SLIDE 1
Table of Contents
1
Introduction
2
Cast-as-intended in Helios
3
Challenge and cast
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 1 / 20
How to challenge and cast your e-vote Sandra Guasch, Paz Morillo - - PowerPoint PPT Presentation
How to challenge and cast your e-vote Sandra Guasch, Paz Morillo - - PowerPoint PPT Presentation
How to challenge and cast your e-vote Sandra Guasch, Paz Morillo Financial Cryptography and Data Security 2016 Table of Contents Introduction 1 Cast-as-intended in Helios 2 Challenge and cast 3 Sandra Guasch, Paz Morillo How to challenge
SLIDE 2
SLIDE 3
What is electronic voting?
Election modernization started with the counting process
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 2 / 20
SLIDE 4
What is electronic voting?
Election modernization started with the counting process In electronic voting, votes are cast electronically
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 2 / 20
SLIDE 5
Advantages of electronic voting
Accuracy Speed Provide special interaction mechanisms (e.g. for impaired people) Reduce human errors Reduce logistic and long term costs Availability / Opportunity
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 3 / 20
SLIDE 6
Security requirements
Similar to those in traditional voting Voter eligibility One vote per voter Privacy Tally accuracy Secrecy of intermediate results (fairness) Auditability and traceability Resistance against coercion and vote buying
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 4 / 20
SLIDE 7
Example of mixnet-based protocol
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 5 / 20
SLIDE 8
Verifiability in electronic voting
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 6 / 20
SLIDE 9
Verifiability in electronic voting
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 6 / 20
SLIDE 10
Verifiability in electronic voting
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 6 / 20
SLIDE 11
Table of Contents
1
Introduction
2
Cast-as-intended in Helios
3
Challenge and cast
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 7 / 20
SLIDE 12
Helios system
Introduced by Ben Adida in 2008 Well known in the academic field Used in student elections, IACR elections... Has verifiability properties
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 8 / 20
SLIDE 13
Cast as Intended in Helios (I)
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 9 / 20
SLIDE 14
Cast as Intended in Helios (I)
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 9 / 20
SLIDE 15
Cast as Intended in Helios (I)
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 9 / 20
SLIDE 16
Cast as Intended in Helios (II)
Imagine I want to audit the vote to be cast in Helios...
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 10 / 20
SLIDE 17
Cast as Intended in Helios (III)
The voter can be easily coerced!
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 11 / 20
SLIDE 18
Table of Contents
1
Introduction
2
Cast-as-intended in Helios
3
Challenge and cast
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 12 / 20
SLIDE 19
Our proposal
Process more understandable by the voter Direct audit of the vote to be cast
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 13 / 20
SLIDE 20
Our proposal
Process more understandable by the voter Direct audit of the vote to be cast Approach: Prove to the voter the content of her vote using a zero-knowledge proof of knowledge
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 13 / 20
SLIDE 21
Proofs of knowledge
Based on Σ-protocols Protocol between a prover P and a verifier V: P a − → V: commitment P
e
← − V: challenge P z − → V: answer
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 14 / 20
SLIDE 22
Proofs of knowledge
Based on Σ-protocols Protocol between a prover P and a verifier V: P a − → V: commitment P
e
← − V: challenge P z − → V: answer Properties Completeness: if P is fair, V accepts Knowledge soundness: if V accepts, P knows secrets Honest-verifier zero-knowledge: a conversation (a′, e′, z′) between P and V can be simulated
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 14 / 20
SLIDE 23
Simulation(I)
Voter can simulate a proof with a different value for the coercer
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 15 / 20
SLIDE 24
Simulation(II)
Alert! We want only the voter to be able to simulate proofs
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 16 / 20
SLIDE 25
Simulation(II)
Alert! We want only the voter to be able to simulate proofs Designated Verifier Proofs We give a trapdoor key to the designated verifier The trapdoor key is necessary to simulate proofs Knowledge of the trapdoor key
- =
⇒ distinguishing between good and simulated proofs
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 16 / 20
SLIDE 26
Simulation(II)
Alert! We want only the voter to be able to simulate proofs Designated Verifier Proofs We give a trapdoor key to the designated verifier The trapdoor key is necessary to simulate proofs Knowledge of the trapdoor key
- =
⇒ distinguishing between good and simulated proofs In our protocol, the voter holds the trapdoor key Releasing trapdoor key...
→ means approving the audited vote → allows proof simulation
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 16 / 20
SLIDE 27
Protocol outline
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20
SLIDE 28
Protocol outline
Steps
1
Voter selects a voting
- ption
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20
SLIDE 29
Protocol outline
Steps
1
Voter selects a voting
- ption
2
PC generates encrypted vote and proof of content
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20
SLIDE 30
Protocol outline
Steps
1
Voter selects a voting
- ption
2
PC generates encrypted vote and proof of content
3
Voter verifies vote content and confirms
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20
SLIDE 31
Protocol outline
Steps
1
Voter selects a voting
- ption
2
PC generates encrypted vote and proof of content
3
Voter verifies vote content and confirms
4
PC generates fake proof, sends confirmed vote
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20
SLIDE 32
Protocol outline
Steps
1
Voter selects a voting
- ption
2
PC generates encrypted vote and proof of content
3
Voter verifies vote content and confirms
4
PC generates fake proof, sends confirmed vote
5
Voter gives info to the coercer
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20
SLIDE 33
Protocol outline
Steps
1
Voter selects a voting
- ption
2
PC generates encrypted vote and proof of content
3
Voter verifies vote content and confirms
4
PC generates fake proof, sends confirmed vote
5
Voter gives info to the coercer
6
They verify the vote is correctly stored
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20
SLIDE 34
Protocol properties
Security:
Private ← Adversary does not get the election private key
- r the encryption randomness.
Cast-as-intended verifiable ← Adversary does not get the confirmation / trapdoor private key. Coercion-resistant ← Voter has a device to generate fake proofs and access to the trapdoor key.
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 18 / 20
SLIDE 35
Protocol properties
Security:
Private ← Adversary does not get the election private key
- r the encryption randomness.
Cast-as-intended verifiable ← Adversary does not get the confirmation / trapdoor private key. Coercion-resistant ← Voter has a device to generate fake proofs and access to the trapdoor key.
Efficiency:
Encrypt: 3 exp. Prove: 4 exp. Verify: 6 exp. Simulate: 6 exp.
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 18 / 20
SLIDE 36
Protocol extensions
Distributed computation Election authorities → election private key, tally results Registrars → voter’s private keys for proof simulation and vote confirmation
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 19 / 20
SLIDE 37
Protocol extensions
Distributed computation Election authorities → election private key, tally results Registrars → voter’s private keys for proof simulation and vote confirmation Multiple voting
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 19 / 20
SLIDE 38
Protocol extensions
Distributed computation Election authorities → election private key, tally results Registrars → voter’s private keys for proof simulation and vote confirmation Multiple voting Voter uses several private keys
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 19 / 20
SLIDE 39
Protocol extensions
Distributed computation Election authorities → election private key, tally results Registrars → voter’s private keys for proof simulation and vote confirmation Multiple voting Voter uses several private keys Hardware devices
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 19 / 20
SLIDE 40
Protocol extensions
Distributed computation Election authorities → election private key, tally results Registrars → voter’s private keys for proof simulation and vote confirmation Multiple voting Voter uses several private keys Hardware devices Delegation of proof simulation to the server
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 19 / 20
SLIDE 41
Questions?
Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 20 / 20