Cryptographic Voting David Bernhard University of Bristol David - - PowerPoint PPT Presentation

cryptographic voting
SMART_READER_LITE
LIVE PREVIEW

Cryptographic Voting David Bernhard University of Bristol David - - PowerPoint PPT Presentation

Nov 09, 2023 364 likes •873 views

Cryptographic Voting David Bernhard University of Bristol David Bernhard 1 / 49 Voting David Bernhard 2 / 49 Voting Verifiability Privacy David Bernhard 3 / 49 Dimensions T ype: preference, instant run-off, approval, range, ...

slide-1
SLIDE 1

David Bernhard 1 / 49

Cryptographic Voting

David Bernhard University of Bristol

slide-2
SLIDE 2

Voting David Bernhard 2 / 49

slide-3
SLIDE 3

Voting David Bernhard Verifiability Privacy 3 / 49

slide-4
SLIDE 4

Dimensions David Bernhard T ype: preference, instant run-off, approval, range, ... System: paper, machine, online, ... Properties: privacy, verifiability, ... 4 / 49

slide-5
SLIDE 5

David Bernhard T ype: preference, instant run-off, approval, range, ... System: paper, machine, online, ... Properties: privacy, verifiability, ... Cryptographic Voting ≠ "online voting" Dimensions 5 / 49

slide-6
SLIDE 6

Scantegrity David Bernhard 6 / 49

slide-7
SLIDE 7

David Bernhard T ype: preference, instant run-off, approval, range, ... System: paper, machine, online, ... Properties: privacy, verifiability, ... Dimensions 7 / 49

slide-8
SLIDE 8

Election Properties (I) David Bernhard Only eligible voters should be able to vote, and only once each, and only for permitted choices. The vote cast by each voter should be the one she intended to cast. The announced result should correspond to the votes actually cast. 8 / 49

slide-9
SLIDE 9

Bulletin Boards David Bernhard John Hancock YES John Adams YES Benjamin Franklin YES John Penn YES Thomas Jefferson YES 9 / 49

slide-10
SLIDE 10

Bulletin Boards David Bernhard Bulletin Board: contains public data posted by voters. 10 / 49

slide-11
SLIDE 11

Verifiability David Bernhard Verifiability: I can observe that an election was tallied correctly. Systems: Bulletin board, show of hands. 11 / 49

slide-12
SLIDE 12

Election Properties (II) David Bernhard I do not want anyone to know how I voted. I do want to know how my representatives voted. 12 / 49

slide-13
SLIDE 13

Election Properties (II) David Bernhard I do not want anyone to know how I voted. I do want to know how my representatives voted. Voters should not be bribed or intimidated into voting a certain way. 13 / 49

slide-14
SLIDE 14

Privacy David Bernhard Privacy (secret ballot): no-one can tell how I voted. Coercion-resistance: I cannot prove to someone how I voted. Systems: voting booth, ballot box, ... 14 / 49

slide-15
SLIDE 15

Privacy David Bernhard Privacy Coercion resistance Verifiability Secret ballot Bulletin board, public ballot 15 / 49

slide-16
SLIDE 16

Trust David Bernhard Secret ballot: trust election officials? Trust voting machines? 16 / 49

slide-17
SLIDE 17

David Bernhard Ok ... so what is cryptographic voting, then? 17 / 49

slide-18
SLIDE 18

Cryptographic Voting Privacy + Verifiability David Bernhard 18 / 49

slide-19
SLIDE 19

Cryptographic Voting David Bernhard Publicly verifiable secret- ballot elections. Easier to verify and trust than current "voting machines". 19 / 49

slide-20
SLIDE 20

David Bernhard 20 / 49 Helios

  • IACR board
  • President of UC Louvain
  • Princeton University

Student Government

slide-21
SLIDE 21

Cryptographic Voting David Bernhard Step 1: Bring back the bulletin board. 21 / 49

slide-22
SLIDE 22

David Bernhard 22 / 49 Voting Step 2: Place encrypted votes on the board.

slide-23
SLIDE 23

David Bernhard 23 / 49 Voting Preparation Casting

slide-24
SLIDE 24

David Bernhard 24 / 49 Auditing Ballots cast

  • pen
slide-25
SLIDE 25

David Bernhard 25 / 49 Voting Voters can keep a copy of their ballot and check that it appears on the final board.

slide-26
SLIDE 26

T allying David Bernhard Step 3: T ally the election. 26 / 49

slide-27
SLIDE 27

T allying David Bernhard 27 / 49 hard easy

slide-28
SLIDE 28

Verifiable Computation David Bernhard 28 / 49 public secret result proof

slide-29
SLIDE 29

Privacy David Bernhard All but one administrator compromised: Still cannot decrypt individual ballots. 29 / 49

slide-30
SLIDE 30

Verifiability David Bernhard Even if all administrators are compromised: Still cannot claim an incorrect result. 30 / 49

slide-31
SLIDE 31

T allying David Bernhard 31 / 49 Administrators facilitate rather than carry out tallying. T allying is verifiable. Trust assumptions are very different to "vote counters" in pen-on-paper elections.

slide-32
SLIDE 32

David Bernhard Is it secure? 32 / 49

slide-33
SLIDE 33

My Work David Bernhard Security model: abstraction of real world that can be analysed mathematically. Security proof/argument: shows that an abstraction of a voting system meets an abstract model. 33 / 49

slide-34
SLIDE 34

Proofs? David Bernhard (My personal opinion) A security argument is like a safety certificate: it shows that a cryptographic system conforms to certain standards or "best practice". This does not prove that a system cannot fail. It gives assurance that risks of some types of failure have been mitigated. 34 / 49

slide-35
SLIDE 35

Helios David Bernhard Used in practice but no security argument – I tried to provide one. Cortier/Smyth: possible privacy compromise under certain circumstances. Some details of Helios were interfering with my attempt at a security argument ... 35 / 49

slide-36
SLIDE 36

Bad Ballots

I can create "bad" ballots that erase a tally in an election. Don't try this at home – I can detect such ballots, too.

David Bernhard 36 / 49

slide-37
SLIDE 37

Bad Ballots Sample election with votes: Yes 2 No 0 Maybe 1 Bad ballot cast for "yes". David Bernhard 37 / 49

slide-38
SLIDE 38

Bad Ballots Sample election with votes: Yes 2 No 0 Maybe 1 Bad ballot cast for "yes". David Bernhard 38 / 49

slide-39
SLIDE 39

Bad Ballots Sample election with votes: Yes 2 No 0 Maybe 1 Bad ballot cast for "yes". None = "null" = Something has gone very, very wrong David Bernhard 39 / 49

slide-40
SLIDE 40

Verifiability If all administrators are compromised: The election result can be tampered with. This attack is undetectable. David Bernhard 40 / 49

slide-41
SLIDE 41

Consequences Helios is easy to fix (the next version will be patched based on our work). Paper at Asiacrypt 2012. Cryptographic theory is relevant for practice. David Bernhard 41 / 49

slide-42
SLIDE 42

David Bernhard So why aren't we using crypto-voting yet? 42 / 49

slide-43
SLIDE 43

Quick Recap David Bernhard I am trying to sell you an idea, not a product. Cryptographic voting can offer both privacy and verifiability. Verifiability makes a system easier to trust. 43 / 49

slide-44
SLIDE 44

Coercion? David Bernhard Election fraud, coercion and bribery are real problems – and need to be addressed in any "practical" system. Helios is designed for low-coercion environments only. Vote privacy is mostly just a step towards coercion- resistance. 44 / 49

slide-45
SLIDE 45

Challenges David Bernhard What is the single, most important property a voting system should possess? 45 / 49

slide-46
SLIDE 46

Challenges David Bernhard What is the single, most important property a voting system should possess? Simplicity. 46 / 49

slide-47
SLIDE 47

Challenges David Bernhard 47 / 49 Usability Trust Understanding

slide-48
SLIDE 48

The Future David Bernhard Where do we go from here? Prediction: The next steps from here to a widely deployed system will probably have very little to do with cryptography . 48 / 49

slide-49
SLIDE 49

David Bernhard

Thank you

This presentation uses images published under the creative commons/attribution licence. 49 / 49