CRYPTOGRAPHIC PROTOCOLS FOR TRANSPARENCY AND AUDITABILITY IN REMOTE ELECTRONIC VOTING SCHEMES

Similar documents
Swiss E-Voting Workshop 2010

Scytl. Enhancing Governance through ICT solutions World Bank, Washington, DC - September 2011

Addressing the Challenges of e-voting Through Crypto Design

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Union Elections. Online Voting. for Credit. Helping increase voter turnout & provide accessible, efficient and secure election processes.

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

Privacy of E-Voting (Internet Voting) Erman Ayday

Estonian National Electoral Committee. E-Voting System. General Overview

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

Individual Verifiability in Electronic Voting

Secure Electronic Voting

Scytl Secure Electronic Voting

The usage of electronic voting is spreading because of the potential benefits of anonymity,

Electronic Voting: An Electronic Voting Scheme using the Secure Payment card System Voke Augoye. Technical Report RHUL MA May 2013

CHAPTER 2 LITERATURE REVIEW

Uncovering the veil on Geneva s internet voting solution

Ballot Reconciliation Procedure Guide

Voting Protocol. Bekir Arslan November 15, 2008

L9. Electronic Voting

Int. J. of Security and Networks, Vol. x, No. x, 201X 1, Vol. x, No. x, 201X 1

Brittle and Resilient Verifiable Voting Systems

Citizen engagement and compliance with the legal, technical and operational measures in ivoting

An untraceable, universally verifiable voting scheme

SECURE REMOTE VOTER REGISTRATION

Key Considerations for Implementing Bodies and Oversight Actors

Netvote: A Blockchain Voting Protocol

Secure Voter Registration and Eligibility Checking for Nigerian Elections

Blind Signatures in Electronic Voting Systems

PRIVACY PRESERVING IN ELECTRONIC VOTING

An Introduction to Cryptographic Voting Systems

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

Response to questions from the Speakers Commission on Digital Democracy regarding electronic voting

Paper-based electronic voting

Additional Case study UK electoral system

Internet Voting the Estonian Experience

Statement on Security & Auditability

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

E- Voting System [2016]

Ad Hoc Voting on Mobile Devices

Key Considerations for Oversight Actors

A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

Internet Voting: Experiences From Five Elections in Estonia

Electronic Voting Systems

An Application of time stamped proxy blind signature in e-voting

Towards Trustworthy e-voting using Paper Receipts

E-voting at Expatriates MPs Elections in France

Cryptographic Voting Protocols: Taking Elections out of the Black Box

Declaration of Certification Practices Certificates of the General Council of Notaries

An Overview on Cryptographic Voting Systems

OCSE Vienna 17/ Open Source Remote Electronic Voting in Norway

Secure and Reliable Electronic Voting. Dimitris Gritzalis

A Verifiable Voting Protocol based on Farnel

Between Law and Technology: Internet Voting, Secret Suffrage and the European Electoral Heritage

Johns Hopkins University Security Privacy Applied Research Lab

L14. Electronic Voting

Should We Vote Online? Martyn Thomas CBE FREng Livery Company Professor of Information Technology Gresham College

Prêt à Voter: a Voter-Verifiable Voting System Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, and Zhe Xia

Formal Verification of Selene with the Tamarin prover

Designing issues and requirement to develop online e- voting system systems having a voter verifiable audit trail.

E-Voting, a technical perspective

A matinee of cryptographic topics

Secretary of State Chapter STATE OF ALABAMA OFFICE OF THE SECRETARY OF STATE ADMINISTRATIVE CODE

Distributed Protocols at the Rescue for Trustworthy Online Voting

福井大学審査 学位論文 博士 ( 工学 )

Every Vote Counts: Ensuring Integrity in Large-Scale DRE-based Electronic Voting

On Some Incompatible Properties of Voting Schemes

Design and Prototype of a Coercion-Resistant, Voter Verifiable Electronic Voting System

A homomorphic encryption-based secure electronic voting scheme

An Object-Oriented Framework for Digital Voting

Agora. Bringing our voting systems into the 21st century. Whitepaper Version 0.2

Human readable paper verification of Prêt à Voter

Survey of Fully Verifiable Voting Cryptoschemes

PRIVACY in electronic voting

Electronic Voting. Mohammed Awad. Ernst L. Leiss

Large scale elections by coordinating electoral colleges

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

How to challenge and cast your e-vote

Punchscan: Introduction and System Definition of a High-Integrity Election System

