob
Carol
ka,b
ka,c k b,
c
ma
+ ka,b + ka,c
mb
− ka,b + kb,c
mc
− ka,c − kb,c
ma
+ ka,b
+ ka,c+mb
− ka,b
+ kb,c+mc − ka,c − kb,c
D. Chaum, �The dining cryptographers problem: Unconditional sender and recipient untraceability,� Journal ofCryptology, vol. 1, no. 1, pp. 65�75, Jan. 1988
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 9 of 31
Superposed Sending
Alice Bob
Carol
ka,b
ka,c k b,
c
ma
+ ka,b + ka,c
mb
− ka,b + kb,c
mc
− ka,c − kb,c
ma
+ ka,b
+ ka,c+mb
− ka,b + kb,c
+mc − ka,c
− kb,c
D. Chaum, �The dining cryptographers problem: Unconditional sender and recipient untraceability,� Journal ofCryptology, vol. 1, no. 1, pp. 65�75, Jan. 1988
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 9 of 31
Superposed Sending
Alice Bob
Carol
ka,b
ka,c k b,
c
ma
+ ka,b + ka,c
mb
− ka,b + kb,c
mc
− ka,c − kb,c
ma
+ ka,b + ka,c
+mb
− ka,b + kb,c
+mc
− ka,c − kb,c
D. Chaum, �The dining cryptographers problem: Unconditional sender and recipient untraceability,� Journal ofCryptology, vol. 1, no. 1, pp. 65�75, Jan. 1988
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 9 of 31
Poll Initialization
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~ka,b ~kb,a Alice Bob
~ka,b~ka,b
ka,b,t1
ka,b,t|T |
.
.
.
−~ka,b
−ka,b,t1
−ka,b,t|T |
.
.
.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 10 of 31
Poll Initialization
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~ka,b ~kb,a Alice Bob
~ka,b~ka,b
ka,b,t1
ka,b,t|T |
.
.
.
−~ka,b
−ka,b,t1
−ka,b,t|T |
.
.
.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 10 of 31
Poll Initialization
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~ka,b ~kb,a Alice Bob
~ka,b~ka,b
ka,b,t1
ka,b,t|T |
.
.
.
−~ka,b
−ka,b,t1
−ka,b,t|T |
.
.
.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 10 of 31
Poll Initialization
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~ka,b ~kb,a Alice Bob
~ka,b~ka,b
ka,b,t1
ka,b,t|T |
.
.
.
−~ka,b
−ka,b,t1
−ka,b,t|T |
.
.
.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 10 of 31
Poll Initialization
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~ka,b ~kb,a Alice Bob
~ka,b~ka,b
ka,b,t1
ka,b,t|T |
.
.
.
−~ka,b
−ka,b,t1
−ka,b,t|T |
.
.
.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 10 of 31
Casting of Votes
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da
~da = (da,t1 , da,t2 , . . . , da,t|T | )
da,t = va,t + ka,b,t + ka,c,t
va,t ∈ {0, 1}
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 11 of 31
Casting of Votes
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da
~da = (da,t1 , da,t2 , . . . , da,t|T | )
da,t = va,t + ka,b,t + ka,c,t
va,t ∈ {0, 1}
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 11 of 31
Casting of Votes
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da
~da = (da,t1 , da,t2 , . . . , da,t|T | )
da,t = va,t + ka,b,t + ka,c,t
va,t ∈ {0, 1}
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 11 of 31
Casting of Votes
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da
~da = (da,t1 , da,t2 , . . . , da,t|T | )
da,t = va,t + ka,b,t + ka,c,t
va,t ∈ {0, 1}
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 11 of 31
Result Publication
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~db,~dc
da,t1 , . . . , da,t|T |db,t1 , . . . , db,t|T |dc,t1 , . . . , dc,t|T |
Choose timeslot with highest sum!
