adapting helios for provable ballot privacy
play

Adapting Helios for Provable Ballot Privacy David Bernhard, - PowerPoint PPT Presentation

Apr 04, 2024 •225 likes •629 views

Adapting Helios for Provable Ballot Privacy David Bernhard, Veronique Cortier, Olivier Pereira, Ben Smyth, Bogdan Warinschi September 2, 2011 ESORICS 2011 Adapting Helios for Provable Ballot Privacy 1 / 26 Helios Helios is a web-based voting

  1. Adapting Helios for Provable Ballot Privacy David Bernhard, Veronique Cortier, Olivier Pereira, Ben Smyth, Bogdan Warinschi September 2, 2011 ESORICS 2011 Adapting Helios for Provable Ballot Privacy 1 / 26

  2. Helios Helios is a web-based voting system by B. Adida et al. Helios has been used in several universities (including here in Belgium) and by the IACR. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 2 / 26

  3. Security Cryptographic voting systems should have security properties: Privacy No-one can discover how anyone else voted. Verifiability Anyone can check that an election was conducted correctly. And others: robustness, fairness, usability, . . . ESORICS 2011 Adapting Helios for Provable Ballot Privacy 3 / 26

  4. Attacking and Fixing Helios 2010 paper by Cortier and Smyth (CSF ’11): analysis of Helios in the applied pi-calculus. ◮ There are attacks against privacy. ◮ Helios can be adapted so that it meets a symbolic definition of security. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 4 / 26

  5. Our Contribution We define a cryptographic model for ballot privacy. We show how to secure Helios in this model. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 5 / 26

  6. Overview of Helios ESORICS 2011 Adapting Helios for Provable Ballot Privacy 6 / 26

  7. Helios Bulletin Board Helios uses a bulletin board. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 7 / 26

  8. Helios Bulletin Board Voters choose their vote . . . ESORICS 2011 Adapting Helios for Provable Ballot Privacy 7 / 26

  9. Helios Bulletin Board . . . encrypt it, . . . ESORICS 2011 Adapting Helios for Provable Ballot Privacy 7 / 26

  10. Helios Bulletin Board . . . and send it to the board. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 7 / 26

  11. Helios Bulletin Board The board collects all votes. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 7 / 26

  12. Helios Bulletin Board The administrators decrypt and publish the result. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 7 / 26

  13. Helios Ballots A Helios ballot contains ◮ Ciphertexts of the vote(s). ◮ Zero-knowledge proofs of correctness. vote ciphertext proof ESORICS 2011 Adapting Helios for Provable Ballot Privacy 8 / 26

  14. An Attack on Helios ESORICS 2011 Adapting Helios for Provable Ballot Privacy 9 / 26

  15. An Attack on Helios Consider an election with two honest voters and one dishonest voter. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 10 / 26

  16. An Attack on Helios The dishonest voter waits for the honest ones to submit their ballots . . . ESORICS 2011 Adapting Helios for Provable Ballot Privacy 10 / 26

  17. An Attack on Helios . . . then copies voter 2’s ballot and casts it as his own. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 10 / 26

  18. An Attack on Helios 0 1 1 Result – Yes: 2, No: 1 He can now discover how everyone else voted just by looking at the result! ESORICS 2011 Adapting Helios for Provable Ballot Privacy 10 / 26

  19. Malleable Ballots ? We want to be sure an adversary cannot cast a ballot derived in any way from previous ones. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 11 / 26

  20. Our Model for Ballot Privacy ESORICS 2011 Adapting Helios for Provable Ballot Privacy 12 / 26

  21. Motivating Example yes no 1 0 yes no 0 1 yes: 1, yes: 1, no: 1 no: 1 Aim: No adversary can distinguish. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 13 / 26

  22. Ballot Privacy Challenger Adversary We model security with a game between a challenger and the adversary . ESORICS 2011 Adapting Helios for Provable Ballot Privacy 14 / 26

  23. Ballot Privacy Challenger Adversary Vote( v ) The adversary can choose the votes for honest voters. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 14 / 26

  24. Ballot Privacy Challenger Adversary Vote( v ) Ballot( b ) The adversary can submit arbitrary ballots for dishonest voters. ( Adaptive adversary.) ESORICS 2011 Adapting Helios for Provable Ballot Privacy 14 / 26

