CS255: Cryptography and Computer Security                                                Winter 1998

Assignment #4

            Due: Friday Mar 13, 1997

Written Assignment  -  Extra Credit Question.   You don't have to answer it !

Citizens of the island of Kafku (in the south pacific) adopted a bizarre voting scheme. Each citizen's vote v(i) is a bit (either zero or one). To decide which of the two competing parties wins the election the election committee computes 
            v(Alice)    xor   v(Bob)   xor   ....   xor   v(Zorba)
The result identifies the winning party.  The individual votes must remain secret. The inhabitants of the island of Kafku are famous for their mental calculation powers as well as their total unwillingness to use paper.  They agreed to use the following protocol:

  1. On election day the election committee announces certain information (public key) using the loud speaker system.

  2. Alice decides on her vote.  She then tells Bob some value, A, based on her vote, A=F(1,v(Alice)).  To keep her vote secret the value A should not reveal her vote to Bob.

  3. Bob decides on his vote. He computes some function of his vote and the value he received from Alice, B=F(A,v(Bob)). He tells the result, B, to Charlie.

  4. This process continues until Zorba computes the final value, Z=F(Y,v(Zorba)). He then gives the result, Z,  to the representative of the election committee (who is not a citizen of the Island).

  5. The representative uses some secret information known only to her to determine the outcome of the election.

Design the cryptographic mechanism to enable the denizens of Kafku to carry out the election while not revealing their private votes. Base the security of your mechanism on the hardness of distinguishing quadratic residues modulo a composite from non-residues with Jacobi symbol +1. You must describe the public key published on election day as well as the function F(x,y) used by the inhabitants.

This is an example of a private computation: a number of parties wish to compute a function of certain private values. The results of the computation should be made public, however no other information should be revealed about the private inputs. Another example of such a computation is the billionaires problem: two billionaires wish to decide who is richer without revealing their wealth. The solution to the billionaires problem is much harder. In general, it has been shown that (in principal) any function can be computed privately.

Programming Assignment

In this assignment, you need to implement a client-server application that handles electronic money. Once again we use the spellchecker. However now the client needs to pay the spellchecker for the services. The client will send words to the server who will spellcheck them and reply to the client with the result. The server will charge the client according to the number (and length) of the words it spellchecked.

The main security requirements are as follows: the client should be assured that the server cannot over charge. That is, the server should not be able to claim that the client spell checked words it did not. The server should be able to prove (to a judge) that the client indeed spell checked as many words as it did.

You will work with more or less the same skeleton client and server programs as you did in the first programming assignment. The client is still the same, the server has an added cleanup routine which is called when you try to kill it by pressing ctrl-C or using 'kill -2 processid'. Your job is to modify the client and server to add the money exchange functionality. You are strongly encouraged to work in pairs for this assignment. There will be no difference in the grading standard if you choose to work individually.

Getting Started

The directory /afs/ir/class/cs255/p2 on the Leland machines contains all the files you will need. They are:

  1. Makefile
  2. spellc.c
  3. spellc.h , all these are same as what you had in programming assignment 1
  4. spelld.c - Has an added routine cleanup(), which gets fired up during termination.

Copy these files to your directory and run make to create spellc and spelld. And you can check these in the same manner as you did in case of assignment 1. When you quit the spelld by pressing ctrl-C the server should print Server terminating.. and terminate.

What You Need To Do

You will maintain the current interface for spellc and spelld. You need not and should not change any of the code in the main() functions. You will add provisions for money exchange. You will have to change the init security() and process() functions both in spellc and spelld, plus the function cleanup() in the server spelld. cleanup() will print how much money the client used.

The client pays for spell checking services using tokens of various denominations. To avoid the need for a client signature on each spellchecking request, token lists are stored as stalks (see below). Spending a token amounts to revealing an element on the stalk. To implement coins of different denominations we use multiple stalks. Each stalk holds coins of a single denomination.

The implementation will require you to use signatures, one-way hash and MACs (for integrity).

The way the system works is as follows:

You need to decide on the message formats and the protocol for exchanging different denominations (i.e. exchanging a 10 unit token with 10 single unit tokens).

How You Should Do It

There are three steps to making the source code changes you need to make. The first step is to decide (at a high level) what cryptographic algorithms and what security protocols you will use. You have considerable freedom in this matter. The only restriction is that your algorithms/protocols must not require a third-party. You may reuse your code from the first programming assignment.

Having decided what schemes you will use, the next step will be to fix the details of the protocols. You will also need to design the message formats and the protocol flows to support your schemes.

Finally, you will need to implement your schemes and your implementation is subject to certain constraints:

  1. spellc and spelld were designed for use on the Leland epic and elaine machines. You should ensure that your submissions work on those machines as we will test submissions on those machines.
  2. You must use ANSI C (not C++ and not Java) for coding.
  3. You need to modify the process() and init_security() functions (and cleanup() in the server), but you should not change any other code. Of course, you are free to add other, supporting functions. You should also not change the Makefile.

Again you have full access to the cryptolibrary. Do not use other crypto toolkits available on the Web. In addition to coding, you will also need to submit a writeup. The writeup should consist of three parts corresponding to the three design phases described above. It should describe the algorithms and protocols that you used and provide a justification for your choices. In addition, it should provide a description the message formats and flows that you actually implemented. This description needs to be detailed enough to allow someone to independently implement spelld and have it work with your spellc (or vice versa). Note that your writeup must be in plain ascii text format.

Submission

Put your source code (spell.h, spellc.c, spelld.c) and your writeup (writeup.txt) in a directory called ,/cs255 handin/p2. Make sure that this directory is readable by the course staff. If you are on AFS, give the group "cs255-admins" access using the following commands:

% fs sa , cs255-admins lr
% fs sa ,/cs255 handin cs255-admins all
% fs sa ,/cs255 handin/p1 cs255-admins all

When you have done this, send email to ajain@webclass.stanford.edu providing us with your (and your partner's) names, leland logins, and Stanford ID numbers. (Only one partner needs to send email.)