When Is a Proof Actually Not?
Vanessa Teague, Thinking Cybersecurity
I'll examine some practical implementations of cryptographic proofs, including zero knowledge proofs for facts such as proper mixing, decryption, and equality testing. In each case, we can generate a 'proof' of a fact that is clearly false. In some cases these are simply bugs; in others, the forgery is possible because of a subtle misalignment of the security assumptions of a prove n-secure component and the context of the protocol.
Examples will include the SwissPost-Scytl-iVote mixing and decryption proofs, plus some new results on Plaintext Equivalence in the Civitas implementation of the Juels-Catalano-Jakobsson e-voting protocol.
Although all my examples come from e-voting, these results justify more careful analysis of other uses of zero knowledge proofs in other practical scenarios, such as blockchains, cryptocurrencies, and online auctions.
This is joint work with Thomas Haines, Sarah Jamie Lewis, Eleanor McMurtry, and Olivier Pereira.
Vanessa Teague is the CEO of Thinking Cybersecurity and Associate Prof (Adj.) in the Research School of Computer Science at the Australian National University. Her research focuses primarily on cryptographic methods for achieving security and privacy, particularly for issues of public interest such as election integrity and the protection of government data. She was part of the team (with Chris Culnane and Ben Rubinstein) who discovered the easy re-identification of doctors and patients in the Medicare/PBS open dataset released by the Australian Department of Health. She has co-designed numerous protocols for improved election integrity in e-voting systems, and co-discovered serious weaknesses in the cryptography of deployed e-voting systems in New South Wales, Western Australia, and Switzerland.
View the full WOOT '20 program at https://www.usenix.org/conference/woot20/workshop-program