efficient receipt free ballot casting resistant to covert
play

Efficient Receipt-Free Ballot Casting Resistant to Covert Channels - PowerPoint PPT Presentation

Feb 07, 2023 •306 likes •637 views

Efficient Receipt-Free Ballot Casting Resistant to Covert Channels Ben Adida C. Andrew Neff EVT / WOTE August 11th, 2009 Montreal, Canada Andy uses a voting machine to prepare a ballot. Andy wants to verify that the machine properly

  1. Efficient Receipt-Free Ballot Casting Resistant to Covert Channels Ben Adida C. Andrew Neff EVT / WOTE August 11th, 2009 Montreal, Canada

  2. Andy uses a voting machine to prepare a ballot. Andy wants to verify that the machine properly encrypted the ballot. 2

  3. Neff’s MarkPledge and Moran-Naor. Two Problems. 1) 2 ciphertexts per challenge bit (40-50) 2) machine can use ballot to leak plaintext. 3

  4. MarkPledge2 efficient ballot encoding: 2 ciphertexts for any challenge length covert-channel resistance: no leakage via the ballot. voting machine is significantly simplified. ➡ simpler voting machine = less chance of errors. 4

  5. Voter Experience 5

  6. Voter Experience Voter Check-in Andy _________ Ben _________ 5

  7. Voter Experience Voter Check-in VHTI Andy _________ Ben _________ 5

  8. Voter Experience Voter Check-in VHTI Andy _________ Ben _________ Hillary Barack John Bill 5

  9. Voter Experience Voter Check-in VHTI Andy _________ Ben _________ Hillary Barack John Bill 5

  10. Voter Experience Voter Check-in VHTI Andy _________ Ben _________ Hillary Barack Barack 8DX5 John Bill 5

  11. Voter Experience Voter Check-in VHTI Andy _________ Ben _________ Hillary Barack Challenge? Barack 8DX5 John Bill 5

  12. Voter Experience Voter Check-in VHTI Andy _________ Ben _________ Hillary Barack Challenge? Barack VHTI 8DX5 John Bill 5

  13. Voter Experience Voter Receipt Check-in Hillary MCN3 VHTI Andy _________ 8DX5 Barack Ben _________ I341 John LQ21 Bill Challenge VHTI Hillary Barack Challenge? Barack VHTI 8DX5 John Bill 5

  14. Voter Experience Voter Receipt Check-in Hillary MCN3 VHTI Andy _________ 8DX5 Barack Ben _________ I341 John LQ21 Bill Challenge VHTI Hillary Barack Challenge? Barack VHTI 8DX5 John Bill 5

  15. Voter Experience Voter Receipt Check-in Hillary MCN3 VHTI Andy _________ 8DX5 Barack Ben _________ I341 John LQ21 Bill Challenge VHTI Hillary Barack Challenge? Barack VHTI 8DX5 John Bill 5

  16. Special Bit Encryption Hillary 0 Encrypt a 0 or 1 Barack 1 for each candidate John 0 Special proof protocol Bill 0 ➡ for bit b=1 ➡ meaningful short strings as part of the commitment ➡ short challenge strings for real and simulated proofs 6

  17. Special Bit Encryption Hillary 0 Encrypt a 0 or 1 Barack 1 for each candidate John 0 Special proof protocol Bill 0 ➡ for bit b=1 ➡ meaningful short strings <ciphertexts>, "8DX5" as part of the commitment ➡ short challenge strings for real and simulated proofs 6

  18. Special Bit Encryption Hillary 0 Encrypt a 0 or 1 Barack 1 for each candidate John 0 Special proof protocol Bill 0 ➡ for bit b=1 ➡ meaningful short strings <ciphertexts>, "8DX5" as part of the commitment ➡ short challenge strings "VHTI" for real and simulated proofs 6

  19. Special Bit Encryption Hillary 0 Encrypt a 0 or 1 Barack 1 for each candidate John 0 Special proof protocol Bill 0 ➡ for bit b=1 ➡ meaningful short strings <ciphertexts>, "8DX5" as part of the commitment ➡ short challenge strings "VHTI" for real and simulated proofs reveal enc factors 6

  20. Voter Experience (II) Hillary 0 Barack 1 John 0 Bill 0 7

  21. Voter Experience (II) <ciphertexts>, ���������� Hillary 0 <ciphertexts>, "8DX5" Barack 1 <ciphertexts>, ���������� John 0 <ciphertexts>, ���������� Bill 0 7

  22. Voter Experience (II) <ciphertexts>, ���������� Hillary "VHTI" 0 <ciphertexts>, "8DX5" Barack "VHTI" 1 <ciphertexts>, ���������� John 0 "VHTI" <ciphertexts>, ���������� Bill "VHTI" 0 7

  23. Voter Experience (II) <ciphertexts>, "MCN3" Hillary "VHTI" 0 <ciphertexts>, "8DX5" Barack "VHTI" 1 <ciphertexts>, "I341" John 0 "VHTI" <ciphertexts>, "LQ21" Bill "VHTI" 0 7

  24. Voter Experience (II) <ciphertexts>, "MCN3" Hillary "VHTI" 0 reveal enc factors <ciphertexts>, "8DX5" Barack "VHTI" 1 reveal enc factors <ciphertexts>, "I341" John 0 "VHTI" reveal enc factors <ciphertexts>, "LQ21" Bill "VHTI" 0 reveal enc factors 7

  25. Voter Experience (II) <ciphertexts>, "MCN3" MCN3 Hillary "VHTI" 0 reveal enc factors <ciphertexts>, "8DX5" 8DX5 Barack "VHTI" 1 reveal enc factors <ciphertexts>, "I341" John I341 0 "VHTI" reveal enc factors <ciphertexts>, "LQ21" Bill "VHTI" 0 LQ21 reveal enc factors 7

  26. MarkPledge & Moran-Naor ... BitEnc(1) 0 0 1 1 0 0 ... Pledge 0 1 0 ... Challenge 1 1 0 ... Reveal 0 0 1 1 0 0 unique ... 1 0 0 1 0 1 BitEnc(0) that fits the challenge 8

  27. Markpledge 2 different bit encryption q , with α 2 + β 2 = 1 ( α , β ) ∈ Z 2 ➡ isomorphic to SO (2 , q ) ➡ operation is rotation (matrix mult.) Designate 1-, 0-, and T-vectors ➡ any pair of a 1-vector and 0-vector bisected by a test vector ➡ dot-product with test vector. 9

  28. Same pattern emerges MarkPledge MarkPledge2 ... BitEnc(1) x i y i 0 0 1 1 0 0 ... Pledge 0 1 0 i ... x C ,y C Challenge 1 1 0 ... x C x i + y C y i Reveal 0 0 1 1 0 0 m0,i chal unique xi,yi ... 1 0 0 1 0 1 BitEnc(0) that fits the challenge 10

  29. Covert Channel Raised by Karloff, Sastry & Wagner If the voting machine chooses the random factor, it can embed info Can we make the voting machine fully deterministic given a voter ID and a selection in a given race? 11

  30. Covert Channel Ballot #42 1 0 0 0 0 2, r' 1 Ballot #42 Trustee #1 0 0 1 0 0 7 = 2 mod 5 1, r' 2 r' 1 + r' 2 + r' 3 Trustee #2 0 0 0 1 0 Voting Machine 4, r' 3 Trustee #3 0 0 1 0 0 Bulletin Board Ballot #42 0 0 1 0 0 Pre-generate ciphertexts with trustees Rotate them on voter selection 12

  31. Why is this receipt-free? What can the coercer ask the voter to do that affects the ballot / receipt? Only the challenge, which is selected before the voter enters the booth. All proofs will look the same, whether real or simulated. 13

  32. Questions? 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of

Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of

Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of Computer Science and Engineering The University of New South Wales Sydney, Australia {rolandw,richardb}@cse.unsw.edu.au VOTE-ID 2009 1 / 35

509 views • 35 slides
Casting Simulation Technology Julian Gnz Application Specialist Casting, CD-adapco Casting

Casting Simulation Technology Julian Gnz Application Specialist Casting, CD-adapco Casting

