coercion resistant internet voting with everlasting
play

Coercion-Resistant Internet Voting with Everlasting Privacy Rolf - PowerPoint PPT Presentation

Nov 16, 2023 •368 likes •735 views

Coercion-Resistant Internet Voting with Everlasting Privacy Rolf Haenni (Philipp Locher, Reto E. Koenig) FC16, Bridgetown, Barbados, February 26, 2016 Bern University of Applied Sciences | Berner Fachhochschule | Haute ecole sp

  1. Coercion-Resistant Internet Voting with Everlasting Privacy Rolf Haenni (Philipp Locher, Reto E. Koenig) FC’16, Bridgetown, Barbados, February 26, 2016 Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 1

  2. Outline Introduction Protocol Overview Cryptographic Preliminaries Detailed Protocol Description Properties and Performance Conclusion Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 2

  3. Coercion-Resistance Strategy 1: Fake Credentials First proposed by Juels, Catalano, Jakobsson (WPES’05) Under coercion, use (indistinguishable) fake credential Submit real vote at any time during the voting period Strategy 2: Deniable Vote Updating First proposed by Achenbach et al. (JETS, 2:26–45, 2015) Under coercion, follow the coercer’s instructions Update vote shortly before the end of the voting period Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 3

  4. Everlasting Privacy Strategy 1: Everlasting Privacy Towards the Public First proposed by Demirel et al. (EVT/WOTE’12) Publish perfectly hiding commitments to allow public verifiability Send decommitment values privately to trusted authorities Strategy 2: Efficient Set Membership Proof First proposed by Locher and Haenni (VoteID’15) Submit vote over anonymous channel Prove eligibility using perfectly hiding commitment and zero-knowledge proofs Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 4

  5. Adversaries Present adversary . . . tries to manipulate the election outcome, e.g. by coercing voters acts before, during, or shortly after an election is polynomially bounded Future adversary . . . tries to break vote privacy acts at any point in the future has unlimited computational power Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 5

  6. Outline Introduction Protocol Overview Cryptographic Preliminaries Detailed Protocol Description Properties and Performance Conclusion Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 6

  7. Involved Parties Election administration Voters Public bulletin board Trusted authorities (threshold decryption, mixing) Verifiers (the public) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 7

  8. Step 1: Registration The voter . . . creates a pair of private and public credentials sends the public credential to the election administration (over an authentic channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 8

  9. Step 2: Election Preparation The election administration . . . sends the list of public voter credentials to bulletin board Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 9

  10. Step 3: Vote Casting The voter . . . creates ballot consisting of commitment to public credential commitment to private credential encrypted ’election credential’ (used to detect duplicates) encrypted vote Non-interactive zero-knowledge proofs that commitments and encryptions have been formed properly sends ballot to bulletin board (over an anonymous channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 10

  11. Step 4: Tallying The trusted authorities . . . retrieve ballots from bulletin board drop ballots with invalid proofs detect and eliminate updated votes threshold decrypt remaining encrypted votes drop ballots with invalid votes compute election result in a verifiable manner Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 11

  12. Outline Introduction Protocol Overview Cryptographic Preliminaries Detailed Protocol Description Properties and Performance Conclusion Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 12

  13. Cryptographic Setup Group G p of prime order p Sub-group G q ⊂ Z ∗ p of prime order q | ( p − 1) Independent generators g 0 , g 1 ∈ G p and h 0 , h 1 , h 2 ∈ G q Assume that DL is hard in G p and DDH is hard in G q Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 13

  14. Set Membership Proof Goal: prove that a committed value belongs to a given set NIZKP [( u , r ) : C = com ( u , r ) ∧ u ∈ U ] Secret inputs u , r ∈ Z p Public inputs Commitment C = com ( u , r ) ∈ G p Set U = { u 1 , . . . , u N } of values u i ∈ Z p Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 14

