PRIVACY in electronic voting

Similar documents
On Some Incompatible Properties of Voting Schemes

Int. J. of Security and Networks, Vol. x, No. x, 201X 1, Vol. x, No. x, 201X 1

Privacy of E-Voting (Internet Voting) Erman Ayday

Electronic Voting: An Electronic Voting Scheme using the Secure Payment card System Voke Augoye. Technical Report RHUL MA May 2013

PRIVACY PRESERVING IN ELECTRONIC VOTING

Design and Prototype of a Coercion-Resistant, Voter Verifiable Electronic Voting System

CHAPTER 2 LITERATURE REVIEW

RECEIPT-FREE UNIVERSALLY-VERIFIABLE VOTING WITH EVERLASTING PRIVACY

Towards a Practical, Secure, and Very Large Scale Online Election

Receipt-Free Electronic Voting Scheme with a Tamper-Resistant Randomizer

Secure Voter Registration and Eligibility Checking for Nigerian Elections

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

A homomorphic encryption-based secure electronic voting scheme

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Coercion-Resistant Hybrid Voting Systems 1

Remote Internet voting: developing a secure and efficient frontend

DESIGN AND ANALYSIS OF SECURED ELECTRONIC VOTING PROTOCOL

Split-Ballot Voting: Everlasting Privacy With Distributed Trust

An untraceable, universally verifiable voting scheme

A Receipt-free Multi-Authority E-Voting System

Addressing the Challenges of e-voting Through Crypto Design

REVS A ROBUST ELECTRONIC VOTING SYSTEM

Privacy in evoting (joint work with Erik de Vink and Sjouke Mauw)

SECURE e-voting The Current Landscape

Mitigating Coercion, Maximizing Confidence in Postal Elections

Survey on Remote Electronic Voting

Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV

Voting Protocol. Bekir Arslan November 15, 2008

arxiv: v3 [cs.cr] 3 Nov 2018

Prêt à Voter: a Voter-Verifiable Voting System Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, and Zhe Xia

Mental Voting Booths

A Robust Electronic Voting Scheme Against Side Channel Attack

Security Analysis on an Elementary E-Voting System

Formal Verification of Selene with the Tamarin prover

A Secure and Anonymous Voter-Controlled Election Scheme

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

Receipt-Free Homomorphic Elections and Write-in Voter Verified Ballots

Pretty Good Democracy for more expressive voting schemes

Receipt-Free Homomorphic Elections and Write-in Ballots

How to challenge and cast your e-vote

An Object-Oriented Framework for Digital Voting

Swiss E-Voting Workshop 2010

An Overview on Cryptographic Voting Systems

Trivitas: Voters directly verifying votes

Selene: Voting with Transparent Verifiability and Coercion-Mitigation

Ad Hoc Voting on Mobile Devices

Human readable paper verification of Prêt à Voter

Paper-based electronic voting

A Linked-List Approach to Cryptographically Secure Elections Using Instant Runoff Voting

Coercion Resistant End-to-end Voting

Survey of Fully Verifiable Voting Cryptoschemes

Johns Hopkins University Security Privacy Applied Research Lab

Accessible Voter-Verifiability

An Introduction to Cryptographic Voting Systems

A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION

Voting with Unconditional Privacy by Merging Prêt-à-Voter and PunchScan

A Secure Paper-Based Electronic Voting With No Encryption

The Effectiveness of Receipt-Based Attacks on ThreeBallot

Cryptographic Voting Protocols: Taking Elections out of the Black Box

A Verifiable Voting Protocol based on Farnel

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

Electronic voting systems for defending free will and resisting bribery and coercion based on ring anonymous signcryption scheme

Cobra: Toward Concurrent Ballot Authorization for Internet Voting

A Design of Secure Preferential E-Voting

Using Prêt à Voter in Victorian State Elections. EVT August 2012

SMART VOTING. Bhuvanapriya.R#1, Rozil banu.s#2, Sivapriya.P#3 Kalaiselvi.V.K.G# /17/$31.00 c 2017 IEEE ABSTRACT:

The USENIX Journal of Election Technology and Systems. Volume 2, Number 3 July 2014

A vvote: a Verifiable Voting System

福井大学審査 学位論文 博士 ( 工学 )

CRYPTOGRAPHIC PROTOCOLS FOR TRANSPARENCY AND AUDITABILITY IN REMOTE ELECTRONIC VOTING SCHEMES

Security of Voting Systems

Selections: Internet Voting with Over-the-Shoulder Coercion-Resistance

Individual Verifiability in Electronic Voting

Josh Benaloh. Senior Cryptographer Microsoft Research

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

The usage of electronic voting is spreading because of the potential benefits of anonymity,

Keywords: e-democracy, Internet Voting, Remote Electronic Voting, Standarization.

