Verifiable, Secure and Privacy-Preserving Computation

In this thesis, I present the research I conducted with my co-authors on numerous areas of verifiable, secure, and privacy-preserving computation during my doctoral studies at the University of Luxembourg, where Professor Peter Ryan advised me.

In the first part, I study the functional encryption scheme. In the standard setting of functional encryption, it is assumed both the Central Authority (CA) and the encryptors to run their respective algorithms faithfully. However, in the case of dishonest parties, the security of the cryptosystem may be violated. It means that dishonest parties can cause inconsistent results which may not be detected. In the first part, we improve on this situation by considering Inner-Product Encryption (IPE), a special case of functional encryption and a primitive that has attracted wide interest from practitioners and researchers in the last decade. Specifically, we construct the first efficient verifiable Inner Product Encryption (VIPE) scheme according to the inner-product functionality. As the next step, we construct a verifiable IPE that satisfies unconditional verifiability, whereas privacy relies on the standard assumption.

The second part of this thesis presents my research on e-voting protocols. I revisit the coercion-resistant e-voting protocol by Juels, Catalano and Jakobsson (JCJ) and, particularly, the attempts to make it usable and practical. In JCJ the user needs to handle cryptographic credentials and fake these in case of coercion. We present a hardware-independent protocol that can be implemented using a combination of a digitally stored cryptographic length key and a PIN only known by the voter. The long credential could be stored in several places or hidden via steganography. At the ballot casting phase, the software will input the digital key and the password to form the credential submitted with the vote. Depending on the level of coercion, the coerced voter can either fake the long credential or, for stronger levels of coercion, the voter can reveal the digitally stored credential to the coercer but fake the PIN. Due to our improved tally, the coercer will not know if he got faked credentials or PINs.
On the other hand, since the voter memories the PIN is a high chance of users making a PIN typo error which will invalidate the vote and remain undetected. Note that naively giving feedback on the correctness of the PIN is not possible for coercion-resistance as it would allow the coercer to check whether he got a fake PIN or not. Instead, we will define a set of allowed PIN errors (e.g., chosen by the election administrator). We will consider a ballot valid if it has a correct PIN or an allowed PIN error but invalid for other PINs. At the tally phase, we construct protocols that secretly check whether a given PIN is in the set of allowed PINs and will sort out invalid ballots.

We also design another End-to-End verifiable e-voting scheme achieving coercion-resistance via deniable vote updating. We propose a new e-voting system that enables voters with an intuitive mechanism to update their possibly coerced vote in a deniable way. What is more, our e-voting system does not introduce any additional trust assumptions for end-to-end verifiability and vote privacy besides the standards. Moreover, we demonstrate that our e-voting system can be instantiated efficiently for practical elections. With these properties, our e-voting system has the potential to close the gap between theory and practice in coercion-resistant e-voting.