  15. Polynomial Evaluation Proof Let P ( X ) = � N i =1 ( X − u i ) satisfying P ( u i ) = 0 for all u i ∈ U NIZKP [( u , r ) : C = com ( u , r ) ∧ u ∈ U ] ⇐ ⇒ NIZKP [( u , r ) : C = com ( u , r ) ∧ P ( u ) = 0] Efficient protocol by Bayer and Groth (2013) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 15

  16. DL-Representation Proof Goal: prove that a commitment contains a DL-representation of another committed value   C = com ( u , r ) � NIZKP [( u , r , v 1 , . . . , v n , s ) : D = com ( v 1 , . . . , v n , s )  ]  u = h v 1 1 · · · h v n n Secret inputs u , r ∈ Z p v 1 , . . . , v n , s ∈ Z q Public inputs Values h 1 , . . . , h n ∈ G q Commitment C = com ( u , r ) ∈ G p Commitment D = com ( v 1 , . . . , v n , s ) ∈ G q For n = 2, efficient protocol by Au, Susilo, Mu (2010) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 16

  17. Verifiable Shuffle General verifiable shuffle: ( E ′ , π ) = shuffle φ f ( E , k 1 , . . . , k n ) Input list E = ( E 1 , . . . , E n ) Random permutation φ Keyed one-way function f Keys k 1 , . . . , k n Output list E ′ = ( E ′ 1 , . . . , E ′ n ), where E ′ φ ( i ) = f ( E i , k i ) Proof of shuffle π In our protocol, we use two shuffle instances Exponentiation: f ( E , k ) = E k Re-encryption: f ( E , k ) = reEnc pk ( E , k ) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 17

  18. Outline Introduction Protocol Overview Cryptographic Preliminaries Detailed Protocol Description Properties and Performance Conclusion Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 18

  19. Step 1: Registration The voter . . . creates a pair of private and public credentials sends the public credential to the election administration (over an authentic channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 19

  20. Step 1: Registration The voter . . . creates a pair of private and public credentials α, β ∈ R Z q u = h α 1 h β 2 ∈ G q sends the public credential u to the election administration (over an authentic channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 20

  21. Step 2: Election Preparation The election administration . . . sends the list of public voter credentials to bulletin board Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 21

  22. Step 2: Election Preparation The election administration . . . defines the list of public voter credentials U = { ( V 1 , u 1 ) , . . . , ( V N , u N ) } computes coefficients A = ( a 0 , . . . , a N ) of polynomial N N � � a i X i P ( X ) = ( X − u i ) = i =1 i =0 selects fresh independent election generator ˆ h ∈ G q publishes ( U , A , ˆ h ) on bulletin board Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 22

  23. Step 3: Vote Casting The voter . . . creates ballot consisting of commitment to public credential commitment to private credential encrypted ’election credential’ (used to detect duplicates) encrypted vote Non-interactive zero-knowledge proofs that commitments and encryptions have been formed properly sends ballot to bulletin board (over an anonymous channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 23

  24. Step 3: Vote Casting The voter . . . creates ballot B = ( C , D , E , F , π 1 , π 2 , π 3 ) consisting of commitment to public credential C = com ( u , r ) commitment to private credential D = com ( α, β, s ) encryption of ’election credential’ E = enc pk (ˆ h β , ρ ) encrypted vote F = enc pk ( v , σ ) Non-interactive zero-knowledge proofs π 1 , π 2 , π 3 (see next slide) sends ballot B to bulletin board (over an anonymous channel) Bern University of Applied Sciences | Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise 24

Recommend

Human Factors in Coercion-Resistant Internet Voting Oksana Kulyk I voted for A I voted

Human Factors in Coercion-Resistant Internet Voting Oksana Kulyk I voted for A I voted

Human Factors in Coercion-Resistant Internet Voting Oksana Kulyk I voted for A I voted for A +1 vote for B +1 vote for A ITU CIST 29/05/2019 1 Coercion in Internet Voting Internet voting is an unsupervised channel

580 views • 22 slides
Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo, Amira Barki, Solenn Brunet and Jacques Traor 1st Workshop on Advances in Secure Electronic Voting Schemes VOTING16 February 26th, 2016