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 12 of 31
Result Publication
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~db,~dc
da,t1 , . . . , da,t|T |db,t1 , . . . , db,t|T |dc,t1 , . . . , dc,t|T |
Choose timeslot with highest sum!
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 12 of 31
Result Publication
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~db,~dc
da,t1 , . . . , da,t|T |db,t1 , . . . , db,t|T |dc,t1 , . . . , dc,t|T |
va,t1 + ka,b,t1 + ka,c,t1
+
vb,t1 − ka,b,t1 + kb,c,t1
+
vc,t1 − ka,c,t1 − kb,c,t1
Choose timeslot with highest sum!
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 12 of 31
Result Publication
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~db,~dc
da,t1 , . . . , da,t|T |db,t1 , . . . , db,t|T |dc,t1 , . . . , dc,t|T |
va,t1 + ka,b,t1 + ka,c,t1
+ vb,t1 − ka,b,t1 + kb,c,t1+ vc,t1 − ka,c,t1 − kb,c,t1
Choose timeslot with highest sum!
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 12 of 31
Result Publication
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~db,~dc
da,t1 , . . . , da,t|T |db,t1 , . . . , db,t|T |dc,t1 , . . . , dc,t|T |
va,t1
+ ka,b,t1 + ka,c,t1
+ vb,t1
− ka,b,t1 + kb,c,t1
+ vc,t1
− ka,c,t1 − kb,c,t1
Choose timeslot with highest sum!
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 12 of 31
Result Publication
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~db,~dc
da,t1 , . . . , da,t|T |db,t1 , . . . , db,t|T |dc,t1 , . . . , dc,t|T |
∑vi,t1
. . .∑
vi,t|T |
Choose timeslot with highest sum!
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 12 of 31
Result Publication
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~db,~dc
da,t1 , . . . , da,t|T |db,t1 , . . . , db,t|T |dc,t1 , . . . , dc,t|T |
∑vi,t1 . . .
∑vi,t|T |
Choose timeslot with highest sum!
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 12 of 31
Trying to Cheat
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~da = (da,t1 , da,t2 , . . . , da,t|T | )
da,t = va,t + ka,b,t + ka,c,t
va,t ∈ {0, 1}
va,t = −1? va,t = 2?
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 13 of 31
Trying to Cheat
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~da = (da,t1 , da,t2 , . . . , da,t|T | )
da,t = va,t + ka,b,t + ka,c,t
va,t ∈ {0, 1}
va,t = −1? va,t = 2?
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 13 of 31
Trying to Cheat
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~da = (da,t1 , da,t2 , . . . , da,t|T | )
da,t = va,t + ka,b,t + ka,c,t
va,t ∈ {0, 1}
va,t = −1? va,t = 2?
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 13 of 31
Trying to Cheat
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
~da
~da = (da,t1 , da,t2 , . . . , da,t|T | )
da,t = va,t + ka,b,t + ka,c,t
va,t ∈ {0, 1}
va,t = −1? va,t = 2?
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 13 of 31
Avoid −1 Cheaters
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0 0 1 0∑1 2 2 0
Alice 0 0 0 0
Bob 0 1 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 0 1 0 0
Bob 0 0 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 1 0 0 0
Bob 0 0 1 0
Mallory 0 ? 1 0∑≥ 0?
∑1 1 0 0
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 14 of 31
Avoid −1 Cheaters
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0 0 1 0∑1 2 2 0
Alice 0 0 0 0
Bob 0 1 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 0 1 0 0
Bob 0 0 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 1 0 0 0
Bob 0 0 1 0
Mallory 0 ? 1 0∑≥ 0?
∑1 1 0 0
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 14 of 31
Avoid −1 Cheaters
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0 0 1 0∑1 2 2 0
Alice 0 0 0 0
Bob 0 1 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 0 1 0 0
Bob 0 0 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 1 0 0 0
Bob 0 0 1 0
Mallory 0 ? 1 0∑≥ 0?
