Electronic National Lotteries - PowerPoint PPT Presentation

About This Presentation
Title:

Electronic National Lotteries

Description:

Electronic National Lotteries Jessica Greer Agenda Large-scale electronic lotteries: What are they good for? (absolutely nothin ?) Requirements for electronic ... – PowerPoint PPT presentation

Number of Views:187
Avg rating:3.0/5.0
Slides: 22
Provided by: jlg4
Category:

less

Transcript and Presenter's Notes

Title: Electronic National Lotteries


1
Electronic National Lotteries
  • Jessica Greer

2
Agenda
  • Large-scale electronic lotteries What are they
    good for? (absolutely nothin?)
  • Requirements for electronic lottery systems
  • Lotteries vs. Casinos
  • Konstantinous protocol does it meet the
    requirements?

3
Large-scale E-Lotteries
  • Advantages over mechanical systems
  • Fast (high frequency)
  • Dynamic
  • Accessible
  • Efficient micropayment scheme

4
Requirements
  • Uniform distribution of generated numbers
  • Unpredictable by anyone (even with access to
    history, audit logs)
  • Unalterable drawing and winner declaration
  • Able to detect interference, errors (UK Lotto)
  • Standardized, certifiable

5
Requirements, contd..
  • Under regular scrutiny
  • Details publicly available
  • High availability
  • Scalability

6
Casinos vs. Lotteries
  • Schneiers solution collaboration of gamblers
    for random number generation
  • Lotteries Users selections independent of one
    another

7
Protocol Overview
Initialization Generator and verifier exchange
keys for encryption, signature
8
Protocol Overview
1. Generator draws sequence of bits from TRNG for
seeding
9
Protocol Overview
1. Generator draws sequence of bits from TRNG for
seeding
2. Generator executes bit-commitment protocol on
seed bit sequence
Seed commitment based on RSA encryption
RIPEMD-160 hashing
10
Protocol Overview
2. Generator executes bit-commitment protocol on
seed bit sequence
3. Resulting packet sent to Verifier, which signs
the commitment
Seed commitment based on RSA encryption
RIPEMD-160 hashing
11
Protocol Overview
4. Verifier sends generator a hash of file
containing the coupons
3. Resulting packet sent to Verifier, which signs
the commitment
12
Protocol Overview
4. Verifier sends generator a hash of file
containing the coupons
5. Generator concatenates seed with hash value
from Verifier
State-stamping step freezes coupons
13
Protocol Overview
6. Generator feeds first part of original
TRNG-generated bit sequence through Naor-Reingold
function
5. Generator concatenates seed with hash value
from Verifier
14
Protocol Overview
7. Resulting bit stream XORed with 2nd part of
initial seed this result is sent through several
pseudorandom number generators
6. Generator feeds first part of original
TRNG-generated bit sequence through Naor-Reingold
function
15
Protocol Overview
8. Generator opens initial random seed bits
(de-commitment). Encrypts and signs seed
numbers sends file to Verifier. Stops.
7. Resulting bit stream XORed with 2nd part of
initial seed this result is sent through several
pseudorandom number generators
16
Protocol Overview
8. Generator opens initial random seed bits
(de-commitment). Encrypts and signs seed
numbers sends file to Verifier. Stops.
9. Verifier authenticates file, decrypts it,
recovers winning numbers seed used to generate
them
17
Protocol Overview
9. Verifier authenticates file, decrypts it,
recovers winning numbers seed used to generate
them
10. Verifier checks that Generator has committed
to seed
18
Protocol Overview
10. Verifier uses seed to duplicate Generators
tasks. If results match, finalize if not,
restart with Gen2
10. Verifier checks that Generator has committed
to seed
19
Requirements
  • Uniform distribution of generated numbers
    TRNGs Naor-Reingold
  • Unpredictable by anyone (even with access to
    history) - same
  • Unalterable drawing and winner declaration
    Verifier auditing
  • Able to detect interference, errors (UK Lotto)
    Verifier auditing, audit logs
  • Standardized, certifiable - ?

20
Requirements, contd..
  • Under periodic scrutiny alert function in case
    of discrepancies
  • Details publicly available paper
  • High availability depends on hardware some
    redundancy built-in
  • Scalability - ?

21
UKs version
http//www.national-lottery.co.uk/player/p/home/ho
me.do
Write a Comment
User Comments (0)
About PowerShow.com