more slides

ACNS/presentation/key_exchange.tex

 
 \section{Actively Secure Key Exchange}
 \begin{frame}
+	\frametitle{Measures for Active Security}
+	\begin{definition}[Zero-knowledge Proof of Knowledge in HHS \(\left(\mathcal E,\mathcal G\right)\)]
+		A party proves knowledge of \(s\) with
+			\[  \left[s\right] E_i = E_i' \]
+		for pairs \(\left(E_i,E_i'\right) \in \mathcal E^2\), \(i=1,\ldots, m\).
+	\end{definition}
+	\begin{definition}[Piecewise Verifiable Proof]
+		A party proves knowledge of a polynomial \(f\) for a statement
+		\[x = \left(\left(E_0,E_1\right),s_1,\ldots, s_n\right),\]
+		where \(E_1 = \left[f\paren* 0\right] E_0\) and \(s_i = f\paren* i\) for \(i=1,\ldots, n\).
+	\end{definition}
 \end{frame}

ACNS/presentation/motivation.tex

@@ -59,24 +59,76 @@
 
 	\begin{center}
 	\begin{tikzpicture}
-		\def\radius{2.5cm}
+		\def\radius{2cm}
 		\begin{scope}[minimum size = .7cm]
-			\node [charlie] (sh1) at (40:3cm) {$s_1$};
-			\node [dave](sh2) at (140:3cm){$s_2$};
-			\node [maninblack] (sh3) at (220:3cm){$s_3$};
-			\node [physician] (sh4) at (320:3cm){$s_4$};
+			\node [charlie] (sh1) at (40:\radius) {$s_1$};
+			\node [dave](sh2) at (140:\radius){$s_2$};
+			\node [maninblack] (sh3) at (220:\radius){$s_3$};
+			\node [physician] (sh4) at (320:\radius){$s_4$};
+		\end{scope}
 
 		\node (sk) at (0,0) {$\sk$};
 		\draw [help lines] (sk) edge (sh1) edge (sh2) edge (sh3) edge (sh4);
 		
 		\pause
-			\node [right=of sh1] (cipher) {$c$};
+		\node [right=of sh1] (cipher) {$E_0 = c$};
 		\coordinate [left = of sh2] (bla) ;
 		\draw [->] (cipher) -- (sh1);
 
-		\end{scope}
+		\pause
+		\draw [->, >=Stealth, bend right] (sh1) edge node [midway, above] {$ E^1 = \left[L_{1} s_1\right] E_0$} (sh2) ;
+		\draw [->, >=Stealth, bend right] (sh2) edge node [midway, left] {$ E^2 = \left[L_{2} s_2\right] E_1$} (sh3) ;
+		\draw [->, >=Stealth, bend right] (sh3) edge node [midway, below] {$ E^3 = \left[L_{3} s_3\right] E_2$} (sh4) ;
+		\node [right = of sh4] (key) {$\key = \left[L_4 s_4\right] E^3$};
+		\draw [->] (sh4) -- (key);
+
 	\end{tikzpicture}
 	\end{center}
+\end{frame}
 
+\begin{frame}
+	\frametitle{Features of the Protocol}
+	\begin{block}{Advantages}
+		\begin{itemize}
+			\item Simulatable
+			\item Authorised set of shareholders suffices
+			\item Turn order is variable
+		\end{itemize}
+	\end{block}
+	\pause
+	\begin{problem}
+		Passive security: misbehaving shareholders cannot be detected.
+	\end{problem}
 \end{frame}
 
+\begin{frame}
+	\frametitle{A Misbehaving Shareholder}
+	\begin{center}
+	\begin{tikzpicture}
+		\def\radius{2cm}
+		\begin{scope}[minimum size = .7cm]
+			\node [charlie] (sh1) at (40:\radius) {$s_1$};
+			\node [devil](sh2) at (140:\radius){$s_2$};
+			\node [maninblack] (sh3) at (220:\radius){$s_3$};
+			\node [physician] (sh4) at (320:\radius){$s_4$};
+		\end{scope}
+
+		\node (sk) at (0,0) {$\sk$};
+		\draw [help lines] (sk) edge (sh1) edge (sh2) edge (sh3) edge (sh4);
+		
+		%\pause
+		\node [right=of sh1] (cipher) {$E_0 = c$};
+		\coordinate [left = of sh2] (bla) ;
+		\draw [->] (cipher) -- (sh1);
+
+		%\pause
+		\draw [->, >=Stealth, bend right] (sh1) edge node [midway, above] {$ E^1 = \left[L_{1} s_1\right] E_0$} (sh2) ;
+		\draw [->, >=Stealth, bend right] (sh2) edge node [midway, left, color = red] {$ {E^2} \neq \left[L_{2} s_2\right] E_1$} (sh3) ;
+		\draw [->, >=Stealth, bend right] (sh3) edge node [midway, below] {$ E^3 = \left[L_{3} s_3\right] E_2$} (sh4) ;
+		\node [right = of sh4] (key) {$\key = \left[L_4 s_4\right] E^3$};
+		\draw [->] (sh4) -- (key);
+
+	\end{tikzpicture}
+	\end{center}
+
+\end{frame}