swiss e voting workshop september 6 2010 transparency
play

Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 - PowerPoint PPT Presentation

Jun 06, 2023 •265 likes •722 views

Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3 VERIFIABILITY PRIVACY Remote 4 KEY PRINCIPLE:

  1. Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010

  2. TRANSPARENCY SECURITY 2

  3. VERIFIABILITY PRIVACY 3

  4. VERIFIABILITY PRIVACY Remote 4

  5. KEY PRINCIPLE: Mutual Distrust 5

  6. VERIFIABILITY Universal verifiability Voter verifiability UV: [Sako and Killian 1994, 1995] VV: [Kremer, Ryan & Smyth 2010] 6

  7. PRIVACY Coercion resistance better than receipt freeness or simple anonymity RF: [Benaloh 1994] CR: [Juels, Catalano & Jakobsson 2005] 7

  8. ROBUSTNESS Tally availability 8

  9. Civitas Security Properties Original system: Ongoing projects: • Universal verifiability • Voter verifiability • Coercion resistance • Tally availability 9

  10. JCJ Voting Scheme [Juels, Catalano & Jakobsson 2005] Proved universal verifiability and coercion resistance Civitas extends JCJ 10

  11. Civitas Architecture registration registration teller registration teller tabulation teller teller ballot box bulletin tabulation teller ballot box ballot box board voter client tabulation teller 11

  12. Registration registration registration teller registration teller teller voter client Voter retrieves credential share from each registration teller; combines to form credential 12

  13. Credentials • Verifiable • Unsalable • Unforgeable • Anonymous 13

  14. Voting ballot box ballot box ballot box voter client Voter submits copy of encrypted choice and credential to each ballot box 14

  15. Resisting Coercion: Fake Credentials 15

  16. Resisting Coercion If the coercer demands that  en the voter… the voter… Submits a particular vote Does so with a fake credential. Sells or surrenders a credential Supplies a fake credential. Abstains Supplies a fake credential to the adversary and votes with a real one. 16

  17. Tabulation tabulation teller ballot box bulletin tabulation teller ballot box ballot box board tabulation teller Tellers retrieve votes from ballot boxes 17

  18. Tabulation tabulation teller bulletin tabulation teller board tabulation teller Tabulation tellers anonymize votes; eliminate unauthorized (and fake) credentials; decrypt remaining choices. 18

  19. Civitas Architecture registration registration teller registration teller tabulation teller teller ballot box bulletin tabulation teller ballot box ballot box board voter client tabulation teller Universal verifiability: Coercion resistance: Tellers post zero-knowledge proofs Voters can undetectably fake during tabulation credentials 19

  20. Protocols – El Gamal; distributed [Brandt]; non-malleable [Schnorr and Jakobsson] – Proof of knowledge of discrete log [Schnorr] – Proof of equality of discrete logarithms [Chaum & Pederson] – Authentication and key establishment [Needham-Schroeder-Lowe] – Designated-verifier reencryption proof [Hirt & Sako] – 1-out-of-L reencryption proof [Hirt & Sako] – Signature of knowledge of discrete logarithms [Camenisch & Stadler] – Reencryption mix network with randomized partial checking [Jakobsson, Juels & Rivest] – Plaintext equivalence test [Jakobsson & Juels] 20

  21. Civitas Implementation Component LoC Tabulation teller 5,700 Registration teller 1,300 Bulletin board, ballot box 900 Voter client 800 Other (incl. common code) 4,700 Low-level crypto and I/O 8,000 (Java and C) Total LoC 21,400 21

  22. Trust Assumptions 22

  23. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. 4. At least one of each type of authority is honest. 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 23

  24. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. Universal verifiability Coercion resistance 3. Voters trust their voting client. 4. At least one of each type of authority is honest. Coercion resistance 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 24

  25. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 25

  26. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 26

  27. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 27

  28. Registration In person. In advance. Con: System not fully remote Pro: Credential can be used in many elections 28

  29. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 29

  30. Eliminating Trust in Voter Client UV: Use challenges , like in Helios CR: Open problem 30

  31. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 31

  32. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 32

  33. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 33

  34. Untappable Channel Minimal known assumption for receipt freeness and coercion resistance Eliminate? Open problem. (Eliminate trusted registration teller? Also open.) 34

  35. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 35

  36. Trusted procedures? 36

  37. Time to Tally 37

  38. Tabulation Time vs. Precinct Size # voters in precinct = K, # tab. tellers = 4, security strength ≥ 112 bits [NIST 2011–2030] 38

