Restricted partial quotients: Difference between revisions
en>RJFJR →Restricted CFs and the Cantor set: remove {{Cleanup|date=January 2009}} |
Oops, got finite fraction, should end with \ddots |
||
Line 1: | Line 1: | ||
{{Multiple issues|confusing =April 2009|refimprove =November 2007}} | |||
In [[cryptography]], '''homomorphic secret sharing''' is a type of [[secret sharing]] [[algorithm]] in which the secret is encrypted via [[homomorphic encryption]]. A [[homomorphism]] is a transformation from one [[algebraic structure]] into another of the same type so that the structure is preserved. Importantly, this means that for every kind of manipulation of the original data, there is a corresponding manipulation of the transformed data.<ref>{{cite journal|last=Schoenmakers|first=Berry|journal=Advances in Cryptology|year=1999|volume=1666|pages=148–164|id = {{citeseerx|10.1.1.102.9375}} }}</ref> | |||
== Technique == | |||
Homomorphic secret sharing is used to transmit a secret to several recipients as follows: | |||
# Transform the "secret" using a homomorphism. This often puts the secret into a form which is easy to manipulate or store. In particular, there may be a natural way to 'split' the new form as required by step (2). | |||
# Split the transformed secret into several parts, one for each recipient. The secret must be split in such a way that it can only be recovered when all or most of the parts are combined. (See [[secret sharing]]) | |||
# Distribute the parts of the secret to each of the recipients. | |||
# Combine each of the recipients' parts to recover the transformed secret, perhaps at a specified time. | |||
# Reverse the homomorphism to recover the original secret. | |||
== Example: decentralized voting protocol == | |||
Suppose a community wants to perform an election, but they want to ensure that the vote-counters won't lie about the results. Using a kind of homomorphic secret sharing known as [[Shamir's secret sharing]], each member of the community can put his vote into a form that can be split into pieces, then submit each piece to a different vote-counter. The pieces are designed so that the vote-counters can't predict how altering a piece of a vote will affect the whole vote; thus, vote-counters are discouraged from tampering with their pieces. When all votes have been received, the vote-counters combine all the pieces together, which allows them to reverse the alteration process and to recover the aggregate election results. | |||
In detail, suppose we have an election with: | |||
* Two possible outcomes, either ''yes'' or ''no''. We'll represent those outcomes numerically by +1 and -1, respectively. | |||
* A number of authorities, ''k'', who will count the votes. | |||
* A number of voters, ''n'', who will submit votes. | |||
Assume the election has two outcomes, so each member of the community can vote either ''yes'' or ''no''. We'll represent those votes numerically by +1 and -1, respectively. | |||
# In advance, each authority generates a publicly available numerical key, ''x<sub>k</sub>''. | |||
# Each voter encodes his vote in a polynomial ''p<sub>n</sub>'' according to the following rules: The polynomial should have degree ''k-1'', its constant term should be either ''+1'' or ''-1'' (corresponding to voting "yes" or voting "no"), and its other coefficients should be randomly generated. | |||
# Each voter computes the value of his polynomial ''p<sub>n</sub>'' at each authority's public key ''x<sub>k</sub>''. | |||
#* This produces ''k'' points, one for each authority. | |||
#* These ''k'' points are the "pieces" of the vote: If you know all of the points, you can figure out the polynomial ''p<sub>n</sub>'' (and hence you can figure out how the voter voted). However, if you know only some of the points, you can't figure out the polynomial. (This is because you need ''k'' points to determine a degree-''k-1'' polynomial. Two points determine a line, three points determine a parabola, etc.) | |||
