coercion resistant internet voting with everlasting
play

Coercion-Resistant Internet Voting with Everlasting Privacy Rolf - PowerPoint PPT Presentation

Nov 16, 2023 •368 likes •735 views

Coercion-Resistant Internet Voting with Everlasting Privacy Rolf Haenni (Philipp Locher, Reto E. Koenig) FC16, Bridgetown, Barbados, February 26, 2016 Bern University of Applied Sciences | Berner Fachhochschule | Haute ecole sp

  1. Coercion-Resistant Internet Voting with Everlasting Privacy Rolf Haenni (Philipp Locher, Reto E. Koenig) FC’16, Bridgetown, Barbados, February 26, 2016 Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 1

  2. Outline Introduction Protocol Overview Cryptographic Preliminaries Detailed Protocol Description Properties and Performance Conclusion Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 2

  3. Coercion-Resistance Strategy 1: Fake Credentials First proposed by Juels, Catalano, Jakobsson (WPES’05) Under coercion, use (indistinguishable) fake credential Submit real vote at any time during the voting period Strategy 2: Deniable Vote Updating First proposed by Achenbach et al. (JETS, 2:26–45, 2015) Under coercion, follow the coercer’s instructions Update vote shortly before the end of the voting period Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 3

  4. Everlasting Privacy Strategy 1: Everlasting Privacy Towards the Public First proposed by Demirel et al. (EVT/WOTE’12) Publish perfectly hiding commitments to allow public verifiability Send decommitment values privately to trusted authorities Strategy 2: Efficient Set Membership Proof First proposed by Locher and Haenni (VoteID’15) Submit vote over anonymous channel Prove eligibility using perfectly hiding commitment and zero-knowledge proofs Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 4

  5. Adversaries Present adversary . . . tries to manipulate the election outcome, e.g. by coercing voters acts before, during, or shortly after an election is polynomially bounded Future adversary . . . tries to break vote privacy acts at any point in the future has unlimited computational power Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 5

  6. Outline Introduction Protocol Overview Cryptographic Preliminaries Detailed Protocol Description Properties and Performance Conclusion Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 6

  7. Involved Parties Election administration Voters Public bulletin board Trusted authorities (threshold decryption, mixing) Verifiers (the public) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 7

  8. Step 1: Registration The voter . . . creates a pair of private and public credentials sends the public credential to the election administration (over an authentic channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 8

  9. Step 2: Election Preparation The election administration . . . sends the list of public voter credentials to bulletin board Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 9

  10. Step 3: Vote Casting The voter . . . creates ballot consisting of commitment to public credential commitment to private credential encrypted ’election credential’ (used to detect duplicates) encrypted vote Non-interactive zero-knowledge proofs that commitments and encryptions have been formed properly sends ballot to bulletin board (over an anonymous channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 10

  11. Step 4: Tallying The trusted authorities . . . retrieve ballots from bulletin board drop ballots with invalid proofs detect and eliminate updated votes threshold decrypt remaining encrypted votes drop ballots with invalid votes compute election result in a verifiable manner Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 11

  12. Outline Introduction Protocol Overview Cryptographic Preliminaries Detailed Protocol Description Properties and Performance Conclusion Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 12

  13. Cryptographic Setup Group G p of prime order p Sub-group G q ⊂ Z ∗ p of prime order q | ( p − 1) Independent generators g 0 , g 1 ∈ G p and h 0 , h 1 , h 2 ∈ G q Assume that DL is hard in G p and DDH is hard in G q Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 13

  14. Set Membership Proof Goal: prove that a committed value belongs to a given set NIZKP [( u , r ) : C = com ( u , r ) ∧ u ∈ U ] Secret inputs u , r ∈ Z p Public inputs Commitment C = com ( u , r ) ∈ G p Set U = { u 1 , . . . , u N } of values u i ∈ Z p Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 14

  15. Polynomial Evaluation Proof Let P ( X ) = � N i =1 ( X − u i ) satisfying P ( u i ) = 0 for all u i ∈ U NIZKP [( u , r ) : C = com ( u , r ) ∧ u ∈ U ] ⇐ ⇒ NIZKP [( u , r ) : C = com ( u , r ) ∧ P ( u ) = 0] Efficient protocol by Bayer and Groth (2013) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 15