  25. Ballot Privacy Vote( v ) Vote( v ) Ballot( v ) Ballot( ε ) The challenger either creates honest voters’ ballots correctly or always adds ballots for ε . ESORICS 2011 Adapting Helios for Provable Ballot Privacy 15 / 26

  26. Ballot Privacy Challenger Adversary vote ballot . . . correct result The challenger always returns the correct result (for the adversary’s inputs). ESORICS 2011 Adapting Helios for Provable Ballot Privacy 16 / 26

  27. Ballot Privacy Challenger Adversary vote ballot . . . correct correct ballots result or ε ballots? The adversary must guess what the challenger did. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 16 / 26

  28. Ballot Privacy If the challenger chooses correct ballots, he is simulating the Helios protocol. If the challenger chooses ε ballots, his ballots are independent of the honest users’ votes. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 17 / 26

  29. Ballot Privacy yes no 1 0 yes no 0 1 yes: 1, yes: 1, no: 1 no: 1 Aim: No adversary can distinguish. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 18 / 26

  30. Ballot Privacy yes no 1 0 yes no 0 1 ε yes: 1, yes: 1, no: 1 no: 1 ε ≈ yes: 1, no: 1 Security model: cannot distinguish this case . . . ESORICS 2011 Adapting Helios for Provable Ballot Privacy 18 / 26

  31. Ballot Privacy yes no 1 0 yes no 0 1 ε yes: 1, yes: 1, no: 1 no: 1 ε ≈ ≈ yes: 1, no: 1 . . . or this case. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 18 / 26

  32. Ballot Privacy ≈ yes no 1 0 yes no 0 1 ε yes: 1, yes: 1, no: 1 no: 1 ε ≈ ≈ yes: 1, no: 1 Therefore, he cannot distinguish these two either. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 18 / 26

  33. Securing Helios ESORICS 2011 Adapting Helios for Provable Ballot Privacy 19 / 26

  34. Securing Ballots To secure Helios, we use IND-CCA2 secure encryption . We must reject any ballot containing a repeated ciphertext . ESORICS 2011 Adapting Helios for Provable Ballot Privacy 20 / 26

  35. Voting-Friendly Encryption IND-CCA2 secure encryption cannot be homomorphic – but we want to keep the rest of Helios’ functionality. New primitives: embedded and voting-friendly encryption . (Similar to Wikstr¨ om’s submission secure encryption.) ESORICS 2011 Adapting Helios for Provable Ballot Privacy 21 / 26

  36. Voting-Friendly Encryption We propose using the Naor-Yung transformation: IND-CCA2 secure but keeps all existing functionality. The cost of a ballot increases by (very roughly) 50%. Naor-Yung ElGamal π “old” ballot ESORICS 2011 Adapting Helios for Provable Ballot Privacy 22 / 26

  37. Conclusions ESORICS 2011 Adapting Helios for Provable Ballot Privacy 23 / 26

  38. Conclusions We give a cryptographic model for ballot privacy. We can adapt Helios to be secure and prove this. ◮ Reject ballots with repeated ciphertexts. ◮ Proof assumes IND-CCA2 security. IND-CCA2 security and homomorphic encryption can be combined for voting. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 24 / 26

  39. Questions Thank you for attending. Questions? ESORICS 2011 Adapting Helios for Provable Ballot Privacy 25 / 26

  40. ESORICS 2011 Adapting Helios for Provable Ballot Privacy 26 / 26

Recommend

Tor and (un)provable privacy Roger Dingledine The Tor Project https://torproject.org/ 1

Tor and (un)provable privacy Roger Dingledine The Tor Project https://torproject.org/ 1

Tor and (un)provable privacy Roger Dingledine The Tor Project https://torproject.org/ 1 Today's plan 0) Crash course on Tor 1) Anonymity attacks 2) Blocking-resistance 2 What is Tor? Online anonymity 1) open source software, 2)

663 views • 52 slides
Ballot privacy in elections: new metrics and constructions. Olivier Pereira Universit e

Ballot privacy in elections: new metrics and constructions. Olivier Pereira Universit e

Ballot privacy in elections: new metrics and constructions. Olivier Pereira Universit e catholique de Louvain Based on joint works with: D. Bernhard, V. Cortier, E. Cuvelier, T. Peters and B. Warinschi March 2015 UCL Crypto Group Vote

415 views • 29 slides
Helios Underwriting Building a Capacity Fund Introduction to Helios: The Consolidator at

Helios Underwriting Building a Capacity Fund Introduction to Helios: The Consolidator at