Selectio Helvetica: A Verifiable Internet Voting System

vvote: a Verifiable Voting System

Electronic Voting in Belgium Past, Today and Future

Nevada Republican Party

Protocol to Check Correctness of Colorado s Risk-Limiting Tabulation Audit

Remote Internet voting: developing a secure and efficient frontend

The Economist Case Study: Blockchain-based Digital Voting System. Team UALR. Connor Young, Yanyan Li, and Hector Fernandez

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

Case Study. MegaMatcher Accelerator

Prêt à Voter with Confirmation Codes

Receipt-Free Homomorphic Elections and Write-in Voter Verified Ballots

Colorado Secretary of State Election Rules [8 CCR ]

Towards Secure Quadratic Voting

Information Technology (Amendment) Act, 2008

DESIGN AND ANALYSIS OF SECURED ELECTRONIC VOTING PROTOCOL

City of Greater Sudbury 2018 Municipal and School Board Election Voting and Vote Counting Procedures

Design of Distributed Voting Systems

Trustwave Subscriber Agreement for Digital Certificates Ver. 15FEB17

Increasing the Trustworthiness of e-voting Systems Using Smart Cards and Digital Certificates Kosovo Case

City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

Privacy Issues in an Electronic Voting Machine

Transcription:

Scytl s Presentation CRYPTOGRAPHIC PROTOCOLS FOR TRANSPARENCY AND AUDITABILITY IN REMOTE ELECTRONIC VOTING SCHEMES Spain Cryptography Days (SCD 2011) Department of Mathematics Seminar Sandra Guasch Researcher Sandra.Guasch@scytl.com

Index About Scytl Introduction to Electronic Voting Security in Electronic Voting Auditability in e-voting Types of verifiability Verifiability methods for e-voting 2.

About Scytl Background Worldwide leader in the research, development and implementation of highly secure solutions for electoral modernization. Founded as a spin-off from a leading University research group, author of the first two European PhD theses on security applied to electronic voting. Patented core technology based on groundbreaking cryptographic protocols developed over 16 years of research, ensuring a transparent electoral process. Clear reference in the e-electoral market, having advised international institutions and governmental agencies and participated in breakthrough projects and studies. Scytl has provided its secure electronic voting technology to 14 out of 16 countries that carry out binding elections using remote electronic voting. Efficient and reliable processes certified ISO 9001-2000 3.

About Scytl International Awards Scytl has received multiple international awards, including: ICT Prize, granted by the European Commission. European Venture Contest Award, granted by the European Association of Venture Capital. Best Case Label, granted by the European Commission. Leader de l ITech-Economie, granted by the French Chambers of Commerce. Global Innovator Award, granted by The Guidewire Group. Red Herring 100, granted Red Herring Magazine. Premi Ciutat de Barcelona, granted by the City of Barcelona. ebiz egovernment award, granted by the Austrian chancellery. 4.

About Scytl Worldwide Offices Headquarters Barcelona (Spain) Regional Offices Toronto (Canada) Washington, D.C. (USA) Bratislava (Slovakia) Athens (Greece) New Delhi (India) Singapore (Singapore) 5.

About Scytl Worldwide References References Worldwide Province of Ontario (Canada) State of New York (USA) State of Alabama (USA) US Dep. of Defense (USA) DC Board of Elections (USA) State of Florida (USA) Parliament of Nuevo Leon (Mexico) Peruvian Office of Elections (Peru) Government of Mendoza (Argentina) Ministry of Justice (UK) City of Madrid (Spain) Spanish National Police (Spain) Catalan Universities (Catalonia) Catalan Government (Catalonia) Parliament of Catalonia (Catalonia) Catalan Force Police (Catalonia) Ministry of Higher Education (France) Ministry of Foreign Affairs (France) Ministry of Science and Research (Austria) Canton of Neuchatel (Sw itzerland) Ministry of Justice (Finland) Tradenomiliitto (Finland) Ministry of Local Government (Norw ay) BiH Central Election Commission (Bosnia and Hercegovina) European Union African Union Commission (Ethiopia) State of Gujarat (India) Commission on Elections (Philippines) Victorian Electoral Commission (Asutralia)

Index About Scytl Introduction to Electronic Voting Security in Electronic Voting Auditability in e-voting Types of verifiability Verifiability methods for e-voting 7.