Secure Electronic Voting

Every Vote Counts: Ensuring Integrity in Large-Scale DRE-based Electronic Voting

An Application of time stamped proxy blind signature in e-voting

Secure and Reliable Electronic Voting. Dimitris Gritzalis


Feng Hao and Peter Y A Ryan (Eds.) Real-World Electronic Voting: Design, Analysis and Deployment

E-Voting Systems Security Issues

Brittle and Resilient Verifiable Voting Systems

TECHNICAL REPORT SERIES. No. CS-TR-1071 February, Human readable paper verification of Pret a Voter. David Lundin and Peter Y. A. Ryan.

Selectio Helvetica: A Verifiable Internet Voting System

Secured Electronic Voting Protocol Using Biometric Authentication

Blind Signatures in Electronic Voting Systems

Netvote: A Blockchain Voting Protocol

SoK: Verifiability Notions for E-Voting Protocols

COMPUTING SCIENCE. University of Newcastle upon Tyne. Pret a Voter with a Human-Readable, Paper Audit Trail. P. Y. A. Ryan. TECHNICAL REPORT SERIES

A Verifiable E-voting Scheme with Secret Sharing

Arthur M. Keller, Ph.D. David Mertz, Ph.D.

Estonian National Electoral Committee. E-Voting System. General Overview

TokenVote: Secured Electronic Voting System in the Cloud

THE PEOPLE S CHOICE. Abstract. system. Team: FireDragon. Team Members: Shoufu Luo*, Jeremy D. Seideman*, Gary Tsai

E- Voting System [2016]

Large scale elections by coordinating electoral colleges

Transcription:

PRIVACY in electronic voting Michael Clarkson Cornell University Workshop on Foundations of Security and Privacy July 15, 2010

Secret Ballot

Florida 2000: Bush v. Gore

Flawless

Security FAIL

Analysis of an electronic voting system. [Kohno et al. 2003, 2004] DRE trusts smartcards Hardcoded keys and initialization vectors Weak message integrity Cryptographically insecure random number generator...

California top-to-bottom reviews [Bishop, Wagner, et al. 2007] Virtually every important software security mechanism is vulnerable to circumvention. An attacker could subvert a single polling place device...then reprogram every polling place device in the county. We could not find a single instance of correctly used cryptography that successfully accomplished the security purposes for which it was apparently intended.

Why is this so hard?

PRIVACY INTEGRITY

Cryptography

Cryptography Can cryptography be defended? Low-tech crypto?

Simple Voting Protocol 1. V BB: sign(enc(vote); kv) 2. Talliers: check signatures 3. Talliers: decrypt votes, tally

Simple Voting Protocol 1. V BB: sign(enc(vote); kv) 2. Talliers: check signatures 3. Talliers: decrypt votes, tally How to build secure, scalable BB?

PRIVACY via cryptography Blind signatures Mix networks Homomorphic encryption

PRIVACY via cryptography Blind signatures Mix networks Homomorphic encryption Why these three? What others?

When is Vote Anonymized? Before submission After submission

Blind Signatures [Chaum 1983]

unblind( sign(blind(m); k) ) = sign(m; k)

V BB: sign(enc(vote); kv)

V BB: sign(enc(vote); ka)

Simple Blind Signature Election Protocol 1. V Auth: V, sign(blind(enc(vote)); kv)

Simple Blind Signature Election Protocol 1. V Auth: V, sign(blind(enc(vote)); kv) 2. Auth V: sign(blind(enc(vote)); ka)

Simple Blind Signature Election Protocol 1. V Auth: V, sign(blind(enc(vote)); kv) 2. Auth V: sign(blind(enc(vote)); ka) 3. V BB [anon.]: sign(enc(vote); ka)