∑1 1 0 0
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 14 of 31
Avoid −1 Cheaters
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory −1−1 1 −1∑0 1 2 −1
Alice 0 0 0 0
Bob 0 1 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 0 1 0 0
Bob 0 0 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 1 0 0 0
Bob 0 0 1 0
Mallory 0 ? 1 0∑≥ 0?
∑1 1 0 0
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 14 of 31
Avoid −1 Cheaters
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0−1 1 0∑1 1 2 0
Alice 0 0 0 0
Bob 0 1 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 0 1 0 0
Bob 0 0 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 1 0 0 0
Bob 0 0 1 0
Mallory 0 ? 1 0∑≥ 0?
∑1 1 0 0
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 14 of 31
Avoid −1 Cheaters
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0−1 1 0∑1 1 2 0
Alice 0 0 0 0
Bob 0 1 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 0 1 0 0
Bob 0 0 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 1 0 0 0
Bob 0 0 1 0
Mallory 0 ? 1 0∑≥ 0?
∑1 1 0 0
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 14 of 31
Avoid −1 Cheaters
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0−1 1 0∑1 1 2 0
Alice 0 0 0 0
Bob 0 1 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 0 1 0 0
Bob 0 0 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 1 0 0 0
Bob 0 0 1 0
Mallory 0 ? 1 0∑≥ 0?
∑1 2 1 0
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 14 of 31
Avoid −1 Cheaters
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0−1 1 0∑1 1 2 0
Alice 0 0 0 0
Bob 0 1 0 0
Mallory 0 ? 0 0
∑≥ 0?
Alice 0 1 0 0
Bob 0 0 0 0
Mallory 0 ? 0 0
∑≥ 0?
Alice 1 0 0 0
Bob 0 0 1 0
Mallory 0 ? 1 0
∑≥ 0?∑
1 2 1 0
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 14 of 31
Avoid −1 Cheaters
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0−1 1 0∑1 1 2 0
Alice 0 0 0 0
Bob 0 1 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 0 1 0 0
Bob 0 0 0 0
Mallory 0 ? 0 0∑≥ 0?
Alice 1 0 0 0
Bob 0 0 1 0
Mallory 0 ? 1 0∑≥ 0?∑
1 2 2 0
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 14 of 31
Avoid +2 Cheaters
normal poll
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0 0 2 0∑1 2 3 0
inverted poll
T1 T2 T3 T4
Alice 0
0 1
Bob 1
0 0
Mallory 1
1 −1
∑2
1 0
∑3
3 3
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 15 of 31
Avoid +2 Cheaters
normal poll
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0 0 2 0∑1 2 3 0
inverted poll
T1 T2 T3 T4
Alice 0
0 1
Bob 1
0 0
Mallory 1
1 −1
∑2
1 0
∑3
3 3
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 15 of 31
Avoid +2 Cheaters
normal poll
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0 0 2 0∑1 2 3 0
inverted poll
T1 T2 T3 T4
Alice 0
0 1
Bob 1
0 0
Mallory 1
1 −1
∑2
1 0
∑3
3 3
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 15 of 31
Avoid +2 Cheaters
normal poll
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0 0 2 0∑1 2 3 0
inverted poll
T1 T2 T3 T4
Alice 0 0
1
Bob 1 0
0
Mallory 1 1
−1
∑2 1
0
∑3 3
3
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 15 of 31
Avoid +2 Cheaters
normal poll
T1 T2 T3 T4
Alice 1 1 0 0
Bob 0 1 1 0
Mallory 0 0 2 0∑1 2 3 0
inverted poll
T1 T2 T3 T4
Alice 0 0 1
Bob 1 0 0
