21
April 13, 2004 CS 551: CRyptography Applications Bistro Electronic National Lotteries Jessica Greer

Electronic National Lotteries

Embed Size (px)

DESCRIPTION

Electronic National Lotteries. Jessica Greer. Agenda. Large-scale electronic lotteries: What are they good for? (absolutely nothin’?) Requirements for electronic lottery systems Lotteries vs. Casinos Konstantinou’s protocol – does it meet the requirements?. Large-scale E-Lotteries. - PowerPoint PPT Presentation

Citation preview

Page 1: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Electronic National LotteriesJessica Greer

Page 2: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Agenda

• Large-scale electronic lotteries: What are they good for? (absolutely nothin’?)

• Requirements for electronic lottery systems

• Lotteries vs. Casinos• Konstantinou’s protocol – does it

meet the requirements?

Page 3: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Large-scale E-Lotteries

Advantages over mechanical systems:

- Fast (high frequency)

- Dynamic

- Accessible

- Efficient micropayment scheme

Page 4: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Requirements

• Uniform distribution of generated numbers

• Unpredictable by anyone (even with access to history, audit logs)

• Unalterable – drawing and winner declaration

• Able to detect interference, errors (UK Lotto)

• Standardized, certifiable

Page 5: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Requirements, cont’d..

• Under regular scrutiny• Details publicly available• High availability• Scalability

Page 6: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Casinos vs. Lotteries

• Schneier’s solution: collaboration of gamblers for random number generation

• Lotteries: Users’ selections independent of one another

Page 7: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview

Initialization: Generator and verifier exchange keys for encryption, signature

Page 8: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview1. Generator draws sequence of bits from TRNG for seeding

Page 9: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview2. Generator executes bit-commitment protocol* on seed bit sequence

* Seed commitment based on RSA encryption & RIPEMD-160 hashing

1. Generator draws sequence of bits from TRNG for seeding

Page 10: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview2. Generator executes bit-commitment protocol* on seed bit sequence

* Seed commitment based on RSA encryption & RIPEMD-160 hashing

3. Resulting packet sent to Verifier, which signs the commitment

Page 11: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview

3. Resulting packet sent to Verifier, which signs the commitment

4. Verifier sends generator a hash of file containing the coupons

Page 12: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview

4. Verifier sends generator a hash of file containing the coupons

5. Generator concatenates seed with hash value from Verifier*

*State-stamping step – freezes coupons

Page 13: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview

5. Generator concatenates seed with hash value from Verifier

6. Generator feeds first part of original TRNG-generated bit sequence through Naor-Reingold function

Page 14: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview6. Generator feeds first part of original TRNG-generated bit sequence through Naor-Reingold function

7. Resulting bit stream XORed with 2nd part of initial seed; this result is sent through several pseudorandom number generators

Page 15: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview7. Resulting bit stream XORed with 2nd part of initial seed; this result is sent through several pseudorandom number generators

8. Generator opens initial random seed bits (de-commitment). Encrypts and signs seed & numbers; sends file to Verifier. Stops.

Page 16: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview8. Generator opens initial random seed bits (de-commitment). Encrypts and signs seed & numbers; sends file to Verifier. Stops.

9. Verifier authenticates file, decrypts it, recovers winning numbers + seed used to generate them

Page 17: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview9. Verifier authenticates file, decrypts it, recovers winning numbers + seed used to generate them

10. Verifier checks that Generator has committed to seed

Page 18: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Protocol Overview

10. Verifier checks that Generator has committed to seed

10. Verifier uses seed to duplicate Generator’s tasks. If results match, finalize; if not, restart with Gen2

Page 19: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Requirements

• Uniform distribution of generated numbers – TRNG’s + Naor-Reingold

• Unpredictable by anyone (even with access to history) - same

• Unalterable – drawing and winner declaration – Verifier auditing

• Able to detect interference, errors (UK Lotto) – Verifier auditing, audit logs

• Standardized, certifiable - ?

Page 20: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

Requirements, cont’d..• Under periodic scrutiny – alert

function in case of discrepancies• Details publicly available – paper…• High availability – depends on

hardware; some redundancy built-in• Scalability - ?

Page 21: Electronic National Lotteries

April 13, 2004 CS 551: CRyptography Applications Bistro

UK’s versionhttp://www.national-lottery.co.uk/player/p/home/home.do