# The voter sends each authority the value that was produced using the authority's key. | |||
# Each authority collects the values that he receives. Since each authority only gets one value from each voter, he can't discover any given voter's polynomial. Moreover, he can't predict how altering the submissions will affect the vote. | |||
# Once the voters have submitted their votes, each authority ''k'' computes and announces the sum ''A<sub>k</sub>'' of all the values he's received. | |||
# There are ''k'' sums, ''A<sub>k</sub>''; when they are combined together, they determine a unique polynomial ''P(x)''---specifically, the sum of all the voter polynomials: P(x) = p<sub>1</sub>(x) + p<sub>2</sub>(x) + … + p<sub>n</sub>(x). | |||
#* The constant term of ''P(x)'' is in fact the sum of all the votes, because the constant term of P(x) is the sum of the constant terms of the individual ''p<sub>n</sub>''. | |||
#* Thus the constant term of ''P(x)'' provides the aggregate election result: if it's positive, more people voted for +1 than for -1; if it's negative, more people voted for -1 than for +1. | |||
[[File:Homomorphic secret sharing, voting example.svg|frame|center|alt=A table illustrating the voting protocol| An illustration of the voting protocol. Each column represents the pieces of a particular voter's vote. Each row represents the pieces received by a particular authority.]] | |||
=== Features === | |||
This protocol works as long as not all of the <math>k</math> authorities are corrupt — if they were, then they could collaborate to reconstruct <math>P(x)</math> for each voter and also subsequently alter the votes. | |||
The [[Cryptographic protocol|protocol]] requires t+1 authorities to be completed, therefore in case there are N>t+1 authorities, N-t-1 authorities can be corrupted, which gives the protocol a certain degree of robustness. | |||
The protocol manages the IDs of the voters (the IDs were submitted with the ballots) and therefore can verify that only legitimate voters have voted. | |||
Under the assumptions on t: | |||
#A ballot cannot be backtracked to the ID so the privacy of the voters is preserved. | |||
#A voter cannot prove how they voted. | |||
#It is impossible to verify a vote. | |||
The [[Cryptographic protocol|protocol]] implicitly prevents corruption of ballots. | |||
This is because the authorities have no incentive to change the ballot since each authority has only a share of the ballot and has no knowledge how changing this share will affect the outcome. | |||
=== Vulnerabilities === | |||
*The voter cannot be certain that their vote has been recorded correctly. | |||
*The authorities cannot be sure the votes were legal and equal, for example the voter can choose a value which is not a valid option (i.e. not in {-1, 1}) such as -20, 50 which will tilt the results in their favor. | |||
==References== | |||
{{reflist}} | |||
== See also == | |||
* [[End-to-end auditable voting systems]] | |||
* [[Electronic voting]] | |||
* [[Certification of voting machines]] | |||
* [[Electoral fraud#Physical tampering with voting machines|Techniques of potential election fraud through physical tampering with voting machines]] | |||
* [[Election fraud#Testing and certification of electronic voting|Preventing Election fraud: Testing and certification of electronic voting]] | |||
* [[Vote counting system]] | |||
* [[E-democracy]] | |||
* [[Secure multi-party computation]] | |||
{{DEFAULTSORT:Homomorphic Secret Sharing}} | |||
[[Category:Functions and mappings]] | |||
[[Category:Abstract algebra]] | |||
[[Category:Cryptographic protocols]] |
Revision as of 17:21, 15 August 2013
In cryptography, homomorphic secret sharing is a type of secret sharing algorithm in which the secret is encrypted via homomorphic encryption. A homomorphism is a transformation from one algebraic structure into another of the same type so that the structure is preserved. Importantly, this means that for every kind of manipulation of the original data, there is a corresponding manipulation of the transformed data.[1]
Technique
Homomorphic secret sharing is used to transmit a secret to several recipients as follows:
- Transform the "secret" using a homomorphism. This often puts the secret into a form which is easy to manipulate or store. In particular, there may be a natural way to 'split' the new form as required by step (2).
- Split the transformed secret into several parts, one for each recipient. The secret must be split in such a way that it can only be recovered when all or most of the parts are combined. (See secret sharing)
- Distribute the parts of the secret to each of the recipients.
- Combine each of the recipients' parts to recover the transformed secret, perhaps at a specified time.
- Reverse the homomorphism to recover the original secret.
