When Is a Test Not a Proof?

McMurtry, Eleanor;Pereira, Olivier;Teague, Vanessa
(2020) 25th European Symposium on Research in Computer Security, (ESORICS 2020) — Location: Guildford, UK (14.September.2020)

Files

Whenisatestnotaproof.pdf
  • Open Access
  • Adobe PDF
  • 420.92 KB

Details

Authors
  • McMurtry, EleanorUniversity of Melbourne
    Author
  • Author
  • Teague, VanessaThinking Cybersecurity Pty. Ltd. and the Australian National University
    Author
Abstract
A common primitive in election and auction protocols is a plaintext equivalence test (PET) in which two ciphertexts are tested for equality of their plaintexts, and a verifiable proof of the test’s outcome is provided. The most commonly-cited PETs require at least one honest party, but many applications claim universal verifiability, at odds with this requirement. If a test that relies on at least one honest participant is mistakenly used in a place where a universally verifiable proof is needed, then a collusion by all participants can insert a forged proof of equality into the tallying transcript. We show this breaks universal verifiability for the JCJ/Civitas scheme among others, because the only PETs they reference are not universally verifiable. We then demonstrate how to fix the problem.
Affiliations

Citations

McMurtry, E., Pereira, O., & Teague, V. (2020). When Is a Test Not a Proof? In Liqun Chen, Ninghui Li, Kaitai Liang, Steve A. Schneider (ed.), Proceedings of the 25th European Symposium on Research in Computer Security, (ESORICS 2020) (p. p. 23-41). Springer. https://hdl.handle.net/2078.5/256616