HOME

TheInfoList



Click Here for Items Related To - Anonymous Veto Network
OR:
Anonymous Veto Network on:   [Wikipedia]   [Google]   [Amazon]

In cryptography, the anonymous veto network (or AV-net) is a multi-party secure computation protocol to compute the boolean-OR function. It was first proposed by Feng Hao and Piotr ZieliƄski in 2006. This protocol presents an efficient solution to the
Dining cryptographers problem In cryptography, the dining cryptographers problem studies how to perform a secure multi-party computation of the boolean-XOR function. David Chaum first proposed this problem in the early 1980s and used it as an illustrative example to show that ...
. A related protocol that securely computes a boolean-count function is open vote network (or OV-net).


Description

All participants agree on a group \scriptstyle G with a generator \scriptstyle g of prime order \scriptstyle q in which the discrete logarithm problem is hard. For example, a
Schnorr group A Schnorr group, proposed by Claus P. Schnorr, is a large prime-order subgroup of \mathbb_p^\times, the multiplicative group of integers modulo p for some prime A prime number (or a prime) is a natural number greater than 1 that is not a pr ...
can be used. For a group of \scriptstyle n participants, the protocol executes in two rounds. Round 1: each participant \scriptstyle i selects a random value \scriptstyle x_i \,\in_R\, \mathbb_q and publishes the ephemeral public key \scriptstyle g^ together with a
zero-knowledge proof In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true while the prover avoids conveying any additional information a ...
for the proof of the exponent \scriptstyle x_i. A detailed description of a method for such proofs is found in . After this round, each participant computes: :g^ = \prod_ g^ / \prod_ g^ Round 2: each participant \scriptstyle i publishes \scriptstyle g^ and a
zero-knowledge proof In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true while the prover avoids conveying any additional information a ...
for the proof of the exponent \scriptstyle c_i. Here, the participants chose \scriptstyle c_i \;=\; x_i if they want to send a "0" bit (no veto), or a random value if they want to send a "1" bit (veto). After round 2, each participant computes \scriptstyle \prod g^. If no one vetoed, each will obtain \scriptstyle \prod g^ \;=\; 1. On the other hand, if one or more participants vetoed, each will have \scriptstyle \prod g^ \;\neq\; 1.


The protocol design

The protocol is designed by combining random public keys in such a structured way to achieve a vanishing effect. In this case, \scriptstyle \sum \;=\; 0. For example, if there are three participants, then \scriptstyle x_1 \cdot y_1 \,+\, x_1 \cdot y_2 \,+\, x_3 \cdot y_3 \;=\; x_1 \cdot (-x_2 \,-\, x_3) \,+\, x_2 \cdot (x_1 \,-\, x_3) \,+\, x_3 \cdot (x_1 \,+\, x_2) \;=\; 0. A similar idea, though in a non-public-key context, can be traced back to
David Chaum David Lee Chaum (born 1955) is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertatio ...
's original solution to the
Dining cryptographers problem In cryptography, the dining cryptographers problem studies how to perform a secure multi-party computation of the boolean-XOR function. David Chaum first proposed this problem in the early 1980s and used it as an illustrative example to show that ...
.David Chaum
The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability
Journal of Cryptology, vol. 1, No, 1, pp. 65-75, 1988


References

{{DEFAULTSORT:Anonymous Veto Network Public-key cryptography Zero-knowledge protocols