Example: decentralized voting protocol
Suppose a community wants to perform an election, but they want to ensure that the vote-counters won't lie about the results. Using a kind of homomorphic secret sharing known as Shamir's secret sharing, each member of the community can put his vote into a form that can be split into pieces, then submit each piece to a different vote-counter. The pieces are designed so that the vote-counters can't predict how altering a piece of a vote will affect the whole vote; thus, vote-counters are discouraged from tampering with their pieces. When all votes have been received, the vote-counters combine all the pieces together, which allows them to reverse the alteration process and to recover the aggregate election results.
In detail, suppose we have an election with:
- Two possible outcomes, either yes or no. We'll represent those outcomes numerically by +1 and -1, respectively.
- A number of authorities, k, who will count the votes.
- A number of voters, n, who will submit votes.
Assume the election has two outcomes, so each member of the community can vote either yes or no. We'll represent those votes numerically by +1 and -1, respectively.
- In advance, each authority generates a publicly available numerical key, xk.
- Each voter encodes his vote in a polynomial pn according to the following rules: The polynomial should have degree k-1, its constant term should be either +1 or -1 (corresponding to voting "yes" or voting "no"), and its other coefficients should be randomly generated.
- Each voter computes the value of his polynomial pn at each authority's public key xk.
- This produces k points, one for each authority.
- These k points are the "pieces" of the vote: If you know all of the points, you can figure out the polynomial pn (and hence you can figure out how the voter voted). However, if you know only some of the points, you can't figure out the polynomial. (This is because you need k points to determine a degree-k-1 polynomial. Two points determine a line, three points determine a parabola, etc.)
- The voter sends each authority the value that was produced using the authority's key.
- Each authority collects the values that he receives. Since each authority only gets one value from each voter, he can't discover any given voter's polynomial. Moreover, he can't predict how altering the submissions will affect the vote.
- Once the voters have submitted their votes, each authority k computes and announces the sum Ak of all the values he's received.
- There are k sums, Ak; when they are combined together, they determine a unique polynomial P(x)---specifically, the sum of all the voter polynomials: P(x) = p1(x) + p2(x) + … + pn(x).
- The constant term of P(x) is in fact the sum of all the votes, because the constant term of P(x) is the sum of the constant terms of the individual pn.
- Thus the constant term of P(x) provides the aggregate election result: if it's positive, more people voted for +1 than for -1; if it's negative, more people voted for -1 than for +1.
Features
This protocol works as long as not all of the authorities are corrupt — if they were, then they could collaborate to reconstruct for each voter and also subsequently alter the votes.
The protocol requires t+1 authorities to be completed, therefore in case there are N>t+1 authorities, N-t-1 authorities can be corrupted, which gives the protocol a certain degree of robustness.
The protocol manages the IDs of the voters (the IDs were submitted with the ballots) and therefore can verify that only legitimate voters have voted.
Under the assumptions on t:
- A ballot cannot be backtracked to the ID so the privacy of the voters is preserved.
- A voter cannot prove how they voted.
- It is impossible to verify a vote.
The protocol implicitly prevents corruption of ballots. This is because the authorities have no incentive to change the ballot since each authority has only a share of the ballot and has no knowledge how changing this share will affect the outcome.
Vulnerabilities
- The voter cannot be certain that their vote has been recorded correctly.
- The authorities cannot be sure the votes were legal and equal, for example the voter can choose a value which is not a valid option (i.e. not in {-1, 1}) such as -20, 50 which will tilt the results in their favor.
References
43 year old Petroleum Engineer Harry from Deep River, usually spends time with hobbies and interests like renting movies, property developers in singapore new condominium and vehicle racing. Constantly enjoys going to destinations like Camino Real de Tierra Adentro.
See also
- End-to-end auditable voting systems
- Electronic voting
- Certification of voting machines
- Techniques of potential election fraud through physical tampering with voting machines
- Preventing Election fraud: Testing and certification of electronic voting
- Vote counting system
- E-democracy
- Secure multi-party computation
- ↑ One of the biggest reasons investing in a Singapore new launch is an effective things is as a result of it is doable to be lent massive quantities of money at very low interest rates that you should utilize to purchase it. Then, if property values continue to go up, then you'll get a really high return on funding (ROI). Simply make sure you purchase one of the higher properties, reminiscent of the ones at Fernvale the Riverbank or any Singapore landed property Get Earnings by means of Renting
In its statement, the singapore property listing - website link, government claimed that the majority citizens buying their first residence won't be hurt by the new measures. Some concessions can even be prolonged to chose teams of consumers, similar to married couples with a minimum of one Singaporean partner who are purchasing their second property so long as they intend to promote their first residential property. Lower the LTV limit on housing loans granted by monetary establishments regulated by MAS from 70% to 60% for property purchasers who are individuals with a number of outstanding housing loans on the time of the brand new housing purchase. Singapore Property Measures - 30 August 2010 The most popular seek for the number of bedrooms in Singapore is 4, followed by 2 and three. Lush Acres EC @ Sengkang
Discover out more about real estate funding in the area, together with info on international funding incentives and property possession. Many Singaporeans have been investing in property across the causeway in recent years, attracted by comparatively low prices. However, those who need to exit their investments quickly are likely to face significant challenges when trying to sell their property – and could finally be stuck with a property they can't sell. Career improvement programmes, in-house valuation, auctions and administrative help, venture advertising and marketing, skilled talks and traisning are continuously planned for the sales associates to help them obtain better outcomes for his or her shoppers while at Knight Frank Singapore. No change Present Rules
Extending the tax exemption would help. The exemption, which may be as a lot as $2 million per family, covers individuals who negotiate a principal reduction on their existing mortgage, sell their house short (i.e., for lower than the excellent loans), or take part in a foreclosure course of. An extension of theexemption would seem like a common-sense means to assist stabilize the housing market, but the political turmoil around the fiscal-cliff negotiations means widespread sense could not win out. Home Minority Chief Nancy Pelosi (D-Calif.) believes that the mortgage relief provision will be on the table during the grand-cut price talks, in response to communications director Nadeam Elshami. Buying or promoting of blue mild bulbs is unlawful.
A vendor's stamp duty has been launched on industrial property for the primary time, at rates ranging from 5 per cent to 15 per cent. The Authorities might be trying to reassure the market that they aren't in opposition to foreigners and PRs investing in Singapore's property market. They imposed these measures because of extenuating components available in the market." The sale of new dual-key EC models will even be restricted to multi-generational households only. The models have two separate entrances, permitting grandparents, for example, to dwell separately. The vendor's stamp obligation takes effect right this moment and applies to industrial property and plots which might be offered inside three years of the date of buy. JLL named Best Performing Property Brand for second year running
The data offered is for normal info purposes only and isn't supposed to be personalised investment or monetary advice. Motley Fool Singapore contributor Stanley Lim would not personal shares in any corporations talked about. Singapore private home costs increased by 1.eight% within the fourth quarter of 2012, up from 0.6% within the earlier quarter. Resale prices of government-built HDB residences which are usually bought by Singaporeans, elevated by 2.5%, quarter on quarter, the quickest acquire in five quarters. And industrial property, prices are actually double the levels of three years ago. No withholding tax in the event you sell your property. All your local information regarding vital HDB policies, condominium launches, land growth, commercial property and more
There are various methods to go about discovering the precise property. Some local newspapers (together with the Straits Instances ) have categorised property sections and many local property brokers have websites. Now there are some specifics to consider when buying a 'new launch' rental. Intended use of the unit Every sale begins with 10 p.c low cost for finish of season sale; changes to 20 % discount storewide; follows by additional reduction of fiftyand ends with last discount of 70 % or extra. Typically there is even a warehouse sale or transferring out sale with huge mark-down of costs for stock clearance. Deborah Regulation from Expat Realtor shares her property market update, plus prime rental residences and houses at the moment available to lease Esparina EC @ Sengkang