  16. DL-Representation Proof Goal: prove that a commitment contains a DL-representation of another committed value   C = com ( u , r ) � NIZKP [( u , r , v 1 , . . . , v n , s ) : D = com ( v 1 , . . . , v n , s )  ]  u = h v 1 1 · · · h v n n Secret inputs u , r ∈ Z p v 1 , . . . , v n , s ∈ Z q Public inputs Values h 1 , . . . , h n ∈ G q Commitment C = com ( u , r ) ∈ G p Commitment D = com ( v 1 , . . . , v n , s ) ∈ G q For n = 2, efficient protocol by Au, Susilo, Mu (2010) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 16

  17. Verifiable Shuffle General verifiable shuffle: ( E ′ , π ) = shuffle φ f ( E , k 1 , . . . , k n ) Input list E = ( E 1 , . . . , E n ) Random permutation φ Keyed one-way function f Keys k 1 , . . . , k n Output list E ′ = ( E ′ 1 , . . . , E ′ n ), where E ′ φ ( i ) = f ( E i , k i ) Proof of shuffle π In our protocol, we use two shuffle instances Exponentiation: f ( E , k ) = E k Re-encryption: f ( E , k ) = reEnc pk ( E , k ) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 17

  18. Outline Introduction Protocol Overview Cryptographic Preliminaries Detailed Protocol Description Properties and Performance Conclusion Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 18

  19. Step 1: Registration The voter . . . creates a pair of private and public credentials sends the public credential to the election administration (over an authentic channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 19

  20. Step 1: Registration The voter . . . creates a pair of private and public credentials α, β ∈ R Z q u = h α 1 h β 2 ∈ G q sends the public credential u to the election administration (over an authentic channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 20

  21. Step 2: Election Preparation The election administration . . . sends the list of public voter credentials to bulletin board Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 21

  22. Step 2: Election Preparation The election administration . . . defines the list of public voter credentials U = { ( V 1 , u 1 ) , . . . , ( V N , u N ) } computes coefficients A = ( a 0 , . . . , a N ) of polynomial N N � � a i X i P ( X ) = ( X − u i ) = i =1 i =0 selects fresh independent election generator ˆ h ∈ G q publishes ( U , A , ˆ h ) on bulletin board Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 22

  23. Step 3: Vote Casting The voter . . . creates ballot consisting of commitment to public credential commitment to private credential encrypted ’election credential’ (used to detect duplicates) encrypted vote Non-interactive zero-knowledge proofs that commitments and encryptions have been formed properly sends ballot to bulletin board (over an anonymous channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 23

  24. Step 3: Vote Casting The voter . . . creates ballot B = ( C , D , E , F , π 1 , π 2 , π 3 ) consisting of commitment to public credential C = com ( u , r ) commitment to private credential D = com ( α, β, s ) encryption of ’election credential’ E = enc pk (ˆ h β , ρ ) encrypted vote F = enc pk ( v , σ ) Non-interactive zero-knowledge proofs π 1 , π 2 , π 3 (see next slide) sends ballot B to bulletin board (over an anonymous channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Human Factors in Coercion-Resistant Internet Voting Oksana Kulyk I voted for A I voted

Human Factors in Coercion-Resistant Internet Voting Oksana Kulyk I voted for A I voted

Human Factors in Coercion-Resistant Internet Voting Oksana Kulyk I voted for A I voted for A +1 vote for B +1 vote for A ITU CIST 29/05/2019 1 Coercion in Internet Voting Internet voting is an unsupervised channel

580 views • 22 slides
Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo, Amira Barki, Solenn Brunet and Jacques Traor 1st Workshop on Advances in Secure Electronic Voting Schemes VOTING16 February 26th, 2016

532 views • 23 slides
Internet Voting Protocols with Everlasting Privacy Jeroen van de Graaf Joint work with Denise

Internet Voting Protocols with Everlasting Privacy Jeroen van de Graaf Joint work with Denise

