Jump to content

David Chaum: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
→‎Life and career: In the previous edit, I also removed visiting prof at KU Leuven which to my best knowledge is no longer current information
PulpSpy (talk | contribs)
255 edits
The contributions paragraph was seemingly controversial, being deleted, and not well-sourced. I worked on a hopefully improved and expanded section.
Line 18: Line 18:
In 1982, Chaum founded the [[International Association for Cryptologic Research]] (IACR), which currently organizes academic conferences in cryptography research.<ref name="Blanchette">Blanchette, Jean-François (2012). ''Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents''. MIT Press. ISBN 026230080X.</ref>{{rp|47}} He founded [[DigiCash]], an electronic cash company, in 1990.<ref name="Greenberg"/>{{rp|119}}
In 1982, Chaum founded the [[International Association for Cryptologic Research]] (IACR), which currently organizes academic conferences in cryptography research.<ref name="Blanchette">Blanchette, Jean-François (2012). ''Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents''. MIT Press. ISBN 026230080X.</ref>{{rp|47}} He founded [[DigiCash]], an electronic cash company, in 1990.<ref name="Greenberg"/>{{rp|119}}


== Notable Research Contributions ==
His contributions to cryptography include the invention of two anonymity networks: [[mix networks]] (the basis for virtually all modern anonymity networks) and [[Dining cryptographers protocol|DC-Nets]]; silo watching techniques; invention of several important digital signatures: [[blind signature]]s, [[undeniable signature]]s, unconditionally secure signatures, and [[group signature]]s; tamper-safing sensor systems (foreshadowing many concepts in [[Side channel attack|side-channel cryptanalysis]]); various techniques for anonymous credentials, invention of partial key techniques (a predecessor to [[Threshold cryptosystem|threshold encryption]]); first techniques for anonymous digital transactions and the invention of [[ecash]]; early [[zero-knowledge proof]] techniques; [[Secure multiparty computation|multiparty computations]]; and the invention of [[End-to-end auditable voting systems|cryptographic voting]]. He also performed notable cryptanalysis of [[DES]] and the [[RSA (algorithm)|RSA signature scheme]].


=== Digital Cash ===
==Voting systems==

Currently, Chaum heads the [[Punchscan]] and [[Scantegrity]] projects — open-source, [[End-to-end auditable voting systems|end-to-end auditable voting]] initiatives based on cryptographic principles.
Chaum is credited as the inventor of secure digital cash for his 1982 paper, which also introduced the cryptographic primitive of a [[blind signature]].<ref name="Cha82">{{cite journal |first=David |last=Chaum |title=Blind signatures for untraceable payments |journal=Advances in Cryptology Proceedings of Crypto |year=1983 |volume=82 |issue=3 |pages=199–203 |url=http://www.hit.bme.hu/~buttyan/courses/BMEVIHIM219/2009/Chaum.BlindSigForPayment.1982.PDF }}</ref> Chaum's proposal allowed users to obtain digital currency from a bank and spend it in a manner that is untraceable by the bank or any other party.<ref name="Cha85">{{cite journal | first = David | last = Chaum | authorlink = David Chaum | title = Security without identification: transaction systems to make big brother obsolete | journal = Communications of the ACM | volume = 28 | year = 1985 | month = October | issue = 10 | doi = 10.1145/4372.4373 | pages = 1030–1044}}</ref> In 1988, he extended this idea (with [[Amos Fiat]] and [[Moni Naor]]) to prevent double-spending.<ref name="CFN88">{{citation
| last1 = Chaum | first1 = D.
| last2 = Fiat | first2 = A.
| last3 = Naor | first3 = M.
| contribution = Untraceable electronic cash
| location = London, UK
| pages = 319–327
| publisher = Springer-Verlag
| series = Lecture Notes in Computer Science
| title = Proceedings on Advances in cryptology—CRYPTO '88
| volume = 403
| year = 1990}}.</ref>

1990, he founded [[DigiCash]], an electronic cash company, in Amsterdam to commercialize the ideas in his research.<ref name="Greenberg"/>{{rp|119}} The first electronic payment was sent in 1994<ref>http://w2.eff.org/Privacy/Digital_money/?f=digicash.announce.txt</ref>. In 1997, Chaum was replaced as President and CEO by Visa executive Michael Nash.<ref>http://www.thefreelibrary.com/DigiCash+Appoints+CEO,+Increases+Outside+Investment,+and+Moves...-a019351806</ref>

