ballot privacy in elections new metrics and constructions
play

Ballot privacy in elections: new metrics and constructions. Olivier - PowerPoint PPT Presentation

Aug 17, 2023 •108 likes •415 views

Ballot privacy in elections: new metrics and constructions. Olivier Pereira Universit e catholique de Louvain Based on joint works with: D. Bernhard, V. Cortier, E. Cuvelier, T. Peters and B. Warinschi March 2015 UCL Crypto Group Vote

  1. Ballot privacy in elections: new metrics and constructions. Olivier Pereira – Universit´ e catholique de Louvain Based on joint works with: D. Bernhard, V. Cortier, E. Cuvelier, T. Peters and B. Warinschi March 2015 UCL Crypto Group Vote Privacy - Mar. 2015 1 Microelectronics Laboratory

  2. Open Voting UCL Crypto Group Vote Privacy - Mar. 2015 2 Microelectronics Laboratory

  3. Open Voting UCL Crypto Group Vote Privacy - Mar. 2015 3 Microelectronics Laboratory

  4. Open Voting Alice: Bob: Walter Valerie Charles: Walter Dana: Walter ◮ Every voter can verify that nobody tampered with her/his vote ◮ Every voter can compute the tally ◮ No privacy, no coercion-resistance, no fairness, . . . UCL Crypto Group Vote Privacy - Mar. 2015 4 Microelectronics Laboratory

  5. Secret Ballot ◮ Liberal motivation: “My vote is my own business, elections are a tool for aggregating private opinions” ◮ Practical motivation: Prevent coercion and bribery UCL Crypto Group Vote Privacy - Mar. 2015 5 Microelectronics Laboratory

  6. A traditional paper approach Walter Valerie Walter Walter ◮ With voting booth: privacy, coercion-resistance, fairness, . . . ◮ If a voter keeps an eye on the urn and tally all day long, he can be convinced that: ◮ his vote is untampered ◮ the tally is based on valid votes and correct ◮ A minute of inattention is enough to break this UCL Crypto Group Vote Privacy - Mar. 2015 6 Microelectronics Laboratory

  7. Privacy vs Verifiability – Two Extremes Hand raising vote Uncontrolled ballot box Verifiability 100% Verifiablility 0% Privacy 0% Privacy 100% UCL Crypto Group Vote Privacy - Mar. 2015 7 Microelectronics Laboratory

  8. Privacy and Verifiability ? UCL Crypto Group Vote Privacy - Mar. 2015 8 Microelectronics Laboratory

  9. Defining Vote Privacy Not an absolute notion: ◮ Usually accepted that there is no privacy when all voters support the same candidate Elections as Secure Function Evaluation [Yao82]: ◮ “The voting system should not leak more than the outcome” ◮ But we would like to know how much the outcome leaks! Game-style definition [KTV11]: ◮ Privacy measured as max probability to distinguish whether I voted in one way or another ◮ Often too strong: that probability is ≈ 1 when: #different ballots ≫ #voters UCL Crypto Group Vote Privacy - Mar. 2015 9 Microelectronics Laboratory

  10. Defining Vote Privacy What do we want to measure? 1. With what probability can A guess my vote? Sounds like min-entropy! 2. In how many ways can I pretend that I voted? Sounds like Hartley entropy! UCL Crypto Group Vote Privacy - Mar. 2015 10 Microelectronics Laboratory

  11. Notations Let: ◮ D be the distribution of honest votes (if known) ◮ T : sup( D ) �→ { 0 , 1 } ∗ be a target function ◮ T ( v 1 , . . . , v n ) := v i ? ◮ T ( v 1 , . . . , v n ) := ( v i = v j ) ◮ ρ ( v 1 , . . . , v n ) be the official outcome of the election ◮ view A ( D , π ) be the view of A participating to voting protocol π in which honest voters vote according to D UCL Crypto Group Vote Privacy - Mar. 2015 11 Microelectronics Laboratory

  12. Measure(s) for privacy M x ( T , D , π ) := inf A F x ( T ( D ) | view A ( D , π ) , ρ ( D , v A )) where: ◮ F x ( A | B ) is some x -R´ eniy entropy measure on A given B UCL Crypto Group Vote Privacy - Mar. 2015 12 Microelectronics Laboratory

