swiss e voting workshop september 6 2010 transparency
play

Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 - PowerPoint PPT Presentation

Jun 06, 2023 •265 likes •722 views

Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3 VERIFIABILITY PRIVACY Remote 4 KEY PRINCIPLE:

  1. Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010

  2. TRANSPARENCY SECURITY 2

  3. VERIFIABILITY PRIVACY 3

  4. VERIFIABILITY PRIVACY Remote 4

  5. KEY PRINCIPLE: Mutual Distrust 5

  6. VERIFIABILITY Universal verifiability Voter verifiability UV: [Sako and Killian 1994, 1995] VV: [Kremer, Ryan & Smyth 2010] 6

  7. PRIVACY Coercion resistance better than receipt freeness or simple anonymity RF: [Benaloh 1994] CR: [Juels, Catalano & Jakobsson 2005] 7

  8. ROBUSTNESS Tally availability 8

  9. Civitas Security Properties Original system: Ongoing projects: • Universal verifiability • Voter verifiability • Coercion resistance • Tally availability 9

  10. JCJ Voting Scheme [Juels, Catalano & Jakobsson 2005] Proved universal verifiability and coercion resistance Civitas extends JCJ 10

  11. Civitas Architecture registration registration teller registration teller tabulation teller teller ballot box bulletin tabulation teller ballot box ballot box board voter client tabulation teller 11

  12. Registration registration registration teller registration teller teller voter client Voter retrieves credential share from each registration teller; combines to form credential 12

  13. Credentials • Verifiable • Unsalable • Unforgeable • Anonymous 13

  14. Voting ballot box ballot box ballot box voter client Voter submits copy of encrypted choice and credential to each ballot box 14

  15. Resisting Coercion: Fake Credentials 15

  16. Resisting Coercion If the coercer demands that  en the voter… the voter… Submits a particular vote Does so with a fake credential. Sells or surrenders a credential Supplies a fake credential. Abstains Supplies a fake credential to the adversary and votes with a real one. 16

  17. Tabulation tabulation teller ballot box bulletin tabulation teller ballot box ballot box board tabulation teller Tellers retrieve votes from ballot boxes 17

  18. Tabulation tabulation teller bulletin tabulation teller board tabulation teller Tabulation tellers anonymize votes; eliminate unauthorized (and fake) credentials; decrypt remaining choices. 18

  19. Civitas Architecture registration registration teller registration teller tabulation teller teller ballot box bulletin tabulation teller ballot box ballot box board voter client tabulation teller Universal verifiability: Coercion resistance: Tellers post zero-knowledge proofs Voters can undetectably fake during tabulation credentials 19

  20. Protocols – El Gamal; distributed [Brandt]; non-malleable [Schnorr and Jakobsson] – Proof of knowledge of discrete log [Schnorr] – Proof of equality of discrete logarithms [Chaum & Pederson] – Authentication and key establishment [Needham-Schroeder-Lowe] – Designated-verifier reencryption proof [Hirt & Sako] – 1-out-of-L reencryption proof [Hirt & Sako] – Signature of knowledge of discrete logarithms [Camenisch & Stadler] – Reencryption mix network with randomized partial checking [Jakobsson, Juels & Rivest] – Plaintext equivalence test [Jakobsson & Juels] 20

  21. Civitas Implementation Component LoC Tabulation teller 5,700 Registration teller 1,300 Bulletin board, ballot box 900 Voter client 800 Other (incl. common code) 4,700 Low-level crypto and I/O 8,000 (Java and C) Total LoC 21,400 21

  22. Trust Assumptions 22

  23. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. 4. At least one of each type of authority is honest. 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 23

  24. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. Universal verifiability Coercion resistance 3. Voters trust their voting client. 4. At least one of each type of authority is honest. Coercion resistance 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 24

  25. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 25

  26. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 26

  27. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 27

  28. Registration In person. In advance. Con: System not fully remote Pro: Credential can be used in many elections 28

  29. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 29

  30. Eliminating Trust in Voter Client UV: Use challenges , like in Helios CR: Open problem 30

  31. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 31

  32. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 32

  33. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 33

  34. Untappable Channel Minimal known assumption for receipt freeness and coercion resistance Eliminate? Open problem. (Eliminate trusted registration teller? Also open.) 34

  35. Civitas Trust Assumptions 1. “Cryptography works.” 2.  e adversary cannot masquerade as a voter during registration. 3. Voters trust their voting client. UV + CR 4. At least one of each type of authority is honest. CR 5.  e channels from the voter to the ballot boxes are anonymous. 6. Each voter has an untappable channel to a trusted registration teller. 35