Helios Underwriting Building a Capacity Fund Introduction to Helios: The Consolidator at Lloyds for Private Capital Who you are meeting today Arthur Manners Finance Director Nigel Hanbury Chief Executive Officer Arthur has over

209 views • 19 slides
Team Helios (a) The God Helios (b) Our sun Dr. Thomai Tsiftsi & Dr. James Edwards UNAM -

Team Helios (a) The God Helios (b) Our sun Dr. Thomai Tsiftsi & Dr. James Edwards UNAM -

Team Helios (a) The God Helios (b) Our sun Dr. Thomai Tsiftsi & Dr. James Edwards UNAM - UMICH SpaceApps Challenge 2017 Team Helios Challenge: You are my sunshine Team Helios Challenge: You are my sunshine Team Helios Challenge: You are

915 views • 26 slides
Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters

Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters

Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters Olivier Pereira Universit e catholique de Louvain ICTEAM Crypto Group SecVote 2012 UCL Crypto Group PPAT - Jul. 2012 1

451 views • 16 slides
Helios Motivation Development of Helios ISAR Gistic Method CN(m,i) = copy # of marker m in

Helios Motivation Development of Helios ISAR Gistic Method CN(m,i) = copy # of marker m in

Helios Motivation Development of Helios ISAR Gistic Method CN(m,i) = copy # of marker m in sample I I = indicator function = Aberration threshold ISAR W = set of window sizes I = Window size used Qvalue = based on local distribution m

199 views • 18 slides
HELIOS HELIOS A Collaborative Humanitarian Supply Chain Solution A web-based software solution

HELIOS HELIOS A Collaborative Humanitarian Supply Chain Solution A web-based software solution

HELIOS HELIOS A Collaborative Humanitarian Supply Chain Solution A web-based software solution that brings order to disaster relief, helping humanitarian organizations to provide aid to people more quickly and efficiently 2 Background:

427 views • 19 slides
m , , C ? 1. Adapting the mean m 2. Adapting the step-size 3. Adapting the covariance

m , , C ? 1. Adapting the mean m 2. Adapting the step-size 3. Adapting the covariance

How to update the di ff erent parameters m , , C ? 1. Adapting the mean m 2. Adapting the step-size 3. Adapting the covariance matrix C Why Step-size Adaptation? Assume a (1+1)-ES algorithm with fi xed step-size (and n x 2 i

360 views • 20 slides
MA111: Contemporary mathematics . Jack Schmidt University of Kentucky August 27, 2012 Entrance

MA111: Contemporary mathematics . Jack Schmidt University of Kentucky August 27, 2012 Entrance

. MA111: Contemporary mathematics . Jack Schmidt University of Kentucky August 27, 2012 Entrance Slip (due 5 min past the hour): Convert the following linear ballots into a preference schedule: Ballot Ballot Ballot Ballot Ballot Ballot

356 views • 17 slides
Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr

Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr

Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr egoire, Santiago Zanella-B eguelin 2012.07.10 Provable Privacy Workshop 2012 Privacy for Statistical Databases Privacy for Statistical Databases

721 views • 23 slides
Agenda What are ballot measures? Kellie Dupree What are 501(c)(3) organizations Director

Agenda What are ballot measures? Kellie Dupree What are 501(c)(3) organizations Director

Agenda What are ballot measures? Kellie Dupree What are 501(c)(3) organizations Director of Partnerships and Training allowed to do Ballot Initiative Strategy Center Direct Lobbying limits Stories from the field: Ballot measure

653 views • 16 slides
Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo Palmieri , Olivier Pereira UCL Crypto Group Universit e Catholique de Louvain (Belgium) Provable Privacy Workshop July 2012 UCL Crypto Group

660 views • 34 slides
Adapting MI to mHealth in the Adapting MI to mHealth in the management of chronic health

Adapting MI to mHealth in the Adapting MI to mHealth in the management of chronic health

The project PRECIOUS has received funding from the European Union s Seventh Framework Programme under Grant Agreement n 611366" Adapting MI to mHealth in the Adapting MI to mHealth in the management of chronic health conditions: The

523 views • 34 slides
Ballot Article 8 Tax Stabilization Ballot Language Shall the voters authorize the Richmond

Ballot Article 8 Tax Stabilization Ballot Language Shall the voters authorize the Richmond

Ballot Article 8 Tax Stabilization Ballot Language Shall the voters authorize the Richmond Selectboard to negotiate and enter a Tax Stabilization Agreement for Economic Development purposes, for the properties commonly known as the Creamery,

