Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz Short Ballot Assumption and Threeballot E-voting Voting Protocol Threeballot Strauss’ Attack SBA Jacek Cicho´ n Mirosław Kutyłowski Bogdan We ¸glorz Results 2 Candidates Case Wrocław University of Technology SOFSEM, Nov´ y Smokovec, 2008
Voting basic requirements Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz Design goals E-voting Threeballot 1 low cost Strauss’ 2 easy for voters Attack SBA 3 easy to count Results 4 flexibility of voting options 2 Candidates Case 5 no vote selling, no cheating
E-Voting subfields of research Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz E-voting Subfields in e-voting: Threeballot Strauss’ voting machines for polling stations Attack remote voting with electronic devices SBA Results novel paper-based methods 2 Candidates Case
E-Voting necessity Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz Why do we need e-voting: E-voting Threeballot current procedures are not that secure as people Strauss’ believe, Attack SBA mobility of voters, Results postal voting enables vote selling, 2 Candidates Case voters distrust authorities.
Traditional paper voting threats Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz E-voting Some manipulation possibilities Threeballot Strauss’ 1 put an additional mark to make a ballot invalid (Poland), Attack 2 exchange ballots from a ballot box, SBA Results 3 prevent a voter to come to the polling station. 2 Candidates Case
Postal voting threats Threeballot and SBA Cicho´ n, Kutyłowski, Postal voting We ¸glorz 1 ballot in a sealed envelope, envelope in a second E-voting envelope Threeballot Strauss’ 2 deadline for incoming ballots Attack SBA Results Problems 2 Candidates Case 1 destroying envelops from districts where the opponent has majority, 2 selling unfilled ballots.
Voting machines threats Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz Voting machines E-voting 1 in a polling station: voting machines, no paper ballots Threeballot filled, Strauss’ 2 advantage - fast and reliable vote counting. Attack SBA Results Problems 2 Candidates Case 1 trusted hardware & software? 2 costs (machines unused between elections,...).
Remote voting threats Threeballot and SBA Cicho´ n, Kutyłowski, Remote voting We ¸glorz 1 voting with electronic communication means (Internet, E-voting UMTS,...) Threeballot 2 like postal voting but cheaper and more reliable Strauss’ Attack (confirmations!) SBA Results Problems 2 Candidates Case 1 insecure or unreliable devices, 2 (remote) vote selling, 3 voters can be under pressure.
Goals protocols and improvements Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz New features E-voting changing protocol may increase security, efficiency, Threeballot dependability,... Strauss’ Attack examples: SBA local verifiability Results (I can check that MY ballot has been counted), 2 Candidates global verifiability Case (I can check overall counting process).
General Situation Threeballot and SBA Cicho´ n, Kutyłowski, Situation We ¸glorz 1 no reliable solution so far, E-voting 2 implementations: dramatic situation as a rule! Threeballot Strauss’ 3 electronic devices sometimes make more trouble than Attack help. SBA Results 2 Candidates Case
General Situation Threeballot and SBA Cicho´ n, Kutyłowski, Situation We ¸glorz 1 no reliable solution so far, E-voting 2 implementations: dramatic situation as a rule! Threeballot Strauss’ 3 electronic devices sometimes make more trouble than Attack help. SBA Results What to do? 2 Candidates Case 1 rethink paper-based methods 2 design electronic methods that work even if everybody is dishonest
Three Ballot Idea of Ronald Rivest Threeballot and SBA Cicho´ n, Kutyłowski, An empty ballot We ¸glorz E-voting Cichon Threeballot Strauss’ Attack Kutylowski SBA Results 2 Candidates Weglorz Case
Three Ballot Idea of Ronald Rivest Threeballot and SBA Cicho´ n, Kutyłowski, A vote for Weglorz We ¸glorz E-voting Cichon Threeballot Strauss’ Attack Kutylowski SBA Results 2 Candidates Weglorz Case
Three Ballot Idea of Ronald Rivest Threeballot and SBA Cicho´ n, Kutyłowski, A vote for Cichon We ¸glorz E-voting Cichon Threeballot Strauss’ Attack Kutylowski SBA Results 2 Candidates Weglorz Case
Three Ballot Idea of Ronald Rivest Threeballot and SBA Cicho´ n, Kutyłowski, A vote for Kutylowski We ¸glorz E-voting Cichon Threeballot Strauss’ Attack Kutylowski SBA Results 2 Candidates Weglorz Case
Three Ballot Idea of Ronald Rivest Threeballot and SBA Cicho´ n, Kutyłowski, A ballot with IDs We ¸glorz E-voting Cichon Threeballot Strauss’ Attack Kutylowski SBA Results 2 Candidates Weglorz Case 7ds8fDSKCds9dsAs Df88fDdssiDFs87DSs y&stdtsydDydgstd7er
Three Ballot voting procedure Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz Protocol steps E-voting Threeballot 1 a voter fills one bubble in each row, Strauss’ 2 the voter fills one extra bubble in a row of his candidate, Attack SBA 3 the columns are separated, Results 4 the voter takes copy of one chosen column , 2 Candidates Case 5 all three ballots are cast into the ballot box.