Electronic Voting Types Implements the traditional voting process by electronic means: the voter intent is captured and stored electronically Types of e-voting: Poll-site: Votes are cast only from polling stations Voter identification follows current traditional methods The proper use of computing technology could enable voters to use the polling station of their choice, in real time Remote: Remote electronic voting is a particular case of electronic voting in which digital votes are sent through a communication network from the voter s location to a remote digital urn Analogous with postal voting Two types of remote electronic voting: Kiosk-based: voting from supervised locations Pyjama voting : voting anywhere, even from home 8.

Electronic Voting Change of voting paradigm Conventional direct voting relationship Voter Tangible physical elements Electoral board Technological infrastructure System developers and system administrators Indirect e-voting relationship Electronic voting creates a new indirect voting relationship that brings new security risks that reduce the trustworthiness of the electoral process. 9.

Electronic Voting Security Risks Four main sources of security risks emerge due to the technical infrastructure interposed between the voter and the electoral board: The digital (virtual) nature of the ballots Ballots may be added, deleted or otherwise manipulated Voters privacy may be compromised on a large scale The complexity of the systems used Electronic equipment may malfunction Software may contain programming errors The lack of transparency of the systems used The technical infrastructure is not easily audited The introduction of people with privileges on the systems used New players enter the scene These risks can be mitigated using adequate cryptographic voting protocols 10.

Any e-voting application must fulfill the following security requirements: Electronic Voting Security Requirements Guarantee voters privacy while ensuring their proper identification Voters should be strongly authenticated Only eligible voters are able to vote Privacy of voters must be preserved Protect the digital ballot box to ensure The secrecy of intermediate results The integrity of the ballots cast The impossibility of adding bogus ballots Enable verifiability, while preventing coercion and vote-buying 11. one concern with Internet voting is that the voter has absolutely no control over the vote cast once it leaves his own computer system, and he cannot check whether it has been subverted on the way to the count ODPM meeting with Dr. Rebecca Mercuri 17th October 2002

Index About Scytl Introduction to Electronic Voting Security in Electronic Voting Auditability in e-voting Types of verifiability Verifiability methods for e-voting 12.

Antivirus Software Firewall Antivirus Software Electronic voting with standard security Application Application Transport SSL Transport Network Link-Level Encryption Network Client Platform Communication Network Server Platform Conventional digital security measures are completely generic, not addressing an application s specific needs. 13.

Electronic voting with standard security Ballot Box Servers Voters Client Interface Voting App. Tallying App. Results System Administrator Election Authority Standard security measures fail to cover the specific security needs of an electronic voting platform. 14.

Voter privacy compromise Privileged actors can see the votes in the servers Inaccurate auditability Logs and information can be easy to manipulate Vote tampering Votes can be manipulated (no digital signature) Vote deletion Votes can be easily eliminated (no verifiability) Voter coercion and vote buying Privileged actors can check the vote contents in the ballot box Unauthorized voters casting votes There is no strong authentication (digital certificates) Voter impersonation / Ballot stuffing Authenticity /integrity of votes is not protected Intermediate results Electronic voting with standard security Fulfillment of Security Requirements Votes can be counted by privileged actors in the servers (no encryption) 15.

Electronic voting with end-to-end security Voting Client Counting Service Voter Secure Direct Dialogue Electoral Board The main objective of a secure architecture is to allow a secure direct dialog between voter and Electoral Board, protecting them from attacks comming from the IT infrastructe between them. 16.

Antivirus Software Electronic voting with end-to-end security Firewall Antivirus Software End-to-end Cryptographic Protocol Application Application Transport SSL Transport Network Link-Level Encryption Network Client Platform Communication Network Server Platform Scytl s application-level cryptography addresses the specific security requirements of e-voting. 17.

Electronic voting with end-to-end security Voters Voting Servers Electoral Board Client Interface Voting Service Counting Service Results Votes are encrypted using the Electoral Board private key. Only Electoral Board can decrypt the votes. Encrypted votes are digitally signed using voters private key. Votes cannot be manipulated or re-used after being cast. 18.

Electronic Voting Fulfillment of Security Requirements Electronic voting with standard security Electronic voting with end-to-end security Vote authenticity Strong authentication of voters Voters privacy Accuracy of election results Secrecy of intermediate results Verifiability Prevention of coercion and vote-selling Vote authenticity Strong authentication of voters Voters privacy! Accuracy of election results! Secrecy of intermediate results Verifiability Prevention of coercion and vote-selling Some advanced cryptographic protocols are used to protect voter privacy, such as: Pollsterless Two-agencies model Mixnets Homomorphic tally Accuracy has to do with verifiability. 19.