=== New Types of Digital Signatures ===

In the same 1982 paper that proposed digital cash, Chaum introduced [[Blind signature|blind signatures]].<ref name="Cha82"/> This form of digital signature blinds the content of a message before it is signed, so that the signer cannot determine the content. The resulting blind signature can be publicly verified against the original, unblinded message in the manner of a regular digital signature.<ref>http://www.rsa.com/rsalabs/node.asp?id=2339</ref>

In 1989, he (with Hans van Antwerpen) introduced [[Undeniable signature|undeniable signatures]].<ref name="CV89">David Chaum, Hans van Antwerpen: ''Undeniable Signatures''; Crypto'89, LNCS 435, Springer-Verlag, Berlin 1990, 212-216.</ref> This form of digital signature uses a verification process that is interactive, so that the signatory can limit who can verify the signature. Since signers may refuse to participate in the verification process, signatures are considered valid unless if a signer specifically uses a disavowal protocol to prove that a given signature was not authentic.<ref>http://www.rsa.com/rsalabs/node.asp?id=2344</ref>

In 1991, he (with Eugene van Heyst) introduced [[Group signature|group signatures]], which allow a member of a group to anonymously sign a message on behalf of the entire group.<ref name="CH91">{{cite journal | first1 = David | last1 = Chaum | first1 = Eugene | last2 = van Heyst | title=Group signatures
| work =Advances in Cryptology — EUROCRYPT ’91 | volume = 547 | series = Lecture Notes in Computer Science | year=1991 | pages=257–265
| url = https://cs.uwaterloo.ca/~bssadjad/courses/crypto/group_signature_chaum.pdf
}}</ref> However an appointed group manager holds the power to revoke the anonymity of any signer in the case of disputes.<ref>http://www.rsa.com/rsalabs/node.asp?id=2342</ref>

=== Anonymous Communication ===

In 1981, Chaum proposed the idea of an anonymous communication network in a paper.<ref name="Cha81">{{cite doi | 10.1145/358549.358563}}</ref> His proposal, called [[Mix network|mix networks]], allows a group of senders to submit an encryption of a message and its recipient to a server. Once the server has a batch of messages, it will reorder and obfuscate the messages so that only this server knows which message came from which sender. The batch is then forwarded to another server who does the same process. Eventually, the messages reach the final server where they are fully decrypted and delivered to the recipient. A mechanism to allow return messages is also proposed. Mix networks are the basis of some [[Anonymous remailer|remailers]] and are the conceptual ancestor to modern anonymous web browsing tools like [[Tor]] (based on [[Onion routing|onion routing]]).

In 1988, Chaum introduced a different type of anonymous communication system called a DC-Net, which is a solution to his proposed [[Dining cryptographers problem|Dining Cryptographers Problem]].<ref name="Cha88">{{cite journal | author=David Chaum | title=The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability | journal=Journal of Cryptology | volume=1 | issue=1 | year=1988 | pages=65–75 | doi=10.1007/BF00206326 | url=http://www.cs.cornell.edu/People/egs/herbivore/dcnets.html}}</ref> DC-Nets is the basis of the software tool Dissent.<ref>http://korz.cs.yale.edu/2010/anon/</ref>

=== Cryptographic Voting Systems ===

Chaum has made numerous contributions to secure voting systems, including the first proposal of a system that is [[End-to-end auditable voting systems|end-to-end verifiable]]. This proposal, made in 1981,<ref name="Cha81"/> was given as an application of mix networks. In this system, the individual ballots of voters were kept private which anyone could verify that the tally was counted correctly. This, and other early cryptographic voting systems, assumed that voters could reliably compute values with their personal computers. In 1991, Chaum introduced SureVote which allowed voters to cast a ballot from an untrustworthy voting system, using a process called code voting.

In 1994, Chaum introduced the first in-person voting system, where voters would cast their ballots electronically at a polling station and cryptographically verify that the DRE did not modify their vote (or even learn what it was). The following years, Chaum proposed (often with others) a series a cryptographically verifiable voting systems that use conventional paper ballots: [[Punchscan]], and [[Scantegrity]]. The city of [[Takoma Park, Maryland]] used Scantegrity for its November, 2009 election.<ref>{{Citation
| title =Pilot Study of the Scantegrity II Voting System Planned for the 2009 Takoma Park City Election
| url =http://www.takomaparkmd.gov/committees/boe/documents/flyer_workshop_I_(02-19-09).pdf
}}</ref>
This was the first time a public sector election was run using any cryptographically verifiable voting system.<ref>{{Citation
| last = Hardesty
| first = Larry
| title = Cryptographic voting debuts
| work = MIT news
| accessdate = 2009-11-30
| url = http://web.mit.edu/newsoffice/2009/rivest-voting.html
}}</ref>