  39. Summary Can achieve strong security and transparency: – Remote voting – Universal verifiability – Coercion resistance Security is not free: – Stronger registration (untappable channel) – Cryptography (computationally expensive) 39

  40. Assurance Security proofs (JCJ) Secure implementation (Jif) 40

  41. Ranked Voting Methods 41

  42. Open Research Problems • Coercion-resistant voter client? • Eliminate untappable channel in registration? • Credential management? • Application-level denial of service? 42

  43. http://www.cs.cornell.edu/projects/civitas (google “civitas voting”)

  44. Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi Puiggali VP Research & Development Jordi.Puiggali@scytl.com Index Auditability in e-voting Types of verifiability Verifiability methods

719 views • 27 slides
Bringing open audit elections into practice: Real world uses of Helios Olivier Pereira

Bringing open audit elections into practice: Real world uses of Helios Olivier Pereira

Bringing open audit elections into practice: Real world uses of Helios Olivier Pereira Universit e catholique de Louvain Joint work with Ben Adida Harvard and Olivier de Marneffe UCL Swiss E-Voting Workshop September, 2010

599 views • 32 slides
Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3

Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3

Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3 #4 #5 Security Goals for an Election Integrity: No election fraud Transparency: Everyone especially the loser must be able to verify

576 views • 53 slides
The Swiss Contribution to the reduction of disparities within the enlarged EU Bulgarian Swiss

The Swiss Contribution to the reduction of disparities within the enlarged EU Bulgarian Swiss

State Secretariat of Economic Affairs SECO Swiss Agency for Development and Cooperation SCD The Swiss Contribution to the reduction of disparities within the enlarged EU Bulgarian Swiss Chamber of Commerce, 7 October 2010 Franziska Keller,

299 views • 26 slides
Swiss Law and Swiss Arbitration Seoul, 18 September 2018 Tino Gaberthel and Harold Frey Why

Swiss Law and Swiss Arbitration Seoul, 18 September 2018 Tino Gaberthel and Harold Frey Why

Establishment of a Swiss Presence, Application of Swiss Law and Swiss Arbitration Seoul, 18 September 2018 Tino Gaberthel and Harold Frey Why Switzerland? Political and economic stability Excellent infrastructure Efficient and

612 views • 27 slides
GEOMETRIC APPROACH TO PARADOXES OF VOTING POWER Workshop on Voting Theory and Preference

GEOMETRIC APPROACH TO PARADOXES OF VOTING POWER Workshop on Voting Theory and Preference

GEOMETRIC APPROACH TO PARADOXES OF VOTING POWER Workshop on Voting Theory and Preference Modelling Sponsored by DIMACS and LAMSADE Paris, Universit e Paris Dauphine 28 October 2006 Michael A. Jones Department of Mathematical Sciences

703 views • 33 slides
Hiran Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Hiran Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Post Gu 2010 Food Security and Nutrition Analysis Unit Somalia Information for Better August 18th 2010 Livelihoods Hiran Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal Assessment Coverage

246 views • 23 slides
Juba Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Juba Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Post Gu 2010 Food Security and Nutrition Analysis Unit Somalia August 18th 2010 Information for Better Livelihoods Juba Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal Assessment Coverage

530 views • 30 slides
Gedo Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Gedo Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Post Gu 2010 Food Security and Nutrition Analysis Unit Somalia Information for Better August 18th 2010 Livelihoods Gedo Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal Assessment Coverage

700 views • 26 slides
Shabelle Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Shabelle Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Post Gu 2010 Food Security and Nutrition Analysis Unit Somalia August 18th 2010 Information for Better Livelihoods Shabelle Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal Assessment Coverage

549 views • 32 slides
Central Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal

Central Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal

Post Gu 2010 Food Security and Nutrition Analysis Unit Somalia August 18th 2010 Information for Better Livelihoods Central Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal Assessment Coverage Field

345 views • 22 slides
13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019

13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019

Brussels 21/11/2019 13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019 Kathrine Nygaard Stannov, Subject Manager Transparency Rene Prins, Transparency Adviser Agenda > New developments in 2019

648 views • 32 slides
NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation

NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation

NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation Activities of NTW Workshop on Environmental Mapping: Mobilising Trust in Measurements and Engaging Scientific Citizenry Nadja Zeleznik nzeleznik@rec.org