Advanced cryptographic mechanisms for Homomorphic tally (1/5) Voter privacy Votes are encrypted by voters using a cryptographic algorithm with homomorphic properties (e.g., ElGamal). Votes are digitally signed by voters before being cast. Encrypted votes are operated. The result of this operation is then decrypted, instead of the individual votes. The decryption result is the operation (homomorphic properties) of the plaintext votes. For instance, the number of the times each voting option has been selected. Encrypted votes Aggregation Encrypted aggregation Decryption Results PUBLISHED 20.

Advanced cryptographic mechanisms for Voter privacy Homomorphic tally (2/5) In homomorphic encryption algorithms the result of operating two encrypted messages is the encryption of the result of operating these messages: P(m 1 ) Ø P(m 2 ) = P(m 1 o m 2 ) In the case of ElGamal the addition of two encrypted votes yields an encryption of the sum of the votes: E(v 1 ) E(v 2 ) = E(v 1 + v 2 ) In homomorphic tally, the addition of the encrypted votes returns the encryption of the sum of the votes of each candidate (i.e., the encryption of the result). 21.

Advanced cryptographic mechanisms for Voter privacy Homomorphic tally (3/5) Using ElGamal as the encryption algorithm, we have the following components: g generator of Z p * private key: x public key: (h, g, p) message: m p large prime p=2q+1 x random number in Z p h = g x mod p Encryption: c = (a, b) = (m h w, g w ), where w is a random number in Z p Decryption: m = a b -x = m h w / (g w ) x = m h w / h w 22.

Advanced cryptographic mechanisms for Voter privacy Homomorphic tally (4/5) Each voting option has a binary value v equal to 1 if the option has been selected or0 if it hasn t. Encrypted vote: c = (λ v h w, g w ) v={1,0} If two votes c and c encrypted with the same public key are multiplied: c' = (a, b ) = (λ v h w, g w ) c = (a, b ) = (λ v h w, g w ) c c = (a, b ) (a, b ) = (λ v h w, g w ) (λ v h w, g w ) = (λ v +v h w +w, g w +w ) Decryption (c c ) = λ v +v log λ ( ) v +v Number of times a voting option has been selected. 23.

Advanced cryptographic mechanisms for Voter privacy Homomorphic tally (5/5) Encrypted votes C1 C2 C3 C4 C5 λ 0 λ 1 λ 0 λ 0 λ 1 x λ 1 λ 1 λ 0 λ 0 λ 0 Operation λ 1 λ 2 λ 0 λ 0 λ 1 Result: C1: 1 vote C2: 2 votes C3: 0 votes C4: 0 votes C5: 1 vote 24.

Advanced cryptographic mechanisms for Voter privacy Mix-nets (1/2) Several nodes shuffle and re-encrypt/decrypt the votes for breaking the correlation between the original input order and the output one. The shuffled and re-encrypted/decrypted vote output from one node is used as the input of another one. The vote contents are obtained (decrypted) at the last node. Re-encryption: c = (m h w, g w ) c = c (1 h w, g w ) = (m h w, g w ) (1 h w, g w ) = (m h w+w, g w+w ) Decryption Results 25. Re-encryption / Decryption + shuffling Decrypted votes

Advanced cryptographic mechanisms for Mix-nets (2/2) Voter privacy v v v v v P EB P EB S EB 26.

Index About Scytl Introduction to Electronic Voting Security in Electronic Voting Auditability in e-voting Types of verifiability Verifiability methods for e-voting 27.

Auditability in traditional voting Tangible physical elements Voter Electoral board Observers / auditors Tangible physical elements Results Votes and processes (e.g., counting) are based on tangible elements: Audit can be done by voters, observers and independent auditors by human means when the processes are carried out. Observers can monitor the behavior of other observers to detect any fraud practices. 28.

Auditability in postal voting Postal vote Voter Postal Service Electoral board Tangible physical elements Results The audit of the vote delivery process and storage in the ballot box is difficult if not impossible: Voters only can verify the selection they made but cannot verify if the same vote is received by the Electoral Board. Observers can audit the opening of the votes stored in the Ballot Box, but they have no access to the vote delivery process and have limited access to the process of storing the postal votes in the Ballot Box. 29. Observers / auditors

Auditability in e-voting E-vote Voter Logical environment Electoral board Observers / auditors e-ballotbox e-results Logical environment Votes and processes are happening in a logical dimension: Audit cannot be done by human means. Difficult to monitor the behavior of other observers. 30.

Index About Scytl Introduction to Electronic Voting Security in Electronic Voting Auditability in e-voting Types of verifiability Verifiability methods for e-voting 31.

