Blind Proxy Voting Imple- mentation František Hakl Requirements Actors and Blind Proxy Voting Implementation roles Data flow Keys and hash František Hakl Key code example Ballot forms hakl@cs.cas.cz examples Matrix example Institute of computer science, Prague Perm. example Rules & Sep 2018 Axioms Rules Axioms Attacks analysis Table Conclusion
Motivation: Blind Proxy • long-term request of some colleagues for distance voting Voting Imple- mentation • expected increase in the number of voters with a probable low participation František Hakl in direct voting Requirements Statutory requirements for the electoral process: Actors and • SR No341 : have to meet law № . 341/2005 (Zákon o v.v.i.) roles • SR § 18 ( 5 ) : §18 (5) "pˇ rímá rovná tajná volba" (e.g. direct equal secret Data flow suffrage) Keys and hash General requirement on electoral process: Key code • GR 1 : allows remote ballot example • GR 2 : subsequently check-able (after the voting) Ballot forms • GR 3 : open-and-shut (easy to prepare, easy to vote, easy to evaluate) examples Matrix example • GR 4 : trustworthy and transparent Perm. example • GR 5 : private (should contain identity anti-disclosure mechanisms) Rules & • GR 6 : resistant to sabotage and manipulation Axioms Rules • GR 7 : not demanding special infrastructure (including internet protocols and Axioms connections) Attacks • GR 8 : the possibility of documenting the election result and recalculation of analysis Table votes Conclusion Sources: • Haniková Z., "Blind Proxy Voting", Tech. Rep. No. V-1250, ICS AS CR, 2017 • Wikipedia
Blind Proxy Human sets: Voting Imple- mentation František Hakl defined role minimal by requirements Requirements ¯ Actors and voters V law determine meet law and roles ¯ ¯ G i , EB internal regulations Data flow ¯ � ¯ � ¯ ¯ � � = � � � � = 1 two G 1 V generate and G 1 G 2 Keys and hash ¯ � ¯ G 1 ∪ ¯ ∩ ¯ � generators G 2 distribute keys G 2 V = ∅ Key code ¯ ¯ � ¯ � ≥ 3 � � election EB V evaluation EB example board of elections (odd and >1) Ballot forms examples ¯ P 1 , v and ¯ ¯ two P 1 , v voter represent P 2 , v Matrix example Perm. example ¯ v ∈ ¯ proxies P 2 , v V voter mutually unknown Rules & ¯ candidates C themselves persons to be meet law and Axioms Rules elected internal regulations Axioms Attacks • in addition all sets ¯ G i , ¯ P i , v , v ∈ ¯ V , ¯ EB , ¯ C must be mutually disjoint analysis • there is possible that proxy does not know the identity of his/her principal Table voter Conclusion • !!! proxy does not know who is the second proxy and vice-versa !!!
Blind Proxy Data-flow sheet: Voting Imple- mentation Generator 1 František Hakl LETTER_1 , LETTER_2, 2 x SALTS Voter signature Requirements Actors and DIGIT_1 , DIGIT_2, 2 x SALTS Generator 2 roles signature Data flow or or CANDIDATE SHEET CHECKBOX SHEET Keys and hash Signature lists and all lists generated. Key code Proxy 1 Proxy 2 After ballot box example closing. Ballot forms examples Matrix example Perm. example Election board Rules & CANDIDATE SHEET CHECKBOX SHEET Axioms Rules Ballot box Axioms content of BB Attacks analysis Table Conclusion elected result
Blind Proxy Voting Imple- mentation Generator 1 František Hakl LETTER_1 , LETTER_2, 2 x SALTS Voter signature Requirements Actors and DIGIT_1 , DIGIT_2, 2 x SALTS Generator 2 roles signature Data flow or or CANDIDATE SHEET CHECKBOX SHEET Keys and hash Signature lists and all lists generated. Key code Proxy 1 Proxy 2 After ballot box example closing. Ballot forms examples Matrix example Perm. example Election board Rules & CANDIDATE SHEET CHECKBOX SHEET Axioms Rules Ballot box Axioms content of BB Attacks analysis Table Conclusion elected result