Simple Blind Signature Election Protocol 1. V Auth: V, sign(blind(enc(vote)); kv) 2. Auth V: sign(blind(enc(vote)); ka) 3. V BB [anon.]: sign(enc(vote); ka) 4. Talliers: check signatures, decrypt votes, tally

Blind Signature Voting Protocols Chaum 1983, Fujioka et al. 1992, Sako 1994, Okamoto 1996, 1997, Cranor & Cytron 1997, Herschberg 1997, DuRette 1999, Ohkubo et al. 1999, Joaquim et al. 2003, Lebre et al. 2004, Shubina & Smith 2004,... How to achieve high integrity?

When is Vote Anonymized? Before submission After submission Before tallying

Mix Networks [Chaum 1981]

101010 101010 101010

Decryption Mix enc( enc( enc( m ; K3 ) ; K2 ) ; K1)

Reencryption Mix enc(m; K) reenc(m; K) reenc(m; K) [Park et al. 1994]

Simple Mix Network Election Protocol 1. V BB: sign(enc(vote); kv) 2. Talliers: check signatures 3. Mixers: remove signatures, mix votes 4. Talliers: decrypt votes, tally

Mix Network Election Protocols Chaum 1981, Furukawa & Sako 1991, Park et al. 1993, Sako & Killian 1995, Ogata et al. 1997, Jakobsson 1998, Abe 1999, Neff 2001, Golle 2002, Jakobsson et al. 2002, Lee et al. 2003, Aditya et al. 2004, Juels et al. 2005, Chaum et al. 2005, Benaloh 2006, Popoveniuc & Hosp 2006, Ryan & Schneider 2006, Chaum et al. 2008,...

When is Vote Anonymized? Before submission After submission Before tallying During tallying

Homomorphic Encryption (f,f ) G G H H G G H H f [Rivest, Adleman, Dertouzos 1978] Fully homomorphic?

enc(v) enc(v ) = enc(v+v )

Simple Homomorphic Encryption Election Protocol 1. V BB: sign(enc(vote); kv) 2. Talliers: a. check signatures b. compute T = i enc(votei), which is enc( i votei) c. compute dec(t)

Homomorphic Encryption Election Protocols Cohen (Benaloh) & Fisher 1985, Cohen (Benaloh) & Yung 1986, Benaloh 1987, Benaloh & Tuinstra 1994, Sako & Killian 1994, Cramer et al. 1996, Cramer et al. 1997, Hirt & Sako 2000, Baudron et al. 2001, Kiayias 2006, Sandler 2007, Adida 2008,...

Formal Definitions of PRIVACY Integrity?

PRIVACY Vote privacy Receipt freeness Coercion resistance

Vote Privacy Nothing about map from voters to votes revealed (assuming everyone is honest)

Y Y Y Y N NN Vote Privacy

Vote Privacy Y Y Y Y N NN N N N Y Y Y Y

Vote Privacy V(x) V(y)

Vote Privacy V(y), V(x) V(y), V(x)

Vote Privacy Formal Definitions Computational: Cohen (Benaloh) & Fisher 1985 Symbolic: Delaune, Kremer & Ryan 2006

Receipt Freeness Voters do not obtain information (a receipt) that proves how they voted.

Receipt Freeness V(x) x Adv

Receipt Freeness V(x) V(y) x Adv x Adv

Receipt Freeness V(x) x Adv V(y) x Adv

Receipt Freeness V(y), V(x) V(y), V(x) x Adv x Adv

Receipt Freeness Requirements Private/untappable channel from authorities to voter [Benaloh 1994, Sako & Killian 1995] Trusted voter hardware [Lee et al. 2004] What is minimal requirement?

Receipt Freeness Formal Definitions Computational: Benaloh & Tuinstra 1994 (there called uncoercible), Okamoto 1997 Symbolic: Delaune, Kremer & Ryan 2006, Jonker & de Vink 2006, Backes et al. 2008 Logical: Jonker & Pieters 2006

Receipt Freeness Fails to defend against: Randomization attacks Forced abstention attacks Simulation attacks [Schoenmakers 2000, Juels et al. 2005]

Coercion Resistance Voters cannot prove how they voted, even by fully cooperating with the adversary.