Types of verifiability Individual verifiability Focused on the voter: only the voter that casts the vote is able to implement the verification process. Audit of the correct encoding of the voting options, correct vote reception, and presence of the vote on the final count. Security concerns: preservation of voter privacy and prevention of vote selling/coercion practices. Cast as intended (Karlof et al.) Voters can verify that their cast votes really represent their voter intent. Universal verifiability Focused on the public, not restricted to voters. Audit of the correct vote counting. Security concerns: preservation of voter privacy. End-to End verifiability (Benaloh 06)= cast as intended + counted as cast 32. Counted as cast (Karlof et al.) Any observer can verify that the final tally is an accurate count of the ballots cast.

Types of verifiability Verifiability and election processes Vote preparation Vote casting Vote reception vote Electoral board Voter Cast as intended Individual verifiability Recorded as cast Individual verifiability Universal + Counted as recorded Vote Counting Results 33. Election observers / auditors

Index About Scytl Introduction to Electronic Voting Internet voting cryptography Auditability in e-voting Types of verifiability Verifiability methods for e-voting 34.

Audit processes in remote e-voting Vote encryption challenge (1/2) Cast as intended verification The vote is encrypted and the application commits to the encryption (e.g., showing a hash of the encrypted vote). The voter can challenge the application to verify the proper encryption of the vote before casting it: Challenge: voter asks the application for showing the secret random parameters used to encrypt the vote. Verification: voter uses the random parameters and the encryption proof to verify if the encrypted vote contains her voter intent. New encryption: the vote is encrypted again with new random parameters, and a new encryption proof is generated. Probabilistic verification. Challenge Send vote 35. Voter Voting options Vote preparation Verify E-vote Extract voting options

Audit processes in remote e-voting Cast as intended verification Vote encryption challenge (2/2) Remember the ElGamal encryption algorithm: g generator of Z p * p large prime p=2q+1 private key: x x random number in Z p public key: (h, g, p) h = g x mod p message: m Encryption: c = (a, b) = (m h w, g w ), where w is a random number in Z p Decryption: m = a b -x = m h w / (g w ) x = m h w / h w Verification in vote encryption challenge: Software commits to the encryption: H(c) Secret randomness is shown to the voter: w. Voter can generate the encryption again and check the commitment: c' = (m h w, g w ) H(c ) == H(c)? 36.

Audit processes in remote e-voting Homomorphic tally Counted as cast verification Zero Knowledge Proof of correct decryption, based on the equality of discrete logarithms: Remember c = (a, b) = (m h w, g w ). Decryption recovers m using the private key x. Given a tuple (g, b, h,v), where v: encryption factor h w = a / m. The prover can prove that he knows the secret value x satisfying x=log g h=log b v, without giving this value x. Verification: Anyone can calculate the result of the operation using the encrypted votes. The process generates proofs of correct decryption of the result that can be verified by anyone. Verify Verify Encrypted votes Aggregation Encrypted aggregation Decryption Results P Proofs PUBLISHED PUBLISHED PUBLISHED 37.

Audit processes in remote e-voting Universal verifiable Mix-nets (1/3) Counted as cast verification Zero Knowledge Proof of plaintext equivalence to demonstrate the correct reencryption, based on the equality of discrete logarithms: At one node, input is c = (a, b) = (m h w, g w ). Output is c = (a, b ) = (m h w+w, g w+w ). Given a tuple (g, u, h, v), where u = b / b = g w, and v = a / a = h w. The prover can prove that he knows the secret value w satisfying w =log g u=log h v, without giving this value w. Zero Knowledge Proof of correct decryption, based on the equality of discrete logarithms: Remember c = (a, b) = (m h w, g w ). Decryption recovers m using the private key x. Given a tuple (g, b, h,v), where v: encryption factor h w = a / m. The prover can prove that he knows the secret value x satisfying x=log g h=log b v, without giving this value x. 38.

Audit processes in remote e-voting Universal verifiable Mix-nets (2/3) Counted as cast verification Verification: Each mix-node calculates proofs of correct shuffling and correct re-encryption / decryption. All the proofs are verifiable by anyone to detect that the input and output votes are based on the same original plaintexts (i.e., have not been changed). Decryption Proofs Verify P P P P Results Verify P Proofs P Proofs Verify Decrypted votes Verify 39.

Audit processes in remote e-voting Counted as cast verification Universal verifiable Mix-nets (3/3) Mixing detail 40.

41.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback