Presentation is loading. Please wait.

Presentation is loading. Please wait.

James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne.

Published byBriana Oxman Modified over 9 years ago

Similar presentations

Presentation on theme: "James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne."— Presentation transcript:

1 James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne

2 Background: PGD (1.0) Combines Code Voting with Verifiable tallying High privacy and integrity guarantees from untrusted voting clients Each voter gets a sheet of codes via a “secure” channel one for each candidate One Ack They enter the code of their chosen candidate Check they got the correct Ack

3 PGD 1 Ballot construction Distributed ballot construction produces, for each Ballot ID: Encrypted codes on the BB listed in a random (candidate) order Described by a PaV-style onion Unencrypted codes for the code sheets Printing these out is the main privacy vulnerability

4 PGD1 Tallying Submitted codes are encrypted by a Vote Server Matched to the code on the BB using a distributed plaintext equivalence test This gives an index Tallied using the PaV onion

5 Background: PGD (1.0) Good: Even a cheating client can’t mis-cast or drop the vote A coercer can’t find out the vote afterwards Unless they have both the code sheet and control of the device Bad: A coercer can steal the code sheet before the vote A colluding threshold of trustees can misrecord the vote

6 Extending PGD to STV, Borda etc Each voter lists the candidates in their order of preference Obvious extension: send off the codes in order of preference Doesn’t work because a cheating device can rearrange them

7 Idea A: Incremental Code sheet has a Vote Code and Ack Code for each candidate Send in Vote Codes in preference order, wait for the Ack Code before sending the next Vote Code Very secure but very slow Cheating device can’t manipulate the vote

8 Idea C: 2 dimensional table Each voter receives a code for each candidate, for each preference One Ack Candidate1 st 2 nd 3 rd 4th Incumbent3772583948920934 Imprudent4909534512232225 Repellent9521589333333209 Insolvent7387345533523409 Ballot ID: 3884092844 Ack: 28902

9 To vote Repellent, Insolvent, Imprudent, Incumbent: Send 9521, 3455, 1223, 0934 Expect return Ack 28902 Idea C (cont’d)‏ Candidate1 st 2 nd 3 rd 4th Incumbent3772583948920934 Imprudent4909534512232225 Repellent9521589333333209 Insolvent7387345533523409 Ballot ID: 3884092844 Ack: 28902

10 Idea C: pros and cons Voting in one step; Ack returns in one simple step As strong a defence against cheating client as PGD 1.0 Device can’t change vote without knowing codes Same privacy guarantee as PGD 1.0 Single ack implies receipt-freeness even if the coercer observes ack return

11 Idea B: Return Ack codes in ballot order Each voter receives A list of candidate codes in a random, secret order A list of preference-ack codes in preference order The voter sends the candidate codes in preference order and receives the preference-ack codes in the order the candidates appear on their code sheet

12 Example To vote Repellent, Insolvent, Imprudent, Incumbent: Send 9521, 7387, 4909, 3772 Expect return pref-acks W,C,K,T CandidateVote Code Incumbent3772 Imprudent4909 Repellent9521 Insolvent7387 Ballot ID: 3884092844 PreferencePref-Ack Code 1 st K 2 nd T 3 rd C 4 th W Ballot ID: 3884092844 Pref-Ack W C K T

13 Idea B: security properties Integrity: A cheating client (who doesn’t know the meaning of the preference codes) can swap two preferences undetectably only if it knows which two positions on the code sheet they correspond to. Not great if there are only 2 candidates Privacy is guaranteed against an adversary who either Does not observe the voter’s communications, or Does not see the code sheet

14 Idea B: pros and cons Voting in one step; Ack returns in one (complicated) step (Somewhat) weaker defence against cheating client than PGD 1.0 Because if the device can guess or discover the candidates’ ballot positions, it can swap the votes (Somewhat) weaker privacy than PGD 1.0 Because if an attacker observes the code sheet and the pref-ack return they can learn the vote

15 Conclusion Democracy has numerous and powerful adversaries Often insiders PGD does a decent job of addressing many of the threats Especially untrusted client machines But there are more features to add before fielding in real elections Coercion-resistance

16 EVT/WOTE 2011 August 2011 San Francisco

17 Idea C: 2d table CandidateVote Code Incumbent3772 Imprudent4909 Repellent9521 Insolvent7387 Ballot ID: 3884092844

18 Incompetent Red Green Chequered Fuzzy Cross $rJ9*mn4R&8

Download ppt "James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne."

Similar presentations

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Pretty Good Democracy James Heather, University of Surrey

Pretty Good Democracy James Heather, University of Surrey
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
David Evans CS588: Cryptography University of Virginia Computer Science Lecture 17: Public-Key Protocols.

David Evans CS588: Cryptography University of Virginia Computer Science Lecture 17: Public-Key Protocols.
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.

Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.

Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.
Can voters check that their e-vote is cast as they intended and properly included in an accurate count? Vanessa Teague University of Melbourne

Can voters check that their e-vote is cast as they intended and properly included in an accurate count? Vanessa Teague University of Melbourne
Good or Bad?.  One of the closest contests in US history  Florida was the pivotal state  Neither Democrat Al Gore nor Republican George W. Bush had.

Good or Bad?.  One of the closest contests in US history  Florida was the pivotal state  Neither Democrat Al Gore nor Republican George W. Bush had.
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)

Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission Craig Burton 1 Chris Culnane 2 James Heather 2 Thea Peacock 3 Peter Y. A.

A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission Craig Burton 1 Chris Culnane 2 James Heather 2 Thea Peacock 3 Peter Y. A.
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.

ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.

On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

Similar presentations

Ads by Google