Internet Voting Protocols with Everlasting Privacy Jeroen van de Graaf Joint work with Denise Demirel e Roberto Samarone jvdg@dcc.ufmg.br June 2012 Jeroen van de Graaf Joint work with Denise Demirel e Roberto Samarone Internet Voting Protocols

697 views • 40 slides
Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
A Design Of Secure Preferential E-Voting Kun Peng and Feng Bao { dr.kun.peng } @gmail.com

A Design Of Secure Preferential E-Voting Kun Peng and Feng Bao { dr.kun.peng } @gmail.com

A Design Of Secure Preferential E-Voting Kun Peng and Feng Bao { dr.kun.peng } @gmail.com Institute for Inforcomm Research (I 2 R), Singapore 1 Agenda 1. Preferential E-Voting 2. Coercion attack and coercion resistent 3. Italian attack

229 views • 21 slides
Preventing Coercion in E-Voting: Be Open and Commit Wojtek Jamroga, Polish Academy of Sciences

Preventing Coercion in E-Voting: Be Open and Commit Wojtek Jamroga, Polish Academy of Sciences

Preventing Coercion in E-Voting: Be Open and Commit Wojtek Jamroga, Polish Academy of Sciences (joint work with Masoud Tabatabaei and Peter Y. A. Ryan) LAMAS Seminar on INteraction Gdansk 24th of September 2015 Tabatabaei, Jamroga, and Ryan

791 views • 60 slides
Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University

Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University

Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University College London DoS-Resistant Internet Working Group Initial meeting held January 27th in London: The objective of the initial meeting is to share

316 views • 27 slides
Internet Voting and Ranked Ballots 2018 Municipal Election Special Committee of the Whole

Internet Voting and Ranked Ballots 2018 Municipal Election Special Committee of the Whole

Internet Voting and Ranked Ballots 2018 Municipal Election Special Committee of the Whole January 30, 2017 Purpose Continuation of discussion of internet voting from October 5, 2015 Outline recommended voting method options for 2018

792 views • 32 slides
10/3/2017 He Who Is Everlasting Psalms 90:1-2 Lord, you have been our dwelling place throughout

10/3/2017 He Who Is Everlasting Psalms 90:1-2 Lord, you have been our dwelling place throughout

10/3/2017 He Who Is Everlasting Psalms 90:1-2 Lord, you have been our dwelling place throughout all generations. 2 Before the mountains were born or you brought forth the whole world, from everlasting to everlasting you are God. Main Point

282 views • 7 slides
Facebook Changing the Face of Voting: How the Internet and Social Networking Sites Affected

Facebook Changing the Face of Voting: How the Internet and Social Networking Sites Affected

Facebook Changing the Face of Voting: How the Internet and Social Networking Sites Affected Youth Voting Behaviors in the 2008 Election Aleesha Larsen April 2012 So What? Voting behavior is always being researched In 2006 there were

261 views • 12 slides
Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stphanie Delaune

Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stphanie Delaune

Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stphanie Delaune / Steve Kremer / Mark D. Ryan Some desired properties of e-voting systems Eligibility: only eligible voters can vote, and only once.

545 views • 18 slides
Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for Voting Over the Internet, Indrajit Ray, (revisited) Indrakshi Ray, Natarajan Narasimhamurthi Paul Valiant extending work by Dale Neal &

441 views • 5 slides
Internet VotingSeriously?? Ronald L. Rivest Institute Professor MIT, Cambridge, MA EVN

Internet VotingSeriously?? Ronald L. Rivest Institute Professor MIT, Cambridge, MA EVN

Internet VotingSeriously?? Ronald L. Rivest Institute Professor MIT, Cambridge, MA EVN Conference 2016-03-11 Outline Introduction Technology evolution and voting Internet voting Security Risk assessment New tech for old applications

912 views • 90 slides
Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys Rolf Haenni and Oliver

Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys Rolf Haenni and Oliver

Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys Rolf Haenni and Oliver Spycher Bern University of Applied Sciences, Switzerland http://e-voting.bfh.ch EVT/WOTE11, San Francisco August 9th, 2011 1 Outline

550 views • 23 slides
Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University

Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University

Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University College London Denial-of-Service Attacker attempts to prevent the victim from doing any useful work. Flooding Attacks Exploiting Software

806 views • 27 slides
Towards DoS-resistant Internet Architecture Prof. Mark Handley University College London

Towards DoS-resistant Internet Architecture Prof. Mark Handley University College London

Towards DoS-resistant Internet Architecture Prof. Mark Handley University College London Denial-of-Service Attacker attempts to prevent the victim from doing any useful work. Flooding Attacks Exploiting Software Weaknesses

319 views • 19 slides
Action Social Mastery Achievement Immersion Creativity Boom! Lets Play Together

Action Social Mastery Achievement Immersion Creativity Boom! Lets Play Together

Action Social Mastery Achievement Immersion Creativity Boom! Lets Play Together Let Me Think I Want More Once Upon a Time What If? Destruction Competition Challenge Completion Fantasy Design Guns.

974 views • 39 slides
Ensuring your favorite player wins: Tournament Rigging and Bribery Sushmita Gupta, Sanjukta Roy,

Ensuring your favorite player wins: Tournament Rigging and Bribery Sushmita Gupta, Sanjukta Roy,

Ensuring your favorite player wins: Tournament Rigging and Bribery Sushmita Gupta, Sanjukta Roy, Saket Saurabh, Meirav Zehavi (Knockout)Tournaments How can we ensure our favorite player/team wins the tournament? How to ensure that favorite

1.41k views • 130 slides
What Do You Think Goes Into Developing Games? Consider a computer game you want to build (or,

What Do You Think Goes Into Developing Games? Consider a computer game you want to build (or,

What Do You Think Goes Into Developing Games? Consider a computer game you want to build (or, one you like that has been built) Assume you are inspired (or forced or paid) to engineer the game Take 3-4 minutes to write a list of the

365 views • 11 slides
H1 FY16 Earnings presentation November 4th, 2015 Yves Guillemot, President and Chief Executive

H1 FY16 Earnings presentation November 4th, 2015 Yves Guillemot, President and Chief Executive

H1 FY16 Earnings presentation November 4th, 2015 Yves Guillemot, President and Chief Executive Officer Alain Martinez, Chief Financial Officer Jean-Benot Roquette, SVP Investor Relations D I S C L A I M E R This statement may contain

303 views • 27 slides
Java One 2015 Deep Dive T op Performance Mistakes And other Tips & T ricks to make you

Java One 2015 Deep Dive T op Performance Mistakes And other Tips & T ricks to make you

Java One 2015 Deep Dive T op Performance Mistakes And other Tips & T ricks to make you a Performance Expert More on http://blog.dynatrace.com Andreas Grabner - @grabnerandi Safe Harbor AND MANY MORE 0.01ms 0.02ms 15

1.01k views • 78 slides
Implementing Gamifjcation for your Community Antoine THOMAS aka ttoine gamification in sports

Implementing Gamifjcation for your Community Antoine THOMAS aka ttoine gamification in sports

Implementing Gamifjcation for your Community Antoine THOMAS aka ttoine gamification in sports community staff stars community members watch play rank identifying stars star beginner discovering stackoverflow lurkers Joel Spolsky

593 views • 20 slides
BIG DATA FOR SMALL DOLLARS. NEIL STEVENSON 11:55, 25 TH JUNE ABOUT ME NEIL STEVENSON

BIG DATA FOR SMALL DOLLARS. NEIL STEVENSON 11:55, 25 TH JUNE ABOUT ME NEIL STEVENSON

BIG DATA FOR SMALL DOLLARS. NEIL STEVENSON 11:55, 25 TH JUNE ABOUT ME NEIL STEVENSON neil@hazelcast.com Solution architect for Hazelcast Started in IT in 1989 Has maintained programs written before he was born Fond of coffee

517 views • 33 slides
KnowledgeStore Scalable Framework for Interlinking Text and Knowledge Marco Rospocher

KnowledgeStore Scalable Framework for Interlinking Text and Knowledge Marco Rospocher

KnowledgeStore Scalable Framework for Interlinking Text and Knowledge Marco Rospocher Fondazione Bruno Kessler (FBK) rospocher@fbk.eu :: @marcorospocher KnowledgeStore A scalable, fault-tolerant, and Semantic Web grounded storage

695 views • 23 slides

More recommend