how to challenge and cast your e vote
play

How to challenge and cast your e-vote Sandra Guasch, Paz Morillo - PowerPoint PPT Presentation

How to challenge and cast your e-vote Sandra Guasch, Paz Morillo Financial Cryptography and Data Security 2016 Table of Contents Introduction 1 Cast-as-intended in Helios 2 Challenge and cast 3 Sandra Guasch, Paz Morillo How to challenge


  1. How to challenge and cast your e-vote Sandra Guasch, Paz Morillo Financial Cryptography and Data Security 2016

  2. Table of Contents Introduction 1 Cast-as-intended in Helios 2 Challenge and cast 3 Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 1 / 20

  3. What is electronic voting? Election modernization started with the counting process Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 2 / 20

  4. What is electronic voting? Election modernization started with the counting process In electronic voting, votes are cast electronically Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 2 / 20

  5. Advantages of electronic voting Accuracy Speed Provide special interaction mechanisms (e.g. for impaired people) Reduce human errors Reduce logistic and long term costs Availability / Opportunity Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 3 / 20

  6. Security requirements Similar to those in traditional voting Voter eligibility One vote per voter Privacy Tally accuracy Secrecy of intermediate results (fairness) Auditability and traceability Resistance against coercion and vote buying Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 4 / 20

  7. Example of mixnet-based protocol Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 5 / 20

  8. Verifiability in electronic voting Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 6 / 20

  9. Verifiability in electronic voting Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 6 / 20

  10. Verifiability in electronic voting Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 6 / 20

  11. Table of Contents Introduction 1 Cast-as-intended in Helios 2 Challenge and cast 3 Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 7 / 20

  12. Helios system Introduced by Ben Adida in 2008 Well known in the academic field Used in student elections, IACR elections... Has verifiability properties Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 8 / 20

  13. Cast as Intended in Helios (I) Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 9 / 20

  14. Cast as Intended in Helios (I) Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 9 / 20

  15. Cast as Intended in Helios (I) Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 9 / 20

  16. Cast as Intended in Helios (II) Imagine I want to audit the vote to be cast in Helios... Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 10 / 20

  17. Cast as Intended in Helios (III) The voter can be easily coerced! Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 11 / 20

  18. Table of Contents Introduction 1 Cast-as-intended in Helios 2 Challenge and cast 3 Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 12 / 20

  19. Our proposal Process more understandable by the voter Direct audit of the vote to be cast Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 13 / 20

  20. Our proposal Process more understandable by the voter Direct audit of the vote to be cast Approach: Prove to the voter the content of her vote using a zero-knowledge proof of knowledge Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 13 / 20

  21. Proofs of knowledge Based on Σ -protocols Protocol between a prover P and a verifier V : P a → V : commitment − e P ← − V : challenge P z − → V : answer Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 14 / 20

  22. Proofs of knowledge Based on Σ -protocols Protocol between a prover P and a verifier V : P a → V : commitment − e P ← − V : challenge P z − → V : answer Properties Completeness: if P is fair, V accepts Knowledge soundness: if V accepts, P knows secrets Honest-verifier zero-knowledge: a conversation ( a ′ , e ′ , z ′ ) between P and V can be simulated Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 14 / 20

  23. Simulation(I) Voter can simulate a proof with a different value for the coercer Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 15 / 20

  24. Simulation(II) Alert! We want only the voter to be able to simulate proofs Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 16 / 20

  25. � Simulation(II) Alert! We want only the voter to be able to simulate proofs Designated Verifier Proofs We give a trapdoor key to the designated verifier The trapdoor key is necessary to simulate proofs = Knowledge of the trapdoor key ⇒ distinguishing between good and simulated proofs Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 16 / 20

  26. � Simulation(II) Alert! We want only the voter to be able to simulate proofs Designated Verifier Proofs We give a trapdoor key to the designated verifier The trapdoor key is necessary to simulate proofs = Knowledge of the trapdoor key ⇒ distinguishing between good and simulated proofs In our protocol, the voter holds the trapdoor key Releasing trapdoor key... → means approving the audited vote → allows proof simulation Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 16 / 20

  27. Protocol outline Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20

  28. Protocol outline Steps Voter selects a voting 1 option Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20

  29. Protocol outline Steps Voter selects a voting 1 option PC generates encrypted 2 vote and proof of content Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20

  30. Protocol outline Steps Voter selects a voting 1 option PC generates encrypted 2 vote and proof of content Voter verifies vote content 3 and confirms Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20

  31. Protocol outline Steps Voter selects a voting 1 option PC generates encrypted 2 vote and proof of content Voter verifies vote content 3 and confirms PC generates fake proof, 4 sends confirmed vote Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20

  32. Protocol outline Steps Voter selects a voting 1 option PC generates encrypted 2 vote and proof of content Voter verifies vote content 3 and confirms PC generates fake proof, 4 sends confirmed vote Voter gives info to the 5 coercer Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20

  33. Protocol outline Steps Voter selects a voting 1 option PC generates encrypted 2 vote and proof of content Voter verifies vote content 3 and confirms PC generates fake proof, 4 sends confirmed vote Voter gives info to the 5 coercer They verify the vote is 6 correctly stored Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 17 / 20

  34. Protocol properties Security : Private ← Adversary does not get the election private key or the encryption randomness. Cast-as-intended verifiable ← Adversary does not get the confirmation / trapdoor private key. Coercion-resistant ← Voter has a device to generate fake proofs and access to the trapdoor key. Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 18 / 20

  35. Protocol properties Security : Private ← Adversary does not get the election private key or the encryption randomness. Cast-as-intended verifiable ← Adversary does not get the confirmation / trapdoor private key. Coercion-resistant ← Voter has a device to generate fake proofs and access to the trapdoor key. Efficiency : Encrypt: 3 exp. Prove: 4 exp. Verify: 6 exp. Simulate: 6 exp. Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 18 / 20

  36. Protocol extensions Distributed computation Election authorities → election private key, tally results Registrars → voter’s private keys for proof simulation and vote confirmation Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 19 / 20

  37. Protocol extensions Distributed computation Election authorities → election private key, tally results Registrars → voter’s private keys for proof simulation and vote confirmation Multiple voting Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 19 / 20

  38. Protocol extensions Distributed computation Election authorities → election private key, tally results Registrars → voter’s private keys for proof simulation and vote confirmation Multiple voting Voter uses several private keys Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 19 / 20

  39. Protocol extensions Distributed computation Election authorities → election private key, tally results Registrars → voter’s private keys for proof simulation and vote confirmation Multiple voting Voter uses several private keys Hardware devices Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 19 / 20

  40. Protocol extensions Distributed computation Election authorities → election private key, tally results Registrars → voter’s private keys for proof simulation and vote confirmation Multiple voting Voter uses several private keys Hardware devices Delegation of proof simulation to the server Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 19 / 20

  41. Questions? Sandra Guasch, Paz Morillo How to challenge and cast your e-vote 20 / 20

Recommend


More recommend