532 views • 23 slides
Internet Voting Protocols with Everlasting Privacy Jeroen van de Graaf Joint work with Denise

Internet Voting Protocols with Everlasting Privacy Jeroen van de Graaf Joint work with Denise

Internet Voting Protocols with Everlasting Privacy Jeroen van de Graaf Joint work with Denise Demirel e Roberto Samarone jvdg@dcc.ufmg.br June 2012 Jeroen van de Graaf Joint work with Denise Demirel e Roberto Samarone Internet Voting Protocols

697 views • 40 slides
Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
A Design Of Secure Preferential E-Voting Kun Peng and Feng Bao { dr.kun.peng } @gmail.com

A Design Of Secure Preferential E-Voting Kun Peng and Feng Bao { dr.kun.peng } @gmail.com

A Design Of Secure Preferential E-Voting Kun Peng and Feng Bao { dr.kun.peng } @gmail.com Institute for Inforcomm Research (I 2 R), Singapore 1 Agenda 1. Preferential E-Voting 2. Coercion attack and coercion resistent 3. Italian attack

229 views • 21 slides
Preventing Coercion in E-Voting: Be Open and Commit Wojtek Jamroga, Polish Academy of Sciences

Preventing Coercion in E-Voting: Be Open and Commit Wojtek Jamroga, Polish Academy of Sciences

Preventing Coercion in E-Voting: Be Open and Commit Wojtek Jamroga, Polish Academy of Sciences (joint work with Masoud Tabatabaei and Peter Y. A. Ryan) LAMAS Seminar on INteraction Gdansk 24th of September 2015 Tabatabaei, Jamroga, and Ryan

791 views • 60 slides
Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University

Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University

Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University College London DoS-Resistant Internet Working Group Initial meeting held January 27th in London: The objective of the initial meeting is to share

316 views • 27 slides
Internet Voting and Ranked Ballots 2018 Municipal Election Special Committee of the Whole

Internet Voting and Ranked Ballots 2018 Municipal Election Special Committee of the Whole

Internet Voting and Ranked Ballots 2018 Municipal Election Special Committee of the Whole January 30, 2017 Purpose Continuation of discussion of internet voting from October 5, 2015 Outline recommended voting method options for 2018

792 views • 32 slides
10/3/2017 He Who Is Everlasting Psalms 90:1-2 Lord, you have been our dwelling place throughout

10/3/2017 He Who Is Everlasting Psalms 90:1-2 Lord, you have been our dwelling place throughout

10/3/2017 He Who Is Everlasting Psalms 90:1-2 Lord, you have been our dwelling place throughout all generations. 2 Before the mountains were born or you brought forth the whole world, from everlasting to everlasting you are God. Main Point

282 views • 7 slides
Facebook Changing the Face of Voting: How the Internet and Social Networking Sites Affected

Facebook Changing the Face of Voting: How the Internet and Social Networking Sites Affected

Facebook Changing the Face of Voting: How the Internet and Social Networking Sites Affected Youth Voting Behaviors in the 2008 Election Aleesha Larsen April 2012 So What? Voting behavior is always being researched In 2006 there were

261 views • 12 slides
Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stphanie Delaune

Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stphanie Delaune

Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stphanie Delaune / Steve Kremer / Mark D. Ryan Some desired properties of e-voting systems Eligibility: only eligible voters can vote, and only once.