  13. Choices for F x ( A | B ) M x ( T , D , π ) := inf A F x ( T ( D ) | view A ( D , π ) , ρ ( D , v A )) Choices for F x ( A | B ): � 2 − H ∞ ( A | B = b ) �� ˜ � H ∞ Average min-entropy: − log E [DORS08] b ∈ B Measures the probability that A guesses the target H ⊥ ∞ Min-min-entropy: min b ∈ B H ∞ ( A | B = b ) Same as before, but for the worst possible b H ⊥ 0 Min-Hartley-entropy: min b ∈ B H 0 ( A | B = b ) Measures the number of values that the target can take for the worst b – No probabilities involved! UCL Crypto Group Vote Privacy - Mar. 2015 13 Microelectronics Laboratory

  14. An example.. . Consider: ◮ An approval (yes/no) election with 1 question ◮ 3 voters voting uniformly at random ◮ target is the first voter ˜ H ⊥ H ⊥ H ∞ ∞ 0 ρ 1 := ⊥ 1 1 1 ρ 2 := | � v | yes > | � v | no . 4 . 4 1 ρ 3 := ( | � v | yes , | � v | no ) . 4 0 0 ρ 4 := � 0 0 0 v ( . 4 ≈ − log 3 4 ) UCL Crypto Group Vote Privacy - Mar. 2015 14 Microelectronics Laboratory

  15. Scantegrity Audit Data ◮ Official outcome: number of votes received by each candidate ◮ Scantegrity audit trail exposes all ballots (codes removed) ◮ Scantegrity take-home receipt shows how many bullets you filled UCL Crypto Group Vote Privacy - Mar. 2015 15 Microelectronics Laboratory

  16. Scantegrity Audit Data From the 2009 Takoma Park municipal election data : Ward 1 5 6 #Ballots 470 85 198 Question A B A B A B H ⊥ 0 from official outcome 6 3.17 6 3.17 6 6 H ⊥ 0 with receipts 1.58 1.58 0 1 2 1.58 ◮ 6/3.17 bits is a question with 3/2 candidates to rank (including incorrect rankings) ◮ In most cases, rankings of a certain length are uncommon ◮ In Ward 5, a voter looses his/her privacy completely on Question A if he/she shows his/her receipt! UCL Crypto Group Vote Privacy - Mar. 2015 16 Microelectronics Laboratory

  17. Single-Pass Cryptographic Voting A common approach ([CGS97], [DJ01], Helios, . . . ): pk Enc pk ( v i ) V i T sk Tally 1. Trustees create an election public key pk 2. Voters publish an encryption of their vote v i 3. Trustees compute and publish the tally, using the secret key sk 4. Everyone can verify that the tally is consistent with the encrypted votes UCL Crypto Group Vote Privacy - Mar. 2015 17 Microelectronics Laboratory

  18. Cryptographic Voting Problem with entropic measures of privacy: H( v i | Enc pk ( v i ) , pk ) = 0 Solution: use a computational analog of entropy : x ( A | B ) ≥ r ⇔ ∃ B ′ ≈ c B and F x ( A | B ′ ) ≥ r ◮ F c In particular, H c ( v i | Enc pk ( v i ) , pk ) ≥ r if H( v i | Enc pk (0) , pk ) ≥ r UCL Crypto Group Vote Privacy - Mar. 2015 18 Microelectronics Laboratory

  19. Computational Measure(s) for privacy M c A F c x ( T , D , π ) := inf x ( T ( D ) | view A ( D , π ) , ρ ( D , v A )) where: ◮ F c x ( A | B ) is a x -R´ eniy computational entropy metric on A given B Definition (informal): A voting scheme π with tallying function ρ offers ballot privacy if, for all T , D : M c A F c x ( T , D , π ) = inf x ( T ( D ) | ρ ( D , v A )) UCL Crypto Group Vote Privacy - Mar. 2015 19 Microelectronics Laboratory

  20. Privacy and Verifiability Do we need to move to computational entropies? ? ◮ Publish encrypted votes, but what if encryption gets broken? ◮ because time passes and computing speed increases ◮ because decryption keys are lost/stolen ◮ because there is an algorithmic breakthrough UCL Crypto Group Vote Privacy - Mar. 2015 20 Microelectronics Laboratory

  21. Voting with a Perfectly Private Audit Trail Can we offer verifiability without impacting privacy? More precisely: Can we take a non-verifiable voting scheme and add verifiability without impacting privacy? Goal: ◮ Have a new kind of audit data ◮ Audit data must perfectly hide the votes ◮ Usability must be preserved: 1. Practical distributed key generation 2. No substantial increase of the cost of ballot preparation 3. Be compatible with efficient proof systems UCL Crypto Group Vote Privacy - Mar. 2015 21 Microelectronics Laboratory

  22. Commitments Can Enable Perfect Privacy commitment d opening a m ◮ A commitment is perfectly hiding if d is independent of m ◮ A commitment is computationally binding if it is infeasible to produce d , ( m , a ) , ( m ′ , a ′ ) such that d can be opened on both ( m , a ) and ( m ′ , a ′ ) ( m � = m ′ ) Example: ◮ Let g 0 , g 1 be random generators of a cyclic group G ◮ Set d = g a 0 g m 1 as a commitment on m with random opening a ◮ Finding a different ( m , a ) pair consistent with d is as hard as computing the discrete log of g 1 in base g 0 UCL Crypto Group Vote Privacy - Mar. 2015 22 Microelectronics Laboratory

  23. A New Primitive : Commitment Consistent Encryption Commitment Consistent Encryption (CCE) scheme Π = ( Gen , Enc , Dec , DerivCom , Open , Verify ) ( Gen , Enc , Dec ) is a classic encryption scheme c = Enc pk ( m ) DerivCom pk ( c ) from the ciphertext, derives a commitment d Open sk ( c ) outputs an opening value a from c using sk Verify pk ( d , a , m ) checks that d is a commitment on m w.r.t. a UCL Crypto Group Vote Privacy - Mar. 2015 23 Microelectronics Laboratory

  24. Single-Pass Cryptographic Voting Voting with a CCE scheme: pk c = Enc pk ( v i ) V i T sk Tally Board Audit Derivcom pk ( c ) 1. Trustees create an election public key pk 2. Voters submit an encryption of their vote v i to Trustees 3. Trustees publish commitments extracted from encrypted votes 4. Trustees publish the tally, as well a proofs of correctness UCL Crypto Group Vote Privacy - Mar. 2015 24 Microelectronics Laboratory

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of

Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of

Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of Computer Science and Engineering The University of New South Wales Sydney, Australia {rolandw,richardb}@cse.unsw.edu.au VOTE-ID 2009 1 / 35

509 views • 35 slides
Adapting Helios for Provable Ballot Privacy David Bernhard, Veronique Cortier, Olivier Pereira,

Adapting Helios for Provable Ballot Privacy David Bernhard, Veronique Cortier, Olivier Pereira,

Adapting Helios for Provable Ballot Privacy David Bernhard, Veronique Cortier, Olivier Pereira, Ben Smyth, Bogdan Warinschi September 2, 2011 ESORICS 2011 Adapting Helios for Provable Ballot Privacy 1 / 26 Helios Helios is a web-based voting

629 views • 40 slides
Ballot Design City of Long Beach, California August 11, 2011 U.S. Elections Assistance

Ballot Design City of Long Beach, California August 11, 2011 U.S. Elections Assistance

Ballot Design City of Long Beach, California August 11, 2011 U.S. Elections Assistance Commission Washington, D.C. City of Long Beach A Charter City founded in 1897 Population: 462,257 39 th largest city in the nation, 7 th largest

631 views • 18 slides
CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong Last Lecture Symmetric & Public key encryption Secure Multiparty Computations Problem and security definitions General constructions

492 views • 48 slides
CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong Last Lecture Symmetric & Public key encryption Secure Multiparty Computations Problem and security definitions General constructions

846 views • 55 slides
Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters

Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters

Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters Olivier Pereira Universit e catholique de Louvain ICTEAM Crypto Group SecVote 2012 UCL Crypto Group PPAT - Jul. 2012 1

451 views • 16 slides
Elastic distinguishability metrics for Location Privacy Marco Stronati marco@stronati.org joint

Elastic distinguishability metrics for Location Privacy Marco Stronati marco@stronati.org joint

Elastic distinguishability metrics for Location Privacy Marco Stronati marco@stronati.org joint work with K. Chatzikokolakis and C. Palamidessi 1 / 14 Privacy for LBS Goal: limit semantic inference (not anonymity) Reasonable utility for

701 views • 30 slides
Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 , Konstantinos

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 , Konstantinos

Introduction Two Pseudometrics Non-expansive Process Operators An application to the Dining Cryptographers Protocol Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 , Konstantinos Chatzikokolakis 2 , 3 , Huimin

608 views • 49 slides
Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos

Introduction Three Pseudometrics Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos Chatzikokolakis 2 , 3 Huimin Lin 4 Catuscia Palamidessi 1 , 3 1 INRIA 2 CNRS 3 Ecole Polytechnique 4 Institute of

868 views • 49 slides
MA111: Contemporary mathematics . Jack Schmidt University of Kentucky August 27, 2012 Entrance

MA111: Contemporary mathematics . Jack Schmidt University of Kentucky August 27, 2012 Entrance

. MA111: Contemporary mathematics . Jack Schmidt University of Kentucky August 27, 2012 Entrance Slip (due 5 min past the hour): Convert the following linear ballots into a preference schedule: Ballot Ballot Ballot Ballot Ballot Ballot

356 views • 17 slides
Privacy Preserving Data Mining: Additive Data Perturbation Outline Input perturbation

Privacy Preserving Data Mining: Additive Data Perturbation Outline Input perturbation

Privacy Preserving Data Mining: Additive Data Perturbation Outline Input perturbation techniques Additive perturbation Multiplicative perturbation Privacy metrics Privacy metrics Summary Definition of dataset Column

280 views • 23 slides
Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos

Introduction Three Pseudometrics Comparison of the Three Pseudometrics Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos Chatzikokolakis 2 , 3 Huimin Lin 4 Catuscia Palamidessi 1 , 3 1 INRIA 2 CNRS 3

741 views • 52 slides
Effective Designs for the Administration of Federal Elections Karen Lynn-Dyson, Research

Effective Designs for the Administration of Federal Elections Karen Lynn-Dyson, Research

Effective Designs for the Administration of Federal Elections Karen Lynn-Dyson, Research Director U.S. Election Assistance Commission April 16, 2008 Background HAVA 241(b)(2) and 302(b) mandate that EAC study ballot designs for

531 views • 14 slides
Agenda What are ballot measures? Kellie Dupree What are 501(c)(3) organizations Director

Agenda What are ballot measures? Kellie Dupree What are 501(c)(3) organizations Director

Agenda What are ballot measures? Kellie Dupree What are 501(c)(3) organizations Director of Partnerships and Training allowed to do Ballot Initiative Strategy Center Direct Lobbying limits Stories from the field: Ballot measure

653 views • 16 slides
* To work with local Leagues to educate , energize and empower voters for Election 2016! LWV

* To work with local Leagues to educate , energize and empower voters for Election 2016! LWV

* To work with local Leagues to educate , energize and empower voters for Election 2016! LWV Needham LWV Amherst LWV Norwood * Inform voters about Online Voter Registration convenient way to register, check status Register voters at

553 views • 13 slides
Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
Looking across the voter experience how design, usability, and accessibility shape voters

Looking across the voter experience how design, usability, and accessibility shape voters

Looking across the voter experience how design, usability, and accessibility shape voters paths through elections Dana Chisnell Center for Civic Design Presidential Commission on Election Administration September 4, 2013 Clear process

1.09k views • 67 slides
Short Ballot Assumption and Threeballot E-voting Voting Protocol Threeballot Strauss Attack

Short Ballot Assumption and Threeballot E-voting Voting Protocol Threeballot Strauss Attack

Threeballot and SBA Cicho n, Kutyowski, We glorz Short Ballot Assumption and Threeballot E-voting Voting Protocol Threeballot Strauss Attack SBA Jacek Cicho n Mirosaw Kutyowski Bogdan We glorz Results 2

653 views • 44 slides
AVotingSystemfor AVotingSystemfor AutomaticCorrectionofOCR

AVotingSystemfor AVotingSystemfor AutomaticCorrectionofOCR

AVotingSystemfor AVotingSystemfor AutomaticCorrectionofOCR AutomaticCorrectionofOCR Output Output

721 views • 26 slides
Paxos Made Moderately Complex Made Moderately Simple State machine replication Reminder:

Paxos Made Moderately Complex Made Moderately Simple State machine replication Reminder:

Paxos Made Moderately Complex Made Moderately Simple State machine replication Reminder: want to agree on order of ops Can think of operations as a log Op1 Op2 Op3 Op4 Op5 Op6 S1 S2 Paxos? S3 Put k1 v1 Put k2 v2 Op1 Op2 Op3

1.11k views • 69 slides
This is the old world, but today in the Baltic Sea we have succeeded to establish a cross border

This is the old world, but today in the Baltic Sea we have succeeded to establish a cross border

This is the old world, but today in the Baltic Sea we have succeeded to establish a cross border and interagency cooperation. 1 1 The result of the cooperation is that national contributions now has been merged and together created a

413 views • 9 slides
Webinar: A look at the Top-10 China Financial Industry Trends for 2015 January 21st, 2015 - 17:00

Webinar: A look at the Top-10 China Financial Industry Trends for 2015 January 21st, 2015 - 17:00

Webinar: A look at the Top-10 China Financial Industry Trends for 2015 January 21st, 2015 - 17:00 17:45 Beijing Standard Time The webinar will start in a few minutes. For more information about the topics covered in this webinar or

415 views • 28 slides

More recommend