Cryptography hash functions: Blind Proxy Voting Imple- mentation • main properties of cryptography hash: František Hakl • pre-image resistance: for hash h it is difficult to find m such that h = hash ( m ) Requirements • second pre-image resistance: Actors and for m 1 , it is difficult to find a different m 2 such that roles hash ( m 1 ) = hash ( m 2 ) • collision resistance: Data flow it is difficult to find tuple m 1 � = m 2 such that hash ( m 1 ) = hash ( m 2 ) Keys and hash � ( K ′ ⊕ opad ) � hash ( K ′ ⊕ ipad ) � m �� • in addition HMAC( K , m ) = hash � is Key code resistant to length-extension attacks example • widely uses in electronic communication for password store & verification, Ballot forms examples file integrity check, proof-of-work, file or data identifier, pseudo-random Matrix example generation, key derivation and other digest applications Perm. example • implemented in frequently used programming languages, including php and Rules & Axioms Python Rules • Python 3.6 implements hashlib and hmac libraries: sha3_224(), Axioms sha3_256(), sha3_384(), sha3_512(), shake_128(), shake_256(), blake2b(), blake2s() Attacks analysis (sha is developed and used by NSA) Table • php7.2: print _ r ( hash _ algos ()); lists approximately 50 hash functions Conclusion (md5, sha, ripemd, whirlpool, tiger, snefru, gost, gost-crypto, adler, crc, fnv, joaat, haval) • IMPORTANT: 2018 standard CPU (GPU) can compute approximately 10 6 hashes per second for an input of the length 8
Keys (suggested example): Blind Proxy Voting Imple- mentation ¯ G 1 generate LETTER keys set František Hakl Key Salt hash hash(salt. AfGkDT .salt) AfGkDT f19f774a23ab46b89356f7ce77f6a203 Requirements DsEgju 08609e5cb43d4b69ba48dd46d73303eb hash(salt. DsEgju .salt) hash(salt. DwEjKI .salt) Actors and DwEjKI 19dd4a6303824e6396b4b971c98fa3ee roles eERviA 436d52511b0646389f1ab45c0191d7c7 hash(salt. eERviA .salt) hash(salt. HGEShY .salt) HGEShY 23e28e51a9904b47a667220bf9847ec4 Data flow hash(salt. HSWEja .salt) HSWEja f5cb0c491729441d98ebf3a6224032aa Keys and hash(salt. lahdFT .salt) lahdFT f25cebd3078b4512ad5cad33d502376b hash hash(salt. ldfyFg .salt) ldfyFg 74cdb89d710c479e97aa952be9828e27 Key code lSiKaF 27c295a0406a4106a1a470a249281925 hash(salt. lSiKaF .salt) example hash(salt. sdgEda .salt) sdgEda aef5b316c04b47db85f86038bfb61108 Ballot forms sDhHda 6f8fb80daa944bca89e061b0051eb71c hash(salt. sDhHda .salt) examples Matrix example ¯ Perm. example G 2 generate DIGIT keys set Rules & Key Salt hash Axioms hash(salt. 136471 .salt) 136471 a343e926a85740f9b1fc21b1537c1d29 Rules hash(salt. 156434 .salt) 156434 56cabdf213ca4d0aa9ac26a6fb083a6f Axioms hash(salt. 451587 .salt) 451587 55e441d45523432cb771f441bf90b681 Attacks 458365 3a8b4a6afd0e48bbb49b742c10343a94 hash(salt. 458365 .salt) analysis Table hash(salt. 658745 .salt) 658745 e15dc2e41b3540b19368f25d5a8a91ef 712732 eb83bc95c1014e6592fac8bb739f2cbc hash(salt. 712732 .salt) Conclusion hash(salt. 746212 .salt) 746212 98a0c0e7d9fc4440b0d21928e23b3b15 918396 2e8e013cb8e44d6991479a5382355533 hash(salt. 918396 .salt) hash(salt. 925319 .salt) 925319 dd8129a63c944cd5952ad707185105b5
Blind Proxy Voting Imple- mentation František Hakl Keys: Requirements • ordered tables of unique keys, salts and hashes are generated by ¯ G 1 and Actors and ¯ G 2 independently and in secret roles • salts should be at least of 32 hex number Data flow • number of keys generated in each set is roughly four-fold than the number Keys and hash of voters • both lists of hashes are published Key code example • hash method used is published Ballot forms • both lists of keys and salts remain secret examples Matrix example • keys and corresponding salts are put into envelopes (separately by both ¯ G 1 Perm. example and ¯ G 2 , one corresponding tuple (key,salt) per envelope) Rules & • voter randomly chooses just four envelopes with two LETTER ( L 1, L 2) and Axioms Rules two DIGIT ( D 1, D 2) keys against the signature Axioms • the voter can check to get the keys from the lists (hash method is published, Attacks salt is known by voter) analysis Table Conclusion
Recommend
More recommend