545 views • 18 slides
Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for Voting Over the Internet, Indrajit Ray, (revisited) Indrakshi Ray, Natarajan Narasimhamurthi Paul Valiant extending work by Dale Neal &

441 views • 5 slides
Internet VotingSeriously?? Ronald L. Rivest Institute Professor MIT, Cambridge, MA EVN

Internet VotingSeriously?? Ronald L. Rivest Institute Professor MIT, Cambridge, MA EVN

Internet VotingSeriously?? Ronald L. Rivest Institute Professor MIT, Cambridge, MA EVN Conference 2016-03-11 Outline Introduction Technology evolution and voting Internet voting Security Risk assessment New tech for old applications

912 views • 90 slides
Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys Rolf Haenni and Oliver

Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys Rolf Haenni and Oliver

Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys Rolf Haenni and Oliver Spycher Bern University of Applied Sciences, Switzerland http://e-voting.bfh.ch EVT/WOTE11, San Francisco August 9th, 2011 1 Outline

550 views • 23 slides
Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University

Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University

Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University College London Denial-of-Service Attacker attempts to prevent the victim from doing any useful work. Flooding Attacks Exploiting Software

806 views • 27 slides
Towards DoS-resistant Internet Architecture Prof. Mark Handley University College London

Towards DoS-resistant Internet Architecture Prof. Mark Handley University College London

Towards DoS-resistant Internet Architecture Prof. Mark Handley University College London Denial-of-Service Attacker attempts to prevent the victim from doing any useful work. Flooding Attacks Exploiting Software Weaknesses

319 views • 19 slides
Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example Saghar Estehghari 1 Yvo Desmedt 1 , 2 1 Department of Computer Science University College London, UK 2 Research Center for Information Security

572 views • 28 slides
Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture Damage 1 Balanced Mix Design: ETG Definition Asphalt mix design using performance tests on appropriately conditioned specimens that address

480 views • 46 slides
March 13, 2014 1 Scantegrity 2 Process Modeling 3 Internet Voting March 13, 2014 ECS 235B Winter

March 13, 2014 1 Scantegrity 2 Process Modeling 3 Internet Voting March 13, 2014 ECS 235B Winter

Scantegrity Process Modeling Internet Voting March 13, 2014 1 Scantegrity 2 Process Modeling 3 Internet Voting March 13, 2014 ECS 235B Winter Quarter 2014 Slide 1 Scantegrity Process Modeling Internet Voting Scantegrity Goal: allow

346 views • 20 slides
Subtyping in Type Theory: Coercion Contexts and Local Coercions Z. Luo and F. Part Dept of

Subtyping in Type Theory: Coercion Contexts and Local Coercions Z. Luo and F. Part Dept of

Subtyping in Type Theory: Coercion Contexts and Local Coercions Z. Luo and F. Part Dept of Computer Science Royal Holloway, Univ of London This talk Subsumptive v.s. coercive subtyping Review and background Coercion contexts and local

166 views • 13 slides
Isaiah 40:28-31 NIV 28 Do you not know? Have you not heard? The LORD is the everlasting God, the

Isaiah 40:28-31 NIV 28 Do you not know? Have you not heard? The LORD is the everlasting God, the

Isaiah 40:28-31 NIV 28 Do you not know? Have you not heard? The LORD is the everlasting God, the Creator of the ends of the earth. He will not grow tired or weary, and his understanding no one can fathom. 29 He gives strength to the weary and

433 views • 18 slides
Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale

Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale

Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale electronic voting protocol: Primarily Internet-based Users voting from their own devices (such as home PC/laptop) Aimed toward actual

721 views • 21 slides
Defining Privacy for Weighted Votes, Single and Multi-Voter Coercion Jannik Dreier, Pascal

Defining Privacy for Weighted Votes, Single and Multi-Voter Coercion Jannik Dreier, Pascal

Introduction Defining Privacy Defining Receipt-Freeness Defining Coercion-Resistance Conclusion Defining Privacy for Weighted Votes, Single and Multi-Voter Coercion Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech Universit Grenoble 1,

1.13k views • 74 slides
Michigan Votes in 2020 Voter registration, absentee voting, and Election Day New Voting Laws New

Michigan Votes in 2020 Voter registration, absentee voting, and Election Day New Voting Laws New

Michigan Votes in 2020 Voter registration, absentee voting, and Election Day New Voting Laws New Michigan Voting Laws Prop 3 of 2018 added several voting policies to the Michigan constitution, including: straight-ticket voting, automatic

510 views • 15 slides

More recommend