=== Other Contributions ===

In 1985, Chaum proposed the original [[Digital credential|anonymous credential]] system,<ref name="Cha85"/> which is sometimes also referred to as a pseudonym system.<ref>{{cite book | first1 = Anna | last1 = Lysyanskaya | authorlink2 = Ron Rivest | first2 = Ronald L. | last2 = Rivest | first3 = Amit | last3 = Sahai | first4 = Stefan | last4 = Wolf | chapter = Pseudonym systems | title = [[Selected Areas in Cryptography]] | editor1-link = Howard Heys | editor1-first = Howard M. | editor1-last = Heys | editor2-link = Carlisle Adams | editor2-first = Carlisle M | editor2-last = Adams | series = [[Lecture Notes in Computer Science]] | volume = 1758 | publisher = Springer | year = 2000 | isbn = 978-3-540-67185-5 | doi = 10.1007/3-540-46513-8_14 | pages = 184–199}}</ref> This stems from the fact that the credentials of such a system are obtained from and shown to organizations using different pseudonyms which cannot be linked.

In 1988, [[Gilles Brassard]], [[David Chaum]], and [[Claude Crepeau]] published a paper<ref name="BCC88">Gilles Brassard, David Chaum, and Claude Crepeau, ''[http://crypto.cs.mcgill.ca/~crepeau/PDF/BCC88-jcss.pdf Minimum Disclosure Proofs of Knowledge]'', Journal of Computer and System Sciences, vol. 37, pp. 156–189, 1988.</ref> that introduced zero-knowledge arguments, as well as a security model using information-theoretic private-channels and also first formalized the concept of a [[commitment scheme]].

1991, with Torbis Pedersen, he demonstrated a well-cited zero-knowledge proof of a [[Decisional_Diffie–Hellman_assumption|DDH tuple]].<ref name="CP92">David Chaum and Torben P. Pedersen. 1992. Wallet Databases with Observers. In Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '92), Ernest F. Brickell (Ed.). Springer-Verlag, London, UK, UK, 89-105.</ref> This proof is particularly useful as it can prove proper reencryption of an Elgamel ciphertext.

Chaum contributed to an important [[commitment scheme]] which is often attributed to Pedersen. In fact, Pedersen, in his 1991 paper,<ref>{{cite doi|10.1007/3-540-46766-1_9}}</ref> cites a rump session talk on an unpublished paper by Jurjen Bos and Chaum for the scheme. It appeared even earlier in a paper by Chaum, Ivan Damgard, and Jeroen van de Graaf.<ref>{{cite doi|10.1007/3-540-48184-2_7}}</ref> The scheme is widely used as it is a very simple perfectly hiding commitment, where its bindingness is based on the hardness of the discrete logarithm problem.

In 1993 with Stefan Brands, Chaum introduced the concept of a [[distance-bounding protocol]].<ref name="BC93">Stefan Brands, David Chaum: Distance-bounding protocols (extended abstract). Proceedings Eurocrypt '93.</ref> Using round-trip delay based on the speed of light, it allows one party to establish an upper-bound on the physical distance from another in an authenticated way.


== See also ==
== See also ==

Revision as of 20:33, 13 June 2013

David Chaum
Occupation(s)inventor, cryptographer
Known forDigiCash, IACR, mixes, voting systems
Websitehttp://www.chaum.com/

David L. Chaum is the inventor of many cryptographic protocols and ecash.[1]: 65–70  His 1981 paper, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms", laid the groundwork for the field of anonymous communications research.[2]

Life and career

Chaum gained a doctorate in Computer Science and Business Administration from the University of California, Berkeley.[3] Subsequently, he taught at the New York University Graduate School of Business Administration and at the University of California.

In 1982, Chaum founded the International Association for Cryptologic Research (IACR), which currently organizes academic conferences in cryptography research.[4]: 47  He founded DigiCash, an electronic cash company, in 1990.[1]: 119 

Notable Research Contributions

Digital Cash

Chaum is credited as the inventor of secure digital cash for his 1982 paper, which also introduced the cryptographic primitive of a blind signature.[5] Chaum's proposal allowed users to obtain digital currency from a bank and spend it in a manner that is untraceable by the bank or any other party.[6] In 1988, he extended this idea (with Amos Fiat and Moni Naor) to prevent double-spending.[7]