Coercion Resistance V(x) x Adv

Coercion Resistance V(x) V(y) x Adv x Adv

Coercion Resistance V(x) x Adv V(y) x Adv

Coercion Resistance V(y), V(x) V(y), V(x) x Adv x Adv

Coercion Resistance Formal Definitions Computational: Juels et al. 2005, Moran & Naor 2006 (there called receipt freeness) Symbolic: Delaune, Kremer & Ryan 2006, Backes et al. 2008

Coercion resistance Receipt freeness Vote privacy [Delaune, Kremer & Ryan 2006]

Civitas Secure Remote Voting [Clarkson, Chong & Myers 2008] based on [Juels, Catalano & Jakobsson 2005]

JCJ (Recall Mix Network Protocol) 1. V BB: sign(enc(vote); kv) 2. Talliers: check signatures 3. Mixers: remove signatures, mix votes 4. Talliers: decrypt votes, tally

JCJ Voter Credentials Registrar V: cred Registrar BB: enc(cred) [electoral roll] V BB: enc(cred), enc(vote)

JCJ Voter Credentials Registrar V: cred Registrar BB: enc(cred) V BB: enc(cred), enc(vote) [electoral roll]

JCJ Voter Credentials Registrar V [untap.]: cred, zkpf1 Registrar BB: enc(cred) [electoral roll] V BB [anon.]: enc(cred), enc(vote), zkpf2

JCJ Tallying Protocol Talliers:

JCJ Tallying Protocol Talliers: 1. Retrieve votes from BB, check proofs

JCJ Tallying Protocol Talliers: 1. Retrieve votes from BB, check proofs 2. Eliminate unauthorized credentials (requires mixes, zkpfs)

JCJ Tallying Protocol Talliers: 1. Retrieve votes from BB, check proofs 2. Eliminate unauthorized credentials (requires mixes, zkpfs) 3. Decrypt votes, tally

JCJ Removing Unauthorized Credentials enc(cred) enc(cred), enc(vote) PETs Electoral roll, mixed Submitted votes, mixed

JCJ Credentials Verifiable Unsalable Anonymous Unforgeable

JCJ Credentials Coercion resistant: voters use fake (unauthorized) credentials to comply with coercer

Civitas Architecture registration teller teller teller tabulation teller voter client ballot box ballot box ballot box tabulation teller tabulation teller bulletin board

Civitas JCJ: single trusted registrar Civitas: distributed trust...improved privacy and integrity registration teller teller teller Architecture tabulation teller voter client ballot box ballot box ballot box tabulation teller tabulation teller bulletin board

Civitas JCJ: single trusted registrar Civitas: distributed trust...improved privacy and integrity Architecture registration teller teller teller JCJ: no ballot boxes Civitas: distributed storage...improved availability tabulation teller voter client ballot box ballot box ballot box tabulation teller tabulation teller bulletin board

JCJ: single trusted registrar Civitas: distributed trust...improved privacy and integrity Civitas Architecture JCJ: O(V 2 ) Civitas: O(B 2 ), B V...improved scalability registration teller teller teller JCJ: no ballot boxes Civitas: distributed storage...improved availability tabulation teller voter client ballot box ballot box ballot box tabulation teller tabulation teller bulletin board

JCJ: single trusted registrar Civitas: distributed trust...improved privacy and integrity Civitas Architecture JCJ: O(V 2 ) Civitas: O(B 2 ), B V...improved scalability registration teller teller teller JCJ: no ballot boxes Civitas: distributed storage...improved availability tabulation teller voter client ballot box ballot box ballot box tabulation teller tabulation teller bulletin board Civitas: concrete implementation, 21K LoC

Civitas Security: Coercion resistance & universal verifiability Distributed trust Assurance: Security proofs & security-typed implementation Also: Ranked voting

Civitas High integrity voter client? Eliminate untappable channel in registration? Credential management? Application-level DoS?

www.cs.cornell.edu/projects/civitas or google civitas voting

PRIVACY in electronic voting History Cryptographic techniques Formal definitions Civitas

PRIVACY in electronic voting Michael Clarkson Cornell University Workshop on Foundations of Security and Privacy July 15, 2010

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback