On E-Vote Integrity in the Case of Malicious Voter Computers Sven - - PowerPoint PPT Presentation

on e vote integrity in the case of malicious voter
SMART_READER_LITE
LIVE PREVIEW

On E-Vote Integrity in the Case of Malicious Voter Computers Sven - - PowerPoint PPT Presentation

Oct 06, 2023 275 likes •466 views

Motivation Rage against the Machine Our Solution On E-Vote Integrity in the Case of Malicious Voter Computers Sven Heiberg Helger Lipmaa Filip Van Laenen Cybernetica AS, Estonia Computas AS, Norway September 21, 2010 Heiberg, Lipmaa, Van

slide-1
SLIDE 1

Motivation Rage against the Machine Our Solution

On E-Vote Integrity in the Case

  • f Malicious Voter Computers

Sven Heiberg Helger Lipmaa Filip Van Laenen

Cybernetica AS, Estonia Computas AS, Norway

September 21, 2010

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-2
SLIDE 2

Motivation Rage against the Machine Our Solution

Outline I

1

Motivation

2

Rage against the Machine

3

Our Solution

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-3
SLIDE 3

Motivation Rage against the Machine Our Solution

Motivation

Internet voting:

Everbody uses their own PCs to participate in state/local/. . . elections

Accessibility++ Cost++ Security?

Voting servers can be protected by

  • rganizational means and standard

cryptography Voter PCs become the new security bottleneck

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-4
SLIDE 4

Motivation Rage against the Machine Our Solution

On E-Voting Security

Objectives:

Correctness/integrity/robustness:

every vote counts (once and correctly)

Privacy:

Not known how anyone votes

Adversaries:

Voting servers Internet This presentation: voter’s PC

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-5
SLIDE 5

Motivation Rage against the Machine Our Solution

Practical Motivation

We competed in a tender to organize nationwide Internet voting in Norway The client wanted to achieve security against malicious voter PCs

under reasonable usability assumptions

We showed that it is possible

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-6
SLIDE 6

Motivation Rage against the Machine Our Solution

Privacy against Malicious Voter PC

Original goal of our client Difficult to achieve without hurting usability For example, code voting:

To vote, voter enters long random code, and to verify correctness, verifies another code For real Internet voting, too cumbersome, and too reliant on everyone getting the codes Usability is important!

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-7
SLIDE 7

Motivation Rage against the Machine Our Solution

Integrity with Malicious PC

Voters will be alerted on whether what they voted for reached the voting servers even in the presence of a malicious voter PC Without changing user experience much Trust model: threshold model is bad (independency of servers?) Goal #4: Efficiency? (Further adventures of the e-vote can be secured by using standard cryptographic means)

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-8
SLIDE 8

Motivation Rage against the Machine Our Solution

Integrity with Malicious PC

We need two extra channels to the voter

Both must be independent of PC and trusted Independence is really needed since one can revote several times — PC could memorize check codes corresponding to earlier votes Possible coercion/family voting is the main reason implementation of e-voting has been delayed in several countries

Channels are easy to implement

At least in Norway

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-9
SLIDE 9

Motivation Rage against the Machine Our Solution

E-voting Process

PC

Prechannel

Messenger Tallier Vote Collector

Postchannel

Registration Voter

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-10
SLIDE 10

Motivation Rage against the Machine Our Solution

E-voting Process — Reality

Voter Registration

Postchannel

Vote Collector Tallier Messenger

Prechannel

PC

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-11
SLIDE 11

Motivation Rage against the Machine Our Solution

Basic Idea

ZK proof of correctness

Voter Registration

Postchannel

Vote Collector Tallier Messenger

Prechannel

PC

5 “You voted at xx:xx:xx for Codev [c]” All signed by PC 3 EncM (c), EncT (c) 6 All values EncT (c) 1 Candidate list with integrity check codes Codev [c] 4 EncM (Codev [c]) 2 Candidate c

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-12
SLIDE 12

Motivation Rage against the Machine Our Solution

Assumptions behind Our Solution

Statewise PKI for signing/verification keys

check, going to be implemented in parallel . . . although latest news are not so positive anymore . . .

Minimal PKI to distribute the public encryption keys of voting servers

check, easy to implement if you have signing/verification keys

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-13
SLIDE 13

Motivation Rage against the Machine Our Solution

Assumptions behind Our Solution

Prechannel to distribute check codes to voters (mostly) check, all Norwegians get a voter registration notification on paper anyways Extra server (messenger) to notify noters of the success of their actions— check, one extra computer is cheap Postchannel between messenger and voters— (mostly) check, can use SMS etc Efficient, easily understandable cryptography— ???

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-14
SLIDE 14

Motivation Rage against the Machine Our Solution

Cryptographic Protocol: In A Nutshell

PC sends EncM(c) to vote collector, vote collector applies proxy oblivious transfer to

  • btain EncM(Codev[c])

Fairly simple, but costly to implement — VC has to do 2 · ♯candidates exponentiations

PC proves correctness of its actions

ZK proof that EncM(c) and EncT(c) “encrypt” to the same valid candidate c ZK proof looks complex but is in fact much more efficient than POT

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-15
SLIDE 15

Motivation Rage against the Machine Our Solution

Proxy Oblivious Transfer: Definition

Chooser has an index x ∈ {0, . . . , n − 1}, sender has a database f = (f0, . . . , fn−1) Functionality: Proxy obtains fx Privacy: chooser gets no new information, sender obtains nothing about x, proxy only

  • btains fx (and no x)!

In our case, f is the list of codes, x is the concrete candidate, proxy obtains fx = Codev[c]

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-16
SLIDE 16

Motivation Rage against the Machine Our Solution

Current Status

We have a mock-up implementation

Sandbox (unoptimized) implementation ready One vote collector processes ≈ 3000 votes per hour at 80 candidates

In recent Estonian elections, there were ≈ 4500 e-votes in the peak hour (usually much less)

Considered step: implementation by using a Hardware Security Module — 10+ times speedup

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-17
SLIDE 17

Motivation Rage against the Machine Our Solution

Current Status

Norwegian government’s representative at NordSec 2009 in Oslo was using slides inspired by our solution

Prechannel, postchannel, . . . The setting is going to be used

The final Norwegian protocol is faster but not as secure

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers

slide-18
SLIDE 18

Motivation Rage against the Machine Our Solution

Questions?

Full version at http://eprint.iacr.org/2010/195 Further work: we do have more efficient yet secure solutions (not published yet)

> 50 000 votes per hour

Heiberg, Lipmaa, Van Laenen E-Vote Integrity with Malicious Voter Computers