Mallory 1 1 −1∑2 1 0
∑3 3 3
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 15 of 31
Extensions
Problem Statement
Scheme
Extensions
Evaluation
Demo
Conclusion and Outlook
n-lange.de
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 16 of 31
Simplifying the Key Exchange
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 17 of 31
Simplifying the Key Exchange
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 17 of 31
Simplifying the Key Exchange
Alice Bob Carol Server
T, PT, PT, P E-mail
noti�cation
T . . . time slots
P . . . voters
~ka,c ~kc,a
~ka,b ~kb,a
~kb,c ~kc,b
key
exchange~ki,j . . . key vector
~da~db
~dc~d . . . encrypted votes
~da,~db~da,~dc~db,~dc E-mail
noti�cation
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 17 of 31
Intermezzo � Dif�e�Hellman Key Agreement
secret s
ecret
Alice Bob
public
g, qchooses ra
gra mod q
= xa
xrab
= gra·rb mod q
chooses rb
grb mod q
= xb
xrba
= gra·rb mod q
xa xb
Discrete
Logarithm
assumption
x = gr mod q
public
hard to �nd
r
W. Dif�e and M. E. Hellman, �New Directions in Cryptography,� IEEE Transactions on Information Theory, vol.IT-22, no. 6, pp. 644�654, 1976.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 18 of 31
Intermezzo � Dif�e�Hellman Key Agreement
secret s
ecret
Alice Bob
public
g, qchooses ra
gra mod q
= xa
xrab
= gra·rb mod q
chooses rb
grb mod q
= xb
xrba
= gra·rb mod q
xa xb
Discrete
Logarithm
assumption
x = gr mod q
public
hard to �nd
r
W. Dif�e and M. E. Hellman, �New Directions in Cryptography,� IEEE Transactions on Information Theory, vol.IT-22, no. 6, pp. 644�654, 1976.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 18 of 31
Intermezzo � Dif�e�Hellman Key Agreement
secret s
ecret
Alice Bob
public
g, qchooses ra
gra mod q
= xa
xrab
= gra·rb mod q
chooses rb
grb mod q
= xb
xrba
= gra·rb mod q
xa xb
Discrete
Logarithm
assumption
x = gr mod q
public
hard to �nd
r
W. Dif�e and M. E. Hellman, �New Directions in Cryptography,� IEEE Transactions on Information Theory, vol.IT-22, no. 6, pp. 644�654, 1976.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 18 of 31
Intermezzo � Dif�e�Hellman Key Agreementsecret s
ecret
Alice Bob
public
g, qchooses ra
gra mod q
= xa
xrab
= gra·rb mod q
chooses rb
grb mod q
= xb
xrba
= gra·rb mod q
xa xb
Discrete
Logarithm
assumption
x = gr mod q
public
hard to �nd
r
W. Dif�e and M. E. Hellman, �New Directions in Cryptography,� IEEE Transactions on Information Theory, vol.IT-22, no. 6, pp. 644�654, 1976.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 18 of 31
Intermezzo � Dif�e�Hellman Key Agreementsecret s
ecret
Alice Bobpublic
g, q
chooses ra
gra mod q
= xa
xrab
= gra·rb mod q
chooses rb
grb mod q
= xb
xrba
= gra·rb mod q
xa xb
Discrete
Logarithm
assumption
x = gr mod q
public
hard to �nd
r
W. Dif�e and M. E. Hellman, �New Directions in Cryptography,� IEEE Transactions on Information Theory, vol.IT-22, no. 6, pp. 644�654, 1976.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 18 of 31
Intermezzo � Dif�e�Hellman Key Agreementsecret s
ecret
Alice Bobpublic
g, qchooses ra
gra mod q
= xa
xrab
= gra·rb mod q
chooses rb
grb mod q
= xb
xrba
= gra·rb mod q
xa xb
Discrete
Logarithm
assumption
x = gr mod q
public