1990, he founded DigiCash, an electronic cash company, in Amsterdam to commercialize the ideas in his research.[1]: 119  The first electronic payment was sent in 1994[8]. In 1997, Chaum was replaced as President and CEO by Visa executive Michael Nash.[9]

New Types of Digital Signatures

In the same 1982 paper that proposed digital cash, Chaum introduced blind signatures.[5] This form of digital signature blinds the content of a message before it is signed, so that the signer cannot determine the content. The resulting blind signature can be publicly verified against the original, unblinded message in the manner of a regular digital signature.[10]

In 1989, he (with Hans van Antwerpen) introduced undeniable signatures.[11] This form of digital signature uses a verification process that is interactive, so that the signatory can limit who can verify the signature. Since signers may refuse to participate in the verification process, signatures are considered valid unless if a signer specifically uses a disavowal protocol to prove that a given signature was not authentic.[12]

In 1991, he (with Eugene van Heyst) introduced group signatures, which allow a member of a group to anonymously sign a message on behalf of the entire group.[13] However an appointed group manager holds the power to revoke the anonymity of any signer in the case of disputes.[14]

Anonymous Communication

In 1981, Chaum proposed the idea of an anonymous communication network in a paper.[15] His proposal, called mix networks, allows a group of senders to submit an encryption of a message and its recipient to a server. Once the server has a batch of messages, it will reorder and obfuscate the messages so that only this server knows which message came from which sender. The batch is then forwarded to another server who does the same process. Eventually, the messages reach the final server where they are fully decrypted and delivered to the recipient. A mechanism to allow return messages is also proposed. Mix networks are the basis of some remailers and are the conceptual ancestor to modern anonymous web browsing tools like Tor (based on onion routing).

In 1988, Chaum introduced a different type of anonymous communication system called a DC-Net, which is a solution to his proposed Dining Cryptographers Problem.[16] DC-Nets is the basis of the software tool Dissent.[17]

Cryptographic Voting Systems

Chaum has made numerous contributions to secure voting systems, including the first proposal of a system that is end-to-end verifiable. This proposal, made in 1981,[15] was given as an application of mix networks. In this system, the individual ballots of voters were kept private which anyone could verify that the tally was counted correctly. This, and other early cryptographic voting systems, assumed that voters could reliably compute values with their personal computers. In 1991, Chaum introduced SureVote which allowed voters to cast a ballot from an untrustworthy voting system, using a process called code voting.

In 1994, Chaum introduced the first in-person voting system, where voters would cast their ballots electronically at a polling station and cryptographically verify that the DRE did not modify their vote (or even learn what it was). The following years, Chaum proposed (often with others) a series a cryptographically verifiable voting systems that use conventional paper ballots: Punchscan, and Scantegrity. The city of Takoma Park, Maryland used Scantegrity for its November, 2009 election.[18] This was the first time a public sector election was run using any cryptographically verifiable voting system.[19]

Other Contributions

In 1985, Chaum proposed the original anonymous credential system,[6] which is sometimes also referred to as a pseudonym system.[20] This stems from the fact that the credentials of such a system are obtained from and shown to organizations using different pseudonyms which cannot be linked.

In 1988, Gilles Brassard, David Chaum, and Claude Crepeau published a paper[21] that introduced zero-knowledge arguments, as well as a security model using information-theoretic private-channels and also first formalized the concept of a commitment scheme.

1991, with Torbis Pedersen, he demonstrated a well-cited zero-knowledge proof of a DDH tuple.[22] This proof is particularly useful as it can prove proper reencryption of an Elgamel ciphertext.

Chaum contributed to an important commitment scheme which is often attributed to Pedersen. In fact, Pedersen, in his 1991 paper,[23] cites a rump session talk on an unpublished paper by Jurjen Bos and Chaum for the scheme. It appeared even earlier in a paper by Chaum, Ivan Damgard, and Jeroen van de Graaf.[24] The scheme is widely used as it is a very simple perfectly hiding commitment, where its bindingness is based on the hardness of the discrete logarithm problem.

In 1993 with Stefan Brands, Chaum introduced the concept of a distance-bounding protocol.[25] Using round-trip delay based on the speed of light, it allows one party to establish an upper-bound on the physical distance from another in an authenticated way.

