Some aspects of cryptographic protocols : with applications in electronic voting and digital watermarking

Abstract: Cryptographic protocols are widely used on the internet, from relatively simple tasks such as key-agreement and authentication to much more complex problems like digital cash and electronic voting. Electronic voting in particular is a problem we investigate in this thesis.In a typical election, the main goals are to ensure that the votes are counted correctly and that the voters remain anonymous, i.e. that nobody, not even the election authorities, can trace a particular vote back to the voter. There are several ways to achieve these properties, the most general being a mix-net with a proof of a shuffle to ensure correctness. We propose a new, conceptually simple, proof of a shuffle. We also investigate a mix-net which omits the proof of a shuffle in favor of a faster, heuristically secure verification. We demonstrate that this mix-net is susceptible to both attacks on correctness and anonymity. A version of this mix-net was tested in the 2011 elections in Norway.We also look at a simple and widely used proof of knowledge of a discrete logarithm in groups of prime order. While the requirement of prime order is well known, we give a precise characterization of what the protocol proves in a group of composite order. Furthermore, we present attacks against a class of protocols of the same form, which shows that the protocol cannot easily be extended to groups where the order is composite or unknown.We finally look at the problem of music and video piracy. Using a buyer-seller watermark to embed a unique watermark in each sold copy has been proposed as a deterrent since it allows a seller who discovers a pirated copy to extract the watermark and find out which buyer released it. Existing buyer-seller watermarking schemes assume that all copies are downloaded directly from the seller. In practice, however, the seller wants to save bandwidth by allowing a paying customer to download most of the content from other buyers. We introduce this as an interesting open research problem and present a proof-of-concept protocol which allows transfer of content between buyers while keeping the seller's communication proportional to the size of the watermark rather than the size of the content.