hard to �nd
r
W. Dif�e and M. E. Hellman, �New Directions in Cryptography,� IEEE Transactions on Information Theory, vol.IT-22, no. 6, pp. 644�654, 1976.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 18 of 31
Intermezzo � Dif�e�Hellman Key Agreementsecret s
ecret
Alice Bobpublic
g, qchooses ra
gra mod q
= xa
xrab
= gra·rb mod q
chooses rb
grb mod q
= xb
xrba
= gra·rb mod q
xa xb
Discrete
Logarithm
assumption
x = gr mod q
public
hard to �nd
r
W. Dif�e and M. E. Hellman, �New Directions in Cryptography,� IEEE Transactions on Information Theory, vol.IT-22, no. 6, pp. 644�654, 1976.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 18 of 31
Intermezzo � Dif�e�Hellman Key Agreementsecret s
ecret
Alice Bobpublic
g, qchooses ra
gra mod q
= xa
xrab
= gra·rb mod q
chooses rb
grb mod q
= xb
xrba
= gra·rb mod q
xa xb
Discrete
Logarithm
assumption
x = gr mod q
public
hard to �nd
r
W. Dif�e and M. E. Hellman, �New Directions in Cryptography,� IEEE Transactions on Information Theory, vol.IT-22, no. 6, pp. 644�654, 1976.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 18 of 31
Simplifying the Key Exchange
Dif�e�Hellman
Alice Bob
Carol
key exchange
~ka,b
~ka,c ~k b,
c
Server
gra grb
grc
grb , grc gra , grc
gra , grb
gra·rb , gra·rc grb·ra , grb·rc
grc ·ra , grc ·rb
gra·rb grb·ra~ka,b
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 19 of 31
Simplifying the Key ExchangeDif�e�Hellman
Alice Bob
Carol
registration
~ka,b
~ka,c ~k b,
c
Server
gra grb
grc
grb , grc gra , grc
gra , grb
gra·rb , gra·rc grb·ra , grb·rc
grc ·ra , grc ·rb
gra·rb grb·ra~ka,b
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 19 of 31
Simplifying the Key ExchangeDif�e�Hellman
Alice Bob
Carol
poll initialization
~ka,b
~ka,c ~k b,
c
Server
gra grb
grc
grb , grc gra , grc
gra , grb
gra·rb , gra·rc grb·ra , grb·rc
grc ·ra , grc ·rb
gra·rb grb·ra~ka,b
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 19 of 31
Simplifying the Key ExchangeDif�e�Hellman
Alice Bob
Carol
poll initialization
~ka,b
~ka,c ~k b,
cServer
gra grb
grc
grb , grc gra , grc
gra , grb
gra·rb , gra·rc grb·ra , grb·rc
grc ·ra , grc ·rb
gra·rb grb·ra~ka,b
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 19 of 31
Simplifying the Key Exchange
gra·rbpseudorandom
number generator
ka,b,t
,tbl
~ka,b
ka,b,t1
.
.
.
ka,b,t|T |
tuuid tbl
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 20 of 31
Simplifying the Key Exchange
gra·rbpseudorandom
number generator
ka,b,t
,tbl
~ka,b
ka,b,t1
.
.
.
ka,b,t|T |
tuuid tbl
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 20 of 31
Simplifying the Key Exchange
gra·rbpseudorandom
number generator
ka,b,t
,tbl~ka,b
ka,b,t1
.
.
.
ka,b,t|T |
tuuid tbl
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 20 of 31
Simplifying the Key Exchange
gra·rbpseudorandom
number generator
ka,b,t
,tbl~ka,b
ka,b,t1
.
.
.
ka,b,t|T |
t
uuid tbl
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 20 of 31
Simplifying the Key Exchange
gra·rbpseudorandom
number generator
ka,b,t
,tbl~ka,b
ka,b,t1
.
.
.
ka,b,t|T |
tuuid
tbl
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 20 of 31
Simplifying the Key Exchange
gra·rbpseudorandom
number generator
ka,b,t,tbl
~ka,b
ka,b,t1
.
.
