Kazue Sako Distinguished Researcher Security Research Labs Expresident JSIAM Digital Transformation D igitization is the technical process of converting analog information ID: 803808
Download The PPT/PDF document "Cryptography and Digital Transformation" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Cryptography and Digital Transformation
Kazue
Sako
,
Distinguished Researcher,
Security
Research Labs
.,
Ex-president, JSIAM
Slide2Digital Transformation
D
igitization
is the 'technical process' of "
converting
analog information
into digital form
D
igitalization
is the 'organizational
process
' or 'business
process
' of the technologically-induced change
Digital Transformation
is the
total and overall
societal
effect
of
digitalization.
[
Wikipedia
]
Slide3Physical objects and digital data
Our society
had been using
physical objects
in
a smart way.We built our rules based on its characteristics.But they also had limitations.
Going digital, we can free ourselves from physical limitations.At the same time, we’re at risk as we are no longer protected by familiar properties.How can we make ‘digitalization’ happen ‘right’?
Slide4Cryptographic Algorithms
provide alternative restrictions
s
imilar to physical objects had.
Moreover, we can design it
and control power!
Slide5Outline of the rest of the talk
-Some cryptographic foundations
-Examples of digitalization
- Electronic Voting
- Bitcoin
Blockchain
-Summary
Slide6Cryptographic Foundations I
Symmetric-key encryption
Public-key (Asymmetric-key) encryption
data
data
DEC
ENC
send
Same key
send
data
DEC
ENC
My secret key
Public-key of the receiver
data
Slide7Cryptographic Foundations II
Public-key encryption
Digital Signature
data
DEC
ENC
My secret key
Public-key of the receiver
data
My secret key
Public-key
of
the signer
7
data
data
Gen-
SIG
Verify
OK
/
NG
sig
Slide8Cryptographyic Foundations III: Interactive proofs
Ordinary written-down proofs
Interactive proofs
?
Can be made to be zero-knowledge: Nothing leaked.
Trasnferable
knowledge.
Claim
Claim
proof
Slide9Cryptographic Algorithms
provide alternative restrictions
s
imilar to physical objects had.
Moreover, we can design it
and control power!
Slide10My Journey on Digitalization
privacy
voting
Anony-mous
authen-tication
security
Digital Identity
Dice Rolls
fairness
Lottery
Au
ction
Slide11Steps for Digitalization
Slide12Voting: Steps for Digitalization
Redefine its purpose
Model its features
Yes
Yes
No
Yes
Yes
No
4 Yes and 2 No
Tallying authority
Voters
Slide13Steps for Digitalization
Define the requirements
Only legitimate voters vote, and one vote per voter.
Tallying authority cannot announce faulty results.
No one can learn how each voter voted.
Design a system
Verify the system meets the requirements
Slide14How did we do with papers?
VOTE
NAME
Ballot
VOTE
VOTE
VOTE
Ballot in
d
ouble
envelopes
Shuffle inner
Envelopes
And open
Supervisor
Checks
The process
open
open
open
Slide15Digishuff: Shuffling based voting protocol
VOTE
NAME
Ballot
VOTE
VOTE
VOTE
Ballot in
d
ouble
envelopes
Shuffle inner
Envelopes
And open
Supervisor
Checks
The process
open
open
open
Ballot data
Encrypt Ballot
And Sign
Shuffle
Enc
-Data
And then decrypt
Prove in
Zero-Knowledge
That process
is correct
ENC
ENC Data
ENC Data
ENC Data
ENC Data
Ballot
DEC
DEC
DEC
SIG
Ballot
Ballot
Slide16How to shuffle digital data?
Alice
KE9SLIWEL
Bob
SJAJIWE54S
Chris
GKX3RPB9UEva QKS769WMLDave GR83F80BUY
SJAJIWE54S QKS769WML GR83F80BUY GKX3RPB9U KE9SLIWEL
Input
After Shuffle???
Easy to
trace back
Slide17Probabilistic Encryption
message1
KE9SLIWEL
IE8XJFN39
PQJ0D4NXH
P849XKJSN
・・・
message1
Ciphertext
Space
ENC
+
Random
Value
DE
C
Slide18Re-encryption
Change the
look of encryption
KE9SLIWEL
IE8XJFN39
PQJ0D4NXH
P849XKJSN
….