Three Ballot receipt and vote-selling Threeballot and SBA Cicho´ n, Kutyłowski, A receipt brings no information on a vote We ¸glorz E-voting Cichon Threeballot ? ? Strauss’ Attack Kutylowski SBA ? ? Results 2 Candidates Weglorz Case ? ? 7ds8fDSKCds9dsAs Df88fDdssiDFs87DSs y&stdtsydDydgstd7er
Three Ballot receipt and vote-selling Threeballot and SBA Cicho´ n, Kutyłowski, A receipt brings no information on a vote We ¸glorz E-voting Cichon Threeballot ? ? Strauss’ Attack Kutylowski SBA Results 2 Candidates Weglorz Case ? 7ds8fDSKCds9dsAs Df88fDdssiDFs87DSs y&stdtsydDydgstd7er
Three Ballot receipt and vote-selling Threeballot and SBA Cicho´ n, Kutyłowski, A receipt brings no information on a vote We ¸glorz E-voting Cichon Threeballot ? Strauss’ Attack Kutylowski SBA Results 2 Candidates Weglorz Case ? 7ds8fDSKCds9dsAs Df88fDdssiDFs87DSs y&stdtsydDydgstd7er
Three Ballot receipt and vote-selling Threeballot and SBA Cicho´ n, Kutyłowski, A receipt brings no information on a vote We ¸glorz E-voting Cichon Threeballot ? Strauss’ Attack Kutylowski SBA Results 2 Candidates Weglorz Case ? 7ds8fDSKCds9dsAs Df88fDdssiDFs87DSs y&stdtsydDydgstd7er
Three Ballot attack Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz E-voting The main idea Threeballot Strauss’ 1 perfect security when a single receipt is concerned Attack SBA 2 ... but all ballots from the ballot box are published and Results knowledge on them can be used in an attack 2 Candidates Case
Three Ballot attack, Charlie Strauss Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz Idea of the attack E-voting 1 given a ballot A which other ballots can be used to Threeballot compose a valid 3-ballot with A ? Strauss’ Attack SBA 2 Results 2 Candidates Case 3
Three Ballot inconsistent ballots Threeballot and SBA Cicho´ n, Ballots that cannot originate from the same ballot Kutyłowski, We ¸glorz E-voting Threeballot Strauss’ Attack SBA Results 2 Candidates Case
Three Ballot attack, Charlie Strauss Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz Idea of the attack E-voting 1 given a ballot A which other ballots can be used to Threeballot compose a valid 3-ballot with A ? Strauss’ Attack 2 B is NOT from the same 3-ballot as A if more one SBA row contain filled bubbles both in A and B Results 3 if many rows (candidates in a contest), then it is 2 Candidates Case unlikely that two random ballots are consistent in this sense.
Three Ballot attack Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz E-voting Idea of the attack Threeballot 1 find a receipt A such that there is only one candidate Strauss’ Attack 3-ballot containing A SBA Results 2 Candidates Case
Three Ballot attack Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz E-voting Idea of the attack Threeballot 1 find a receipt A such that there is only one candidate Strauss’ Attack 3-ballot containing A SBA 2 remove the ballots of the 3-ballot found, Results 3 repeat 2 Candidates Case
Three Ballot Attack details Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz E-voting Question Threeballot for how many candidates in a contest the scheme is still Strauss’ Attack secure? SBA for two candidates attack of this kind hopeless, for (say) Results 22 candidates almost always successful. 2 Candidates Case
Short Ballot Assumption Threeballot and SBA Cicho´ n, Kutyłowski, We ¸glorz Solution proposed- Short Ballot Assumption E-voting Threeballot The list of candidates on a ballot is short enough in order to Strauss’ guarantee security. Attack SBA Problem Results 2 Candidates where is the boundary between secure Threeballot and Case insecure Threeballot?
Recommend
More recommend