Presentation is loading. Please wait.

Presentation is loading. Please wait.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 1 Towards a Dependability Case for the Chaum Voting Scheme Peter Y A Ryan University of.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 1 Towards a Dependability Case for the Chaum Voting Scheme Peter Y A Ryan University of."— Presentation transcript:

1 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 1 Towards a Dependability Case for the Chaum Voting Scheme Peter Y A Ryan University of Newcastle With Jeremy Bryans, Bev Littlewood, Lorenzo Strigini, Peter Ayton,….

2 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 2 Background Security strand of DIRC project: Dependability Interdisciplinary Research Collaboration (dirc.org.uk). Design and evaluation of computer-based systems for dependability. Socio-technical approach. E-voting, and the Chaum scheme is particular a nice example of such a system with secrecy and integrity requirements. Full dependability case will need to encompass the surrounding socio-technical system and detail the assumptions etc.

3 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 3 Design Philosophy Many e-voting schemes call for heavily trust in the technical components. Little or no monitoring. The Chaum scheme by contrast shifts the dependence away from the technical components to the vigilance of the users: voters, officials, auditors etc. The probability of undetected corruption of votes is negligible. Dependability by the people for the people.

4 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 4 Socio-technical aspects Consequently, the surrounding system, procedures and behaviour of humans are critical. Error handling and recovery strategies need to be carefully designed and evaluated. Hence, need to examine the socio-technical failure modes and counter-measures. Errors need to be diagnosed and thresholds for triggering the recovery strategies established. Careful trade-off needed between: –aborting elections too easily. –Allowing the possibility of significant, undetected corruption.

5 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 5 Chaum Key ingredient: provide an encrypted ballot receipt that allows the voter to check that their vote is included in the tally whilst not revealing the vote. The challenge is to provide high assurance that the ballot will be decrypted correctly. Uses a cut and choose protocol plus a robust anonymising mix. Shows that, up to certain probabilistic and computational limits, voter-verifiability and ballot secrecy can be simultaneously achieved.

6 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 6 Chaum in a nutshell Vote encoded in two parts, each separately (pseudo-) random noise. Voter gets choice between the components and gets to run well-formedness checks on retained part. Booth passes a copy of the receipt along with nested decryption information (“Russian dolls”) to a series of tellers. Tellers perform an anonymising mix on the batch of receipts, striping off layers of encryption at each stage. Random audits performed on the tellers. In principle: if all checks are performed assiduously, the chance of p votes being corrupted undetected falls off as 1/2 p.

7 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 7 Anne casts a vote Anne registers and logs on in the booth. Anne makes her voting choice. Anne’s choice is represented by matching symbols on two layers/strips. If the Anne now confirms the choice, the booth now prints the encrypted “Russian dolls”. Assuming that these cryptographic commitments match, Anne signals “okay” and is now invited to choose to retain either the upper or lower strip. “To retain” and the appropriate seed information is now printed on the chosen part. “To destroy” on the reject strip. She leaves the booth, surrenders the strip and witnesses its destruction and runs a well-formedness check on the retained part. Finally she should check that her ballot is correctly posted on the web.

8 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 8 Socio-technical vulnerabilities Booth prints incorrect vote and voter fails to notice. Voter choice between layers/strips is highly predictable or coercible. Small proportion of voters perform the checks. Voters tend to fail to notify erroneous checks. Notifications are not properly diagnosed, collated and/or acted upon. Voter may flag false errors. Note: this is not verifiable by a 3 rd party.

9 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 9 “Are you sure that you want to destroy the lower layer?” It is essential that booth not be able to predict or coerce the voter’s choice of layer/strip. But ~80% of people asked to “randomly” choose heads or tails choose heads. Correlation with second choice also high. What proportion of voters would notice if the booth “lied” about their choice? Should a second try be allowed if voter flags error? Or even a third? Might be voter error. Putting all these together could result in a highly predicatable or coersable choice and so weaken the scheme.