.
ka,b,t|T |
tuuid tbl
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 20 of 31
Dynamic Joining
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 21 of 31
Dynamic Joining
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 21 of 31
Dynamic Joining
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 21 of 31
Dynamic Joining
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 21 of 31
Dynamic Leaving
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 22 of 31
Dynamic Leaving
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 22 of 31
Dynamic Leaving
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 22 of 31
Evaluation
Problem Statement
Scheme
Extensions
Evaluation
Demo
Conclusion and Outlook
Simon Day
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 23 of 31
Evaluation
1 10 00 00 00 10 01 00 0
split
0 0 1 1
invert
← initialization
→ vote casting
← result publication
Date
#1
. . . Date
#240
Yes 8
No 8
scales(|P| − 1 asym. op-erations per voter)
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 24 of 31
Evaluation
1 10 00 00 00 10 01 00 0
split
0 0 1 1
invert
← initialization
→ vote casting
← result publication
Date
#1
. . . Date
#240
Yes 8
No 8
scales(|P| − 1 asym. op-erations per voter)
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 24 of 31
Evaluation
1 10 00 00 00 10 01 00 0
split
0 0 1 1
invert
← initialization
→ vote casting
← result publication
Date
#1
. . . Date
#240
Yes 8
No 8
scales(|P| − 1 asym. op-erations per voter)
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 24 of 31
Evaluation
1 10 00 00 00 10 01 00 0
split
0 0 1 1
invert
← initialization
→ vote casting
← result publication
Date
#1
. . . Date
#240
Yes 8
No 8
scales(|P| − 1 asym. op-erations per voter)
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 24 of 31
Evaluation
1 10 00 00 00 10 01 00 0
split
0 0 1 1
invert
← initialization
→ vote casting
← result publication
Date
#1
. . . Date
#240
Yes 8
No 8
scales(|P| − 1 asym. op-erations per voter)
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 24 of 31
Evaluation
1 10 00 00 00 10 01 00 0
split
0 0 1 1
invert
← initialization
→ vote casting
← result publication
Date
#1
. . . Date
#240
Yes 8
No 8
scales(|P| − 1 asym. op-erations per voter)
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 24 of 31
Demo
Problem Statement
Scheme
Extensions
Evaluation
Demo
Conclusion and Outlook
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 25 of 31
Registration/Login
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 26 of 31
Poll Initialization
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 27 of 31
Vote Casting
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 28 of 31
Vote Casting
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 28 of 31
Dynamic Leaving
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 29 of 31
Result Publication
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 30 of 31
Conclusion and Outlook
• novel scheme for privacy-enhanced
event scheduling
à scales in number of time slots
à no central trust entity
• partially implemented as Web2.0
application
• implement missing features
• validate performance
• more features desirable
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 31 of 31
Faculty of Computer Science Institute of Systems Architecture, Chair of Privacy and Data Security
Thank you for your attention!
http://dudle.inf.tu-dresden.de
D19E 04A8 8895 020A 8DF60092 3501 1A32 491A 3D9C
Berlin, December 29, 2009
PrimeLife is a research projectfunded by the European Commis-
sion's 7th Framework Programme
Related
• one speci�c publication
• mixes
• blind signatures
• homomorphic encryption
• distributed constraint satisfaction/optimization problem
T. Herlea et al., �On Securely Scheduling a Meeting,� in Trusted Information � The New Decade Challenge(Proc. of IFIP SEC), M. Dupuy and P. Paradinas, Eds., 2001, pp. 183�198.
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 2 of 6
Computational Complexity
server
no expensive computation needed
client
1 discrete exponentiation (DH)
|P| − 1 discrete exponentiations
1 digital signature
|T | · (|P| − 1) hashes
|T | · (|P| − 1) symmetric decryptions
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 3 of 6
More Features
• privacy-invasive and
privacy-enhanced together
• prede�ned decision rules
• threshold scheme
• dynamic insertion/deletion of
time slots
• updating/revoking votes
• let voters prove that they signaled
availability for more than a certain
minimum number of time slots
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 4 of 6
Privacy-Invasive and Privacy-Enhanced
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 5 of 6
Complex Decision Rules
Benjamin Kellermann Privacy-Enhanced Event Scheduling slide 6 of 6