338 views • 30 slides
Fiscal Transparency and Accountability Overview Importance of Institutional Transparency

Fiscal Transparency and Accountability Overview Importance of Institutional Transparency

September 28, 2017 Alex Hathaway Center for State and Local Finance Fiscal Transparency and Accountability Overview Importance of Institutional Transparency Review of the Literature Methodology Volcker Alliance questions

343 views • 16 slides
Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data Science ZHAW School of Engineering, Winterthur 21 March 2014 Andr Golliez Managing Partner itopia ag President Opendata.ch, Swiss Chapter of the

656 views • 30 slides
Topical workshop on Radiation biology Topical workshop on Radiation biology September 2010

Topical workshop on Radiation biology Topical workshop on Radiation biology September 2010

Topical workshop on Radiation biology Topical workshop on Radiation biology September 2010 (B.2.3. Training) Medical Radiation Physics Department of Oncology-Pathology f O Karolinska Institutet Stockholm, Sweden , Visiting scientists

233 views • 6 slides
Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah,

Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah,

Transparent Checkpoint of Closed Distributed Systems in Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah, School of Computing Emulab Public testbed for network experimentation 2 Emulab

725 views • 45 slides
R Programming Basics Thomas J. Leeper May 20, 2015 1 Functions Built-in functions x <-

R Programming Basics Thomas J. Leeper May 20, 2015 1 Functions Built-in functions x <-

R Programming Basics Thomas J. Leeper May 20, 2015 1 Functions Built-in functions x <- c(1,3,4,4,5,6,2,3,4) mean(x) sum(x) exp(x) log(x) sqrt(x) length(x) seq_along(x) quantile(x, c(0.05 , 0.95)) Writing functions # no arguments

517 views • 12 slides
Distributed Logging Architecture in Container Era LinuxCon Japan 2016 at Jun 13 2016 Satoshi

Distributed Logging Architecture in Container Era LinuxCon Japan 2016 at Jun 13 2016 Satoshi

Distributed Logging Architecture in Container Era LinuxCon Japan 2016 at Jun 13 2016 Satoshi "Moris" Tagomori (@tagomoris) Satoshi "Moris" Tagomori (@tagomoris) Fluentd, MessagePack-Ruby, Norikra, ... Treasure Data, Inc.

659 views • 39 slides
A Computational Mo del for Represen tation of Image V elo citi es Eero Simoncelli

A Computational Mo del for Represen tation of Image V elo citi es Eero Simoncelli

A Computational Mo del for Represen tation of Image V elo citi es Eero Simoncelli Computer and Information Science Departmen t Univ ersit y of P ennsylv ania Da vid Heeger Psyc hology Departmen t Stanford Univ

320 views • 14 slides
REDBOOK 101 Accounting Procedures for Kentucky School Activity Funds 2 What is the

REDBOOK 101 Accounting Procedures for Kentucky School Activity Funds 2 What is the

REDBOOK 101 Accounting Procedures for Kentucky School Activity Funds 2 What is the Redbook? The Accounting Procedures for Kentucky School Activity funds, more commonly known as the Redbook, is a mandate from the Kentucky

827 views • 14 slides
Data Integration for Neo4j using Kettle Matt Casters, matt.casters@neo4j.com mattcasters Neo4j

Data Integration for Neo4j using Kettle Matt Casters, matt.casters@neo4j.com mattcasters Neo4j

Data Integration for Neo4j using Kettle Matt Casters, matt.casters@neo4j.com mattcasters Neo4j Chief Solutions Architect Topics What is Kettle? Kettle plugins for Neo4j Kettle using Neo4j Examples The Hunger Games

808 views • 44 slides
THE LOGGING LOOPHOLE How the Logging Industrys Unregulated Carbon Emissions Undermine

THE LOGGING LOOPHOLE How the Logging Industrys Unregulated Carbon Emissions Undermine

THE LOGGING LOOPHOLE How the Logging Industrys Unregulated Carbon Emissions Undermine Canadas Climate Goals environmental defence Dale Marshall Jennifer Skene Graham Saul Photo Credit: River Jordan for NRDC The Boreal Forest CARBON:

508 views • 23 slides
What is a Bro log? 1 What is a Bro log? A stream of

What is a Bro log? 1 What is a Bro log? A stream of

What is a Bro log? 1 What is a Bro log? A stream of high level entries that correspond to lower level events. An HTTP request/reply pair.

749 views • 16 slides

More recommend