  36. Trusted procedures? 36

  37. Time to Tally 37

  38. Tabulation Time vs. Precinct Size # voters in precinct = K, # tab. tellers = 4, security strength ≥ 112 bits [NIST 2011–2030] 38

  39. Summary Can achieve strong security and transparency: – Remote voting – Universal verifiability – Coercion resistance Security is not free: – Stronger registration (untappable channel) – Cryptography (computationally expensive) 39

  40. Assurance Security proofs (JCJ) Secure implementation (Jif) 40

  41. Ranked Voting Methods 41

  42. Open Research Problems • Coercion-resistant voter client? • Eliminate untappable channel in registration? • Credential management? • Application-level denial of service? 42

  43. http://www.cs.cornell.edu/projects/civitas (google “civitas voting”)

  44. Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010

Recommend

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi Puiggali VP Research & Development Jordi.Puiggali@scytl.com Index Auditability in e-voting Types of verifiability Verifiability methods

719 views • 27 slides
Bringing open audit elections into practice: Real world uses of Helios Olivier Pereira

Bringing open audit elections into practice: Real world uses of Helios Olivier Pereira

Bringing open audit elections into practice: Real world uses of Helios Olivier Pereira Universit e catholique de Louvain Joint work with Ben Adida Harvard and Olivier de Marneffe UCL Swiss E-Voting Workshop September, 2010

599 views • 32 slides
Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3

Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3

Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3 #4 #5 Security Goals for an Election Integrity: No election fraud Transparency: Everyone especially the loser must be able to verify

576 views • 53 slides
The Swiss Contribution to the reduction of disparities within the enlarged EU Bulgarian Swiss

The Swiss Contribution to the reduction of disparities within the enlarged EU Bulgarian Swiss

State Secretariat of Economic Affairs SECO Swiss Agency for Development and Cooperation SCD The Swiss Contribution to the reduction of disparities within the enlarged EU Bulgarian Swiss Chamber of Commerce, 7 October 2010 Franziska Keller,

299 views • 26 slides
Swiss Law and Swiss Arbitration Seoul, 18 September 2018 Tino Gaberthel and Harold Frey Why

Swiss Law and Swiss Arbitration Seoul, 18 September 2018 Tino Gaberthel and Harold Frey Why

Establishment of a Swiss Presence, Application of Swiss Law and Swiss Arbitration Seoul, 18 September 2018 Tino Gaberthel and Harold Frey Why Switzerland? Political and economic stability Excellent infrastructure Efficient and

612 views • 27 slides
GEOMETRIC APPROACH TO PARADOXES OF VOTING POWER Workshop on Voting Theory and Preference

GEOMETRIC APPROACH TO PARADOXES OF VOTING POWER Workshop on Voting Theory and Preference

GEOMETRIC APPROACH TO PARADOXES OF VOTING POWER Workshop on Voting Theory and Preference Modelling Sponsored by DIMACS and LAMSADE Paris, Universit e Paris Dauphine 28 October 2006 Michael A. Jones Department of Mathematical Sciences

703 views • 33 slides
Hiran Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Hiran Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Post Gu 2010 Food Security and Nutrition Analysis Unit Somalia Information for Better August 18th 2010 Livelihoods Hiran Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal Assessment Coverage

246 views • 23 slides
Juba Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Juba Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Post Gu 2010 Food Security and Nutrition Analysis Unit Somalia August 18th 2010 Information for Better Livelihoods Juba Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal Assessment Coverage

530 views • 30 slides
Gedo Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Gedo Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Post Gu 2010 Food Security and Nutrition Analysis Unit Somalia Information for Better August 18th 2010 Livelihoods Gedo Region Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal Assessment Coverage

700 views • 26 slides
Shabelle Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Shabelle Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010

Post Gu 2010 Food Security and Nutrition Analysis Unit Somalia August 18th 2010 Information for Better Livelihoods Shabelle Regions Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal Assessment Coverage

549 views • 32 slides
Central Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal

Central Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal

Post Gu 2010 Food Security and Nutrition Analysis Unit Somalia August 18th 2010 Information for Better Livelihoods Central Swiss Agency for Development and Cooperation SDC EUROPEAN COMMISSION Gu 2010 Seasonal Assessment Coverage Field

345 views • 22 slides
13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019

13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019

Brussels 21/11/2019 13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019 Kathrine Nygaard Stannov, Subject Manager Transparency Rene Prins, Transparency Adviser Agenda > New developments in 2019

648 views • 32 slides
NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation

NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation

NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation Activities of NTW Workshop on Environmental Mapping: Mobilising Trust in Measurements and Engaging Scientific Citizenry Nadja Zeleznik nzeleznik@rec.org

338 views • 30 slides
Fiscal Transparency and Accountability Overview Importance of Institutional Transparency

Fiscal Transparency and Accountability Overview Importance of Institutional Transparency

September 28, 2017 Alex Hathaway Center for State and Local Finance Fiscal Transparency and Accountability Overview Importance of Institutional Transparency Review of the Literature Methodology Volcker Alliance questions

343 views • 16 slides

More recommend

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data Science ZHAW School of Engineering, Winterthur 21 March 2014 Andr Golliez Managing Partner itopia ag President Opendata.ch, Swiss Chapter of the

656 views • 30 slides
Topical workshop on Radiation biology Topical workshop on Radiation biology September 2010

Topical workshop on Radiation biology Topical workshop on Radiation biology September 2010

Topical workshop on Radiation biology Topical workshop on Radiation biology September 2010 (B.2.3. Training) Medical Radiation Physics Department of Oncology-Pathology f O Karolinska Institutet Stockholm, Sweden , Visiting scientists

233 views • 6 slides
Thoughts On Appropriate Technologies for Voting Ronald L. Rivest Viterbi Professor of EECS MIT,

Thoughts On Appropriate Technologies for Voting Ronald L. Rivest Viterbi Professor of EECS MIT,

Thoughts On Appropriate Technologies for Voting Ronald L. Rivest Viterbi Professor of EECS MIT, Cambridge, MA Princeton CITP E-voting Workshop 2012-11-01 1 Is Voting Keeping Up with Technology? We live in an age of marvelous

1.35k views • 99 slides
transparency: Opportunities of the Fisheries Transparency Initiative (FiTI) 16 Session COFI

transparency: Opportunities of the Fisheries Transparency Initiative (FiTI) 16 Session COFI

Driving change in fisheries trade through transparency: Opportunities of the Fisheries Transparency Initiative (FiTI) 16 Session COFI Sub-Committee on Fish trade / Busan, 6 September 2017 The necessity of transparency in fisheries International

346 views • 15 slides
Workshop Workshop EMEA Transparency Policy EMEA Transparency Policy Draft Key Principles Draft

Workshop Workshop EMEA Transparency Policy EMEA Transparency Policy Draft Key Principles Draft

Workshop Workshop EMEA Transparency Policy EMEA Transparency Policy Draft Key Principles Draft Key Principles 22 January 2009 22 January 2009 Dr Valentina Stamouli EMEA Regulatory Affairs EMEA 22 January 2009 1 Workshop on Transparency

305 views • 16 slides
integrity in lobbying JANOS BERTOK, OECD Transparency and Integrity in Lobbying: a Comparative

integrity in lobbying JANOS BERTOK, OECD Transparency and Integrity in Lobbying: a Comparative

Transparency and integrity in lobbying JANOS BERTOK, OECD Transparency and Integrity in Lobbying: a Comparative Perspective Workshop for Committee on Constitutional Affaires European Parliament Janos Bertok 22 September 2015 Head of

688 views • 47 slides
Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
Franois LEVEILLE ENTSOG Transparency Workshop Brussels, 11.12.2014 Overview The new ENTSOG

Franois LEVEILLE ENTSOG Transparency Workshop Brussels, 11.12.2014 Overview The new ENTSOG

CRE experiences with the new transparency platform Franois LEVEILLE ENTSOG Transparency Workshop Brussels, 11.12.2014 Overview The new ENTSOG Transparency Platform (updated on 10/2014) is an importan rtant t step towards a

295 views • 5 slides
The transparency of the Universe to Very High Energy photons Barbara De Lotto - University of

The transparency of the Universe to Very High Energy photons Barbara De Lotto - University of

The transparency of the Universe to Very High Energy photons Barbara De Lotto - University of Udine & INFN Outline: Photon propagation Observations of distant AGN Physics interpretation Conclusions Vulcano Workshop 2010

775 views • 24 slides
Stochastic Transparency Eric Enderton Erik Sintorn Pete Shirley David Luebke I3D 2010 Order

Stochastic Transparency Eric Enderton Erik Sintorn Pete Shirley David Luebke I3D 2010 Order

Stochastic Transparency Eric Enderton Erik Sintorn Pete Shirley David Luebke I3D 2010 Order Independent Transparency hair foliage particles windows shadows thereof Standard OIT algorithms Sort primitives Fails for overlaps Disrupts

582 views • 43 slides