Casting Simulation Technology Julian Gnz Application Specialist Casting, CD-adapco Casting materials Market Overview [Mio tons] Grey Iron 13,6 38,16 9 Ductile Iron Steel 19,4 Non Ferrous alloys From Modern Casting 2010 world

377 views • 15 slides
Casting Simulations with STAR-Cast Julian Gnz, CD-adapco Need for Casting Simulation

Casting Simulations with STAR-Cast Julian Gnz, CD-adapco Need for Casting Simulation

Casting Simulations with STAR-Cast Julian Gnz, CD-adapco Need for Casting Simulation Processes Market Overview [Mio tons] Permanent Mold Tilt Casting 13,6 38,16 Grey Iron 9 Low Pressure-Casting Ductile Iron High

301 views • 27 slides
SLIP-CASTING a ceramic forming technique WHAT IS SLIP-CASTING?

SLIP-CASTING a ceramic forming technique WHAT IS SLIP-CASTING?

SLIP-CASTING a ceramic forming technique WHAT IS SLIP-CASTING? http://www.sightunseen.com/2012/06/josh-bitellis-forfars-bakery-and-roadworkers-projects/ http://www.joshbitelli.co.uk/ Slip-casting is a technique for small-scale production runs,

382 views • 12 slides
Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre (1) and Thomas Plantard (2) (1) DALI (UPVD) and LIRMM (Univ. of Montpellier, CNRS), Perpignan, France (2) CCISR, SCIT, University of Wollongong,

708 views • 43 slides
CSE 333 Section 6 HW3 Overview, Casting 1 Section Plan Casting HW 3 Overview 3

CSE 333 Section 6 HW3 Overview, Casting 1 Section Plan Casting HW 3 Overview 3

CSE 333 Section 6 HW3 Overview, Casting 1 Section Plan Casting HW 3 Overview 3 Casting! 4 Casting in C++ Four different casts that are more explicit: 1. static_cast&lt;to_type&gt;(expression) 2.

919 views • 33 slides
ThreeBallot, VAV, and Twin Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV Talk at EVT07

ThreeBallot, VAV, and Twin Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV Talk at EVT07

Ballot + G - B Ballot Box Mixer + B Receipt ThreeBallot, VAV, and Twin Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV Talk at EVT07 (Boston) August 6, 2007 Outline End-to-end voting systems ThreeBallot VAV

827 views • 38 slides
Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo, Amira Barki, Solenn Brunet and Jacques Traor 1st Workshop on Advances in Secure Electronic Voting Schemes VOTING16 February 26th, 2016

532 views • 23 slides
Macro Scale Casting Simulation with STAR-Cast J.Gnz CD-adapco Casting Systems Product

Macro Scale Casting Simulation with STAR-Cast J.Gnz CD-adapco Casting Systems Product

Macro Scale Casting Simulation with STAR-Cast J.Gnz CD-adapco Casting Systems Product requirements increase: Less weight Higher efficiency Time to market decreases Casting processes must be adopted Simulation to

318 views • 21 slides
May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem Deterministic Noninterference Nondeducibility Generalized Noninterference Restrictiveness May 26, 2017 ECS 235B Spring Quarter 2017 Slide #1

370 views • 33 slides
Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
MA111: Contemporary mathematics . Jack Schmidt University of Kentucky August 27, 2012 Entrance

MA111: Contemporary mathematics . Jack Schmidt University of Kentucky August 27, 2012 Entrance

. MA111: Contemporary mathematics . Jack Schmidt University of Kentucky August 27, 2012 Entrance Slip (due 5 min past the hour): Convert the following linear ballots into a preference schedule: Ballot Ballot Ballot Ballot Ballot Ballot

356 views • 17 slides
EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC Benot Cogliati 1 Yannick

EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC Benot Cogliati 1 Yannick

Wegman-Carter MACs The EWCDM Construction Security Result and Proof Sketch Conclusion EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC Benot Cogliati 1 Yannick Seurin 2 1 University of Versailles, France 2 ANSSI, France

980 views • 70 slides
Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert 1 Alon Rosen 2 1 MIT CSAIL 2 Harvard DEAS Theory of Cryptography Conference 5 March 2006 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient

897 views • 61 slides
Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture Damage 1 Balanced Mix Design: ETG Definition Asphalt mix design using performance tests on appropriately conditioned specimens that address

480 views • 46 slides
Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks Aron Laszka 1 , 2 Benjamin Johnson 3 Jens Grossklags 1 1 Pennsylvania State University 2 Budapest University of Technology and Economics 3 University

867 views • 43 slides
The Social Responsibility of Firms: The Case of Effective Altruism Andrs Mikls Simon Business

The Social Responsibility of Firms: The Case of Effective Altruism Andrs Mikls Simon Business

The Social Responsibility of Firms: The Case of Effective Altruism Andrs Mikls Simon Business School University of Rochester Sustainability in business A mix of political, social, environmental, and economic goals How should these be

423 views • 11 slides
David Gee Headmaster Wesley College ETHICAL LEADERSHIP What is ethics? What is leadership?

David Gee Headmaster Wesley College ETHICAL LEADERSHIP What is ethics? What is leadership?

David Gee Headmaster Wesley College ETHICAL LEADERSHIP What is ethics? What is leadership? Why ethical leadership? SYSTEMS THINKING IN AN ETHICAL CONTEXT Intuitive (emotional) Deliberate Cognitive FOUR STEPS OF DEVELOPMENT IN

770 views • 9 slides
Understanding underdevelopment today: new perspectives on NSI Rodrigo Arocena and Judith Sutz

Understanding underdevelopment today: new perspectives on NSI Rodrigo Arocena and Judith Sutz

Understanding underdevelopment today: new perspectives on NSI Rodrigo Arocena and Judith Sutz Universidad de la Repblica, Uruguay Purpose: to discuss the scope of the NSI approach for development strategies Main point of departure:

459 views • 10 slides
G O V E R N M E N T I N S T I T U T I O N S I I MPA 612: Economy, Society, and Public Policy

G O V E R N M E N T I N S T I T U T I O N S I I MPA 612: Economy, Society, and Public Policy

G O V E R N M E N T I N S T I T U T I O N S I I MPA 612: Economy, Society, and Public Policy March 27, 2019 Fill out your reading report on Learning Suite P L A N F O R T O D A Y Governments in the economy Democracy Limits of governments

558 views • 29 slides
Short covering codes in Hamming spaces Anderson N. Martinh ao Centro de Ci encias Exatas

Short covering codes in Hamming spaces Anderson N. Martinh ao Centro de Ci encias Exatas

Short covering codes in Hamming spaces Anderson N. Martinh ao Centro de Ci encias Exatas Universidade Estadual de Maring a Programa de P os-Graduac ao em Matem atica Joint work with Dr. Emerson L. Monte Carmelo January

194 views • 6 slides
Short cycle covers of graphs with minimum degree three Tom Kaiser, Daniel Krl, Bernard

Short cycle covers of graphs with minimum degree three Tom Kaiser, Daniel Krl, Bernard

Short cycle covers of graphs with minimum degree three Tom Kaiser, Daniel Krl, Bernard Lidick and Pavel Nejedl Department of Applied Math Charles University Cycles and Colourings 2008 - Tatransk trba Short cycle covers of

645 views • 32 slides
Graphs with no short cycle covers Edita M a cajov a Comenius University, Bratislava

Graphs with no short cycle covers Edita M a cajov a Comenius University, Bratislava

Graphs with no short cycle covers Edita M a cajov a Comenius University, Bratislava Ghent, August 2019 joint work with Martin Skoviera Edita M a cajov a (Bratislava) Lower bound od SCC August 2019 1 / 23 Cycle cover

1.06k views • 75 slides
Once for All: Train One Network and Specialize it for Efficient Deployment Han Cai, Chuang Gan,

Once for All: Train One Network and Specialize it for Efficient Deployment Han Cai, Chuang Gan,

Once for All: Train One Network and Specialize it for Efficient Deployment Han Cai, Chuang Gan, Tianzhe Wang, Zhekai Zhang, Song Han Massachusetts Institute of Technology Once-for-All, ICLR20 Challenge: Efficient Inference on Diverse

266 views • 26 slides

More recommend