Presentation is loading. Please wait.

Presentation is loading. Please wait.

James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne.

Similar presentations


Presentation on theme: "James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne."— Presentation transcript:

1 James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne

2 Background: PGD (1.0) Combines Code Voting with Verifiable tallying High privacy and integrity guarantees from untrusted voting clients Each voter gets a sheet of codes via a “secure” channel one for each candidate One Ack They enter the code of their chosen candidate Check they got the correct Ack

3 PGD 1 Ballot construction Distributed ballot construction produces, for each Ballot ID: Encrypted codes on the BB listed in a random (candidate) order Described by a PaV-style onion Unencrypted codes for the code sheets Printing these out is the main privacy vulnerability

4 PGD1 Tallying Submitted codes are encrypted by a Vote Server Matched to the code on the BB using a distributed plaintext equivalence test This gives an index Tallied using the PaV onion

5 Background: PGD (1.0) Good: Even a cheating client can’t mis-cast or drop the vote A coercer can’t find out the vote afterwards Unless they have both the code sheet and control of the device Bad: A coercer can steal the code sheet before the vote A colluding threshold of trustees can misrecord the vote

6 Extending PGD to STV, Borda etc Each voter lists the candidates in their order of preference Obvious extension: send off the codes in order of preference Doesn’t work because a cheating device can rearrange them

7 Idea A: Incremental Code sheet has a Vote Code and Ack Code for each candidate Send in Vote Codes in preference order, wait for the Ack Code before sending the next Vote Code Very secure but very slow Cheating device can’t manipulate the vote

8 Idea C: 2 dimensional table Each voter receives a code for each candidate, for each preference One Ack Candidate1 st 2 nd 3 rd 4th Incumbent Imprudent Repellent Insolvent Ballot ID: Ack: 28902

9 To vote Repellent, Insolvent, Imprudent, Incumbent: Send 9521, 3455, 1223, 0934 Expect return Ack Idea C (cont’d)‏ Candidate1 st 2 nd 3 rd 4th Incumbent Imprudent Repellent Insolvent Ballot ID: Ack: 28902

10 Idea C: pros and cons Voting in one step; Ack returns in one simple step As strong a defence against cheating client as PGD 1.0 Device can’t change vote without knowing codes Same privacy guarantee as PGD 1.0 Single ack implies receipt-freeness even if the coercer observes ack return

11 Idea B: Return Ack codes in ballot order Each voter receives A list of candidate codes in a random, secret order A list of preference-ack codes in preference order The voter sends the candidate codes in preference order and receives the preference-ack codes in the order the candidates appear on their code sheet

12 Example To vote Repellent, Insolvent, Imprudent, Incumbent: Send 9521, 7387, 4909, 3772 Expect return pref-acks W,C,K,T CandidateVote Code Incumbent3772 Imprudent4909 Repellent9521 Insolvent7387 Ballot ID: PreferencePref-Ack Code 1 st K 2 nd T 3 rd C 4 th W Ballot ID: Pref-Ack W C K T

13 Idea B: security properties Integrity: A cheating client (who doesn’t know the meaning of the preference codes) can swap two preferences undetectably only if it knows which two positions on the code sheet they correspond to. Not great if there are only 2 candidates Privacy is guaranteed against an adversary who either Does not observe the voter’s communications, or Does not see the code sheet

14 Idea B: pros and cons Voting in one step; Ack returns in one (complicated) step (Somewhat) weaker defence against cheating client than PGD 1.0 Because if the device can guess or discover the candidates’ ballot positions, it can swap the votes (Somewhat) weaker privacy than PGD 1.0 Because if an attacker observes the code sheet and the pref-ack return they can learn the vote

15 Conclusion Democracy has numerous and powerful adversaries Often insiders PGD does a decent job of addressing many of the threats Especially untrusted client machines But there are more features to add before fielding in real elections Coercion-resistance

16 EVT/WOTE 2011 August 2011 San Francisco

17 Idea C: 2d table CandidateVote Code Incumbent3772 Imprudent4909 Repellent9521 Insolvent7387 Ballot ID:

18 Incompetent Red Green Chequered Fuzzy Cross $rJ9*mn4R&8


Download ppt "James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne."

Similar presentations


Ads by Google