electronic national lotteries
DESCRIPTION
Electronic National Lotteries. Jessica Greer. Agenda. Large-scale electronic lotteries: What are they good for? (absolutely nothin’?) Requirements for electronic lottery systems Lotteries vs. Casinos Konstantinou’s protocol – does it meet the requirements?. Large-scale E-Lotteries. - PowerPoint PPT PresentationTRANSCRIPT
April 13, 2004 CS 551: CRyptography Applications Bistro
Electronic National LotteriesJessica Greer
April 13, 2004 CS 551: CRyptography Applications Bistro
Agenda
• Large-scale electronic lotteries: What are they good for? (absolutely nothin’?)
• Requirements for electronic lottery systems
• Lotteries vs. Casinos• Konstantinou’s protocol – does it
meet the requirements?
April 13, 2004 CS 551: CRyptography Applications Bistro
Large-scale E-Lotteries
Advantages over mechanical systems:
- Fast (high frequency)
- Dynamic
- Accessible
- Efficient micropayment scheme
April 13, 2004 CS 551: CRyptography Applications Bistro
Requirements
• Uniform distribution of generated numbers
• Unpredictable by anyone (even with access to history, audit logs)
• Unalterable – drawing and winner declaration
• Able to detect interference, errors (UK Lotto)
• Standardized, certifiable
April 13, 2004 CS 551: CRyptography Applications Bistro
Requirements, cont’d..
• Under regular scrutiny• Details publicly available• High availability• Scalability
April 13, 2004 CS 551: CRyptography Applications Bistro
Casinos vs. Lotteries
• Schneier’s solution: collaboration of gamblers for random number generation
• Lotteries: Users’ selections independent of one another
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview
Initialization: Generator and verifier exchange keys for encryption, signature
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview1. Generator draws sequence of bits from TRNG for seeding
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview2. Generator executes bit-commitment protocol* on seed bit sequence
* Seed commitment based on RSA encryption & RIPEMD-160 hashing
1. Generator draws sequence of bits from TRNG for seeding
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview2. Generator executes bit-commitment protocol* on seed bit sequence
* Seed commitment based on RSA encryption & RIPEMD-160 hashing
3. Resulting packet sent to Verifier, which signs the commitment
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview
3. Resulting packet sent to Verifier, which signs the commitment
4. Verifier sends generator a hash of file containing the coupons
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview
4. Verifier sends generator a hash of file containing the coupons
5. Generator concatenates seed with hash value from Verifier*
*State-stamping step – freezes coupons
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview
5. Generator concatenates seed with hash value from Verifier
6. Generator feeds first part of original TRNG-generated bit sequence through Naor-Reingold function
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview6. Generator feeds first part of original TRNG-generated bit sequence through Naor-Reingold function
7. Resulting bit stream XORed with 2nd part of initial seed; this result is sent through several pseudorandom number generators
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview7. Resulting bit stream XORed with 2nd part of initial seed; this result is sent through several pseudorandom number generators
8. Generator opens initial random seed bits (de-commitment). Encrypts and signs seed & numbers; sends file to Verifier. Stops.
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview8. Generator opens initial random seed bits (de-commitment). Encrypts and signs seed & numbers; sends file to Verifier. Stops.
9. Verifier authenticates file, decrypts it, recovers winning numbers + seed used to generate them
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview9. Verifier authenticates file, decrypts it, recovers winning numbers + seed used to generate them
10. Verifier checks that Generator has committed to seed
April 13, 2004 CS 551: CRyptography Applications Bistro
Protocol Overview
10. Verifier checks that Generator has committed to seed
10. Verifier uses seed to duplicate Generator’s tasks. If results match, finalize; if not, restart with Gen2
April 13, 2004 CS 551: CRyptography Applications Bistro
Requirements
• Uniform distribution of generated numbers – TRNG’s + Naor-Reingold
• Unpredictable by anyone (even with access to history) - same
• Unalterable – drawing and winner declaration – Verifier auditing
• Able to detect interference, errors (UK Lotto) – Verifier auditing, audit logs
• Standardized, certifiable - ?
April 13, 2004 CS 551: CRyptography Applications Bistro
Requirements, cont’d..• Under periodic scrutiny – alert
function in case of discrepancies• Details publicly available – paper…• High availability – depends on
hardware; some redundancy built-in• Scalability - ?
April 13, 2004 CS 551: CRyptography Applications Bistro
UK’s versionhttp://www.national-lottery.co.uk/player/p/home/home.do