SJAJIWE54S
QKS769WML
GR83F80BUY
GKX3RPB9U KE9SLIWEL
IW0JDLS76
RDQM4LX
F8ZPF1EG
JV7D34S
PQ
j0
D4NXH
P
ermute
Output
Alice
KE9SLIWEL
Bob
SJAJIWE54S
Chris
GKX3RPB9U
Eva
QKS769WML
Dave
GR83F80BUY
Input
Slide19Outline of the talk
-Some cryptographic foundations
-Examples of digitalization
- Electronic Voting
- Bitcoin
Blockchain
-Summary
Slide20Bitcoin Blockchain
(
Overview
)
There are many types of
blockchain
.Here we discuss Bitcoin Blockchain
Slide21Model: User (data generation) and Ledger (data)
User Layer
Ledger
Layer
Slide22Prior electronic money:Data is Stored in one place
User Layer
Spending money
Ledger
Layer
Maintain accounts
Slide23Prior Systems
:
Data is Stored in one place
A
残高
500
B
残高
0
C
残高
100
D
残高
200
E
残高
300
F
残高
0
G
残高
50
H
残高
50
I
残高
150
J
残高
400
A
残高
480
B
残高
20
C
残高
60
D
残高
240
E
残高
250
F
残高
50
G
残高
10
H
残高
90
I
残高
110
J
残高
440
A
480
B
0
C
80
D
220
E
270
F
30
G
20
H
90
I
110
J
460
A
400
B
0
C
80
D
220
E
350
F
30
G
20
H
90
I
110
J
460
A
→
B
(
20
)
C
→
D
(
40
)
A
→
B
(
20
)
E
→
F
(
50
)
C
→
D
(
40
)
A
→
B
(
20
)
I
→
J
(
40
)
G
→
H
(
40
)
E
→
F
(
50
)
C
→
D
(
40
)
A
→
B
(
20
)
B
→
C
(
20
)
I
→
J
(
40
)
G
→
H
(
40
)
E
→
F
(
50
)
C
→
D
(
40
)
A
→
B
(
20
)
D
→
E
(
20
)
B
→
C
(
20
)
I
→
J
(
40
)
G
→
H
(
40
)
E
→
F
(
50
)
C
→
D
(
40
)
A
→
B
(
20
)
F
→
J
(
20
)
D
→E
(20)B→C(20)I→J(40)
G→H(40)E→F(50)C→D(40
)A→B(20)I→G(10)
F→J(20)D→E(20)B→C
(
20
)
I
→
J
(
40
)
G
→
H
(
40
)
E
→
F
(
50
)
C
→
D
(
40
)
A
→
B
(
20
)
A
→
E
(
80
)
I
→
G
(
10
)
F
→
J
(
20
)
D
→
E
(
20
)
B
→
C
(
20
)
I
→
J
(
40
)
G
→
H
(
40
)
E
→
F
(
50
)
C
→
D
(
40
)
A
→
B
(
20
)
Transactions are collected
Status is updated.
A
→
B
(
20
)
Ledger Management
is Centralized/Single point of failure
Cost for Maintaining Security is high/Intentional data modification undetected
Slide24Blockchain| Users and Ledger
Data Generation Layer
(
Users
)
Data Management Layer (
DistributedLedger
)
Slide25Blockchain| Multiple Nodes for Data Management
Data Management Layer (
DistributedLedger
)
Slide26Blockchain
|
Data Propagated among Multiple Nodes
C
→
D
(
40
)
C
→
D
(
40
)
C
→
D
(
40
)
C
→
D
(
40
)
C
→
D
(
40
)
C
→
D
(
40
)
Signed Transaction data is given to ledger layer
Valid data is propagated in Peer-to-Peer communication
Slide27Blockchain
|
Transaction Data generated constantly
Data propagated incompletely
Slide28Blockchain
|
Each Node receives different data
D
→
E
(
20
)
I
→
G
(
10
)
I
→
J
(
40
)
A
→
B
(
20
)
C
→
D
(
40
)
F
→
J
(
20
)
D
→
E
(
20
)
E
→
F
(
50
)
C
→
D
(
40
)
A
→
B
(
20
)
I
→
J
(
40
)
A
→
E
(
80
)
B
→
C
(
20
)
E
→
F
(
50
)
I
→
J
(
40
)
C
→
D
(
40
)
A
→
B
(
20
)
F
→
J
(
20
)
C
→
D
(
40
)
I
→
J
(
40
)
A
→
B
(
20
)
E
→
F
(
50
)
B
→
C
(
20
)
C
→
D
(
40)I→J(40
)G→H(40)A→B(20)
Different number of data recordsDifferent ordering
Slide29Blockchain
|
Each Node receives different data
D
→
E
(
20
)
I
→
G
(
10
)
I
→
J
(
40
)
A
→
B
(
20
)
C
→
D
(
40
)
F
→
J
(
20
)
D
→
E
(
20
)
E
→
F
(
50
)
C
→
D
(
40
)
A
→
B
(
20
)
I
→
J
(
40
)
A
→
E
(
80
)
B
→
C
(
20
)
E
→
F
(
50
)
I
→
J
(
40
)
C
→
D
(
40
)
A
→
B
(
20
)
F
→
J
(
20
)
C
→
D
(
40
)
I
→
J
(
40
)
A
→
B
(
20
)
E
→
F
(
50
)
B
→
C
(
20
)
C
→
D
(
40)I→J(40
)G→H(40)A→B(20)
How can they synchronize given:
No common clock
They
only know their
neighbors
(
Bitcoin: permissionless blockchain)
Slide30Blockchain | Generating a ‘Block’
=
Crypto puzzle
For the purpose of synchronization
Time-consuming
Crypto Puzzle
is
introduced
Given your piece, form a square
※The puzzle
always
has an answer with
any pieces(data
)
they
have.