561 views • 10 slides
Running mixnet-based elections with Helios Philippe Bulens Damien Giry Olivier Pereira

Running mixnet-based elections with Helios Philippe Bulens Damien Giry Olivier Pereira

Running mixnet-based elections with Helios Philippe Bulens Damien Giry Olivier Pereira EVT/WOTE11 UCL Crypto Group Running mixnet-based elections with Helios - Aug. 2011 1 Microelectronics Laboratory Helios Open-audit elections

605 views • 11 slides
MANAGING AGENCY PARTNERS Syndicate 2791 Adapting to ECF a practical solution Adapting to ECF

MANAGING AGENCY PARTNERS Syndicate 2791 Adapting to ECF a practical solution Adapting to ECF

MANAGING AGENCY PARTNERS Syndicate 2791 Adapting to ECF a practical solution Adapting to ECF a practical solution Adrian Duggleby - Systems Manager Ian Springett - Head of Claims Aidan ONeil - DOCOsoft Adapting to ECF

205 views • 18 slides
Helios Underwriting Growth & Returns from Exposure to the Lloyds market Disclaimer This

Helios Underwriting Growth & Returns from Exposure to the Lloyds market Disclaimer This

Helios Underwriting Growth & Returns from Exposure to the Lloyds market Disclaimer This document has been prepared by Helios Underwriting plc, solely for use at a confidential presentation in connection with the proposed placing of

469 views • 26 slides
HELIOS A Collaborative Humanitarian Supply Chain Solution Web-based software solution that

HELIOS A Collaborative Humanitarian Supply Chain Solution Web-based software solution that

HELIOS A Collaborative Humanitarian Supply Chain Solution Web-based software solution that brings order to disaster relief, helping humanitarian organizations to provide aid to people more quickly and efficiently 1 HELIOS background -

608 views • 16 slides
Constant-Size Commitments to Polynomials and Their Applications Ian Goldberg Cryptography,

Constant-Size Commitments to Polynomials and Their Applications Ian Goldberg Cryptography,

Constant-Size Commitments to Polynomials and Their Applications Ian Goldberg Cryptography, Security, and Privacy Research Lab University of Waterloo ECRYPT II Provable Privacy Workshop 10 July 2012 Coauthors Aniket Kate (Max Planck

1.4k views • 78 slides
Security and performance designs for client-server communications Helmut Tschemernjak HELIOS

Security and performance designs for client-server communications Helmut Tschemernjak HELIOS

MONTREAL JUNE 30, JULY 1ST AND 2ND 2012 Security and performance designs for client-server communications Helmut Tschemernjak HELIOS Software GmbH www.helios.de Montag, 2. Juli 2012 Scope of This Presentation How we did certain

615 views • 37 slides
Fully Automated In-Situ Sample Preparation with New Generation Helios 5 DualBeam David Wall The

Fully Automated In-Situ Sample Preparation with New Generation Helios 5 DualBeam David Wall The

Fully Automated In-Situ Sample Preparation with New Generation Helios 5 DualBeam David Wall The world leader in serving science Electron microscopy innovation at Thermo Fisher More than 25 years of DualBeam innovations 2 Helios 5

878 views • 29 slides
Another Look at Provable Security Alfred Menezes (joint work with Sanjit Chatterjee, Neal

Another Look at Provable Security Alfred Menezes (joint work with Sanjit Chatterjee, Neal

Another Look at Provable Security Alfred Menezes (joint work with Sanjit Chatterjee, Neal Koblitz, Palash Sarkar) EUROCRYPT 2012 1 Provable security Goal: To prove that a protocol P is secure with respect to a computational problem or

1.32k views • 91 slides
Learning Analytics: Personalizing and Adapting the Learning Personalizing and Adapting the

Learning Analytics: Personalizing and Adapting the Learning Personalizing and Adapting the

Learning Analytics: Personalizing and Adapting the Learning Personalizing and Adapting the Learning Process George Siem ens and Sabine Graf Athabasca University Canada Canada Adaptivity and Personalization in Learning Systems How can we

86 views • 8 slides
The fundamental goal of provable security D. J. Bernstein University of Illinois at

The fundamental goal of provable security D. J. Bernstein University of Illinois at

The fundamental goal of provable security D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Lets focus on what provable security is trying to do. Lets not get distracted by current

623 views • 9 slides

More recommend