See also

References

  1. ^ a b c Greenberg, Andy (2012). This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World's Information. Dutton Adult. ISBN 0525953205.
  2. ^ Danezis, George; Diaz, Claudia (January 2008) "Survey of Anonymous Communication Channels". Technical Report MSR-TR-2008-35. Microsoft Research; For the paper, see Chaum, David. (February, 1981). "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms". Communications of the ACM. 24(2): 84-90. doi:10.1145/358549.358563
  3. ^ Pitta, Julie (November 1, 1999). "Requiem for a Bright Idea". Forbes.
  4. ^ Blanchette, Jean-François (2012). Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents. MIT Press. ISBN 026230080X.
  5. ^ a b Chaum, David (1983). "Blind signatures for untraceable payments" (PDF). Advances in Cryptology Proceedings of Crypto. 82 (3): 199–203.
  6. ^ a b Chaum, David (1985). "Security without identification: transaction systems to make big brother obsolete". Communications of the ACM. 28 (10): 1030–1044. doi:10.1145/4372.4373. {{cite journal}}: Unknown parameter |month= ignored (help)
  7. ^ Chaum, D.; Fiat, A.; Naor, M. (1990), "Untraceable electronic cash", Proceedings on Advances in cryptology—CRYPTO '88, Lecture Notes in Computer Science, vol. 403, London, UK: Springer-Verlag, pp. 319–327.
  8. ^ http://w2.eff.org/Privacy/Digital_money/?f=digicash.announce.txt
  9. ^ http://www.thefreelibrary.com/DigiCash+Appoints+CEO,+Increases+Outside+Investment,+and+Moves...-a019351806
  10. ^ http://www.rsa.com/rsalabs/node.asp?id=2339
  11. ^ David Chaum, Hans van Antwerpen: Undeniable Signatures; Crypto'89, LNCS 435, Springer-Verlag, Berlin 1990, 212-216.
  12. ^ http://www.rsa.com/rsalabs/node.asp?id=2344
  13. ^ Chaum, Eugene; van Heyst (1991). "Group signatures" (PDF). Advances in Cryptology — EUROCRYPT ’91. Lecture Notes in Computer Science. 547: 257–265.
  14. ^ http://www.rsa.com/rsalabs/node.asp?id=2342
  15. ^ a b Attention: This template ({{cite doi}}) is deprecated. To cite the publication identified by doi: 10.1145/358549.358563, please use {{cite journal}} (if it was published in a bona fide academic journal, otherwise {{cite report}} with |doi= 10.1145/358549.358563 instead.
  16. ^ David Chaum (1988). "The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability". Journal of Cryptology. 1 (1): 65–75. doi:10.1007/BF00206326.
  17. ^ http://korz.cs.yale.edu/2010/anon/
  18. ^ Pilot Study of the Scantegrity II Voting System Planned for the 2009 Takoma Park City Election (PDF)
  19. ^ Hardesty, Larry, "Cryptographic voting debuts", MIT news, retrieved 2009-11-30
  20. ^ Lysyanskaya, Anna; Rivest, Ronald L.; Sahai, Amit; Wolf, Stefan (2000). "Pseudonym systems". In Heys, Howard M.; Adams, Carlisle M (eds.). Selected Areas in Cryptography. Lecture Notes in Computer Science. Vol. 1758. Springer. pp. 184–199. doi:10.1007/3-540-46513-8_14. ISBN 978-3-540-67185-5.
  21. ^ Gilles Brassard, David Chaum, and Claude Crepeau, Minimum Disclosure Proofs of Knowledge, Journal of Computer and System Sciences, vol. 37, pp. 156–189, 1988.
  22. ^ David Chaum and Torben P. Pedersen. 1992. Wallet Databases with Observers. In Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '92), Ernest F. Brickell (Ed.). Springer-Verlag, London, UK, UK, 89-105.
  23. ^ Attention: This template ({{cite doi}}) is deprecated. To cite the publication identified by doi:10.1007/3-540-46766-1_9, please use {{cite journal}} (if it was published in a bona fide academic journal, otherwise {{cite report}} with |doi=10.1007/3-540-46766-1_9 instead.
  24. ^ Attention: This template ({{cite doi}}) is deprecated. To cite the publication identified by doi:10.1007/3-540-48184-2_7, please use {{cite journal}} (if it was published in a bona fide academic journal, otherwise {{cite report}} with |doi=10.1007/3-540-48184-2_7 instead.
  25. ^ Stefan Brands, David Chaum: Distance-bounding protocols (extended abstract). Proceedings Eurocrypt '93.

Further reading

  • "David Chaum: On Electronic Commerce: How Much Do You Trust Big Brother?" (Interview). IEEE Internet Computing 1(6): 8-16 Nov.-Dec. 1997 doi:10.1109/MIC.1997.643931

External links

Template:Persondata

Retrieved from "https://en.wikipedia.org/w/index.php?title=David_Chaum&oldid=559775957"