Slide31Blockchain| Broadcasting a block
C
→
D
(
40
)
I
→
J
(
40
)
G
→
H
(
40
)
A
→
B
(
20
)
Nick
Slide32Blockchain
|
Verification of block (Data registration)
C
→
D
(
40
)
I
→
J
(
40
)
G
→
H
(
40
)
A
→
B
(
20
)
Nick
Slide33Blockchain
|
Immediately the next puzzle race starts
Nathan
Slide34Blockchain
|
How a consistent ledger is achieved
D
→
E
(
20
)
I
→G(10)B→C(20)C→D(40)I→J(40)G→H(40)A→B(20)
…
………
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I
→
J
(
40
)
G
→
H
(
40
)
A
→
B
(
20
)
…
………
D
→
E
(
20
)
I
→
G
(
10
)
B→C(20)C→D(
40)I→J(40)G→H(40)A
→B(20)…………
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I
→
J
(
40
)
G
→
H
(
40
)
A
→
B
(20
)……
……
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I
→J(40)G→H(40)
A→B(20)…………
Slide35Blockchain
| User’s view
D
→
E
(
20
)
I
→
G(10)B→C(20)C→D(40)I→J(40)G→H(40)A
→B
(20)…………
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I
→
J
(
40
)
G
→
H
(
40
)
A
→
B
(
20
)
…
…
……
D
→
E
(
20
)
I
→
G
(
10
)B→C(20)
C→D(40)I→J(40)G→H(
40)A→B(20)…………
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I
→
J
(
40
)
G
→
H
(
40
)
A
→
B
(
20
)……
……
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I→J(40)G→
H(40)A→B(20)…………
Slide36Blockchain
| User’s view
D
→
E
(
20
)
I
→
G(10)B→C(20)C→D(40)I→J(40)G→H(40)A
→B
(20)…………
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I
→
J
(
40
)
G
→
H
(
40
)
A
→
B
(
20
)
…
…
……
D
→
E
(
20
)
I
→
G
(
10
)B→C(20)
C→D(40)I→J(40)G→H(
40)A→B(20)…………
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I
→
J
(
40
)
G
→
H
(
40
)
A
→
B
(
20
)……
……
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I→J(40)G→
H(40)A→B(20)…………
My transaction data is not there
!
Wait a while
(perhaps in a next block)
2. Resend
Slide37Blockchain
|
Immutability
D
→
E
(
20
)
I
→G(10)B→C(20)C→D(40)I→J(40)G→H(40)A→B(20)
…
………
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I
→
J
(
40
)
G
→
H
(
40
)
A
→
B
(
20
)
…
…
…
…
D
→
E
(
20
)
I
→
G
(
10
)
B→C(20)C→D(40)
I
→J(40)G→H
(40)
A→B(20
)……
……
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C
→
D
(
40
)
I
→
J
(
40
)
G
→
H
(
40
)
A
→
B
(
20
)
………
…
D
→
E
(
20
)
I
→
G
(
10
)
B
→
C
(
20
)
C→D(40)
I→J(40)G
→H(40)A→B
(20)…
………
As there are many replications, it is robust against loss
Slide38Crypto puzzle
For the purpose of synchronization
Time-consuming
Crypto Puzzle
is
introduced
※The puzzle
always
has an answer with
any pieces(data
)
they
have.
Random Function
Target range
Slide39Blockchain
|
Incentives
¥
¥
Those who successfully solved a puzzle
Receives reward in
Bitcoin
After several succession of blocks
Slide40FAQ. What if two people solved at the same time?
Slide41Nakamoto Rule: The longer chain is the valid chain
Nathan
Nancy
Naruto
Slide42Nakamoto
Rule: The longer chain is the valid chain
Nathan
Nancy
Naruto
Slide43Nakamoto Rule: The longer chain is the valid chain
Nathan
Nancy
Naruto
Noby
Slide44Nakamoto
Rule: The longer chain is the valid chain
Nathan
Nancy
Naruto
Noby
Slide45Nakamoto Rule: The longer chain is the valid chain
Nathan
Nancy
Naruto
Noby
Nick
Slide46My Anticipations to Blockchain technology
Slide47Blockchain can serve as a public bulletin board
‘public bulletin board’
Anyone can write on the board
Something once written can not be changed
Writer is authenticated
Everybody can see what is written
it was unclear how to efficiently build a public bulletin board without a Trusted Third Party.
Slide48Public Bulletin Board can
Solve disputes regarding message delivery.
I sent but you ignored it
Water spraying argument
You never sent any
Slide49Public Bulletin Board can
It resolves unfair ‘
personalized
services’
Not only prices, but also discriminatory services and opinion controlling
ads----
more transparency
30
For sale
45
32
4
0
35
4
4
Slide50Concluding Remarks
Slide51Steps for Digitalization
Mathematics is a language that allow us to discuss every step
rigourously
Slide52My message for the day
We need to ‘digitalize’
our society correctly
.
Cryptography and
blockchain
could be building blocks for digitalization. Appropriate mathematical modeling and correct evaluation is indispensable.Collaboration is the key.
Slide53Slide54