10 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 10 Counter-measures Aid voter’s randomness, e.g., coin in a perspex cylinder. Use a different, e.g. mechanical technique to mark the layer or strip for destruction. Perform well-formedness checks (tricky without compromising vote secrecy) immediately after first error report by voter to help detect corrupt booth. Establish suitable error diagnosis and recovery strategies.

11 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 11 Teller errors Similarly need to define error-handling and recovery strategies for the teller audits. E.g., set thresholds for alerts-need to counter under the radar collusion attacks by tellers.

12 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 12 Public Trust Not enough for the system to be dependable, it must also be seen to be dependable. The scheme is complex and difficult to understand. To what extent could “the average voter” understand the scheme and believe the claims? To what extent would assurances of experts suffice? How easy would it be to undermine public confidence (e.g., “Andrey’s attack”)?

13 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 13 Trials Plan to perform a number of trails at DIRC sites. Possible questions to address: –Do people understand the procedures and checks okay? –Do they understand the encoding of the vote (especially if we use the Prêt à Voter version)? –How diligent are they in performing the various checks, reporting problems? –Do they understand what they are supposed to do when an error occurs (e.g., a check fails)? –How easily can they be fooled or coerced about their choice of layer/strip? –To what extent do they understand the rationale behind the checks? –To what extent do they need to understand the rationale in order to perform the checks with reasonable diligence? –To what extent would they trust the scheme (as compared to pen and paper, DRE etc?) (for accuracy and for privacy)? –Do they regard the voter verification as a valuable feature?

14 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 14 Conclusions The Chaum scheme minimises dependence on technical components. For the accuracy requirement, no trust (dependence) need to placed in the components. The checks mean that an election can be verified as opposed to the election system. Technical (mathematical) core appears robust. The surrounding socio-technical mechanisms (error handling, recovery strategies, thresholds,…) need to be carefully designed and evaluated. Public understanding and trust is likely to be an obstacle to uptake.

15 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 15 Future work Formal analysis of the scheme (and variants). Construct full risk analysis/dependability case: –Elucidation of the goals and requirements; technical, social, political, legal, economic… –Investigate social threats. –Specify and evaluate error handling and recovery strategies. –Conduct full risk analysis. To what extent is fairness and absence of bias achieved? Investigate how public trust could be established, maintained (undermined). Investigate mental models. Conduct trails.

16 26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 16 Further information www.dirc.org.uk Various Newcastle tech reports: –CS-TR-809 (gives full details of the original scheme) –“A simplified version of the Chaum e-voting scheme” (presents a pedagogic, simplified version) –FAST 2003 E-voting Workshop at DSN, Florence end June 2004.

Download ppt "26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 1 Towards a Dependability Case for the Chaum Voting Scheme Peter Y A Ryan University of."

Similar presentations

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Electronic Voting Systems

Electronic Voting Systems
Prêt à Voter A brief (heavily biased) history of verifiable voting Bertinoro 2010P Y A Ryan Prêt à Voter1 Peter Y A Ryan University of Luxembourg.

Prêt à Voter A brief (heavily biased) history of verifiable voting Bertinoro 2010P Y A Ryan Prêt à Voter1 Peter Y A Ryan University of Luxembourg.
Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.

Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)

Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.

ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.

On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.

Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.
Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, 18-19 March 2010.

Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.
Frontiers of Electronic Elections Milan, 16 September 2005 P Y A Ryan Prêt à Voter 1 Beyond Prêt à Voter Peter Y A Ryan.

Frontiers of Electronic Elections Milan, 16 September 2005 P Y A Ryan Prêt à Voter 1 Beyond Prêt à Voter Peter Y A Ryan.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Edinburgh 12 June 2008 P Y A Ryan Prêt à Voter 1 Trust and Security in Voting Systems Peter Y A Ryan Newcastle University.

Edinburgh 12 June 2008 P Y A Ryan Prêt à Voter 1 Trust and Security in Voting Systems Peter Y A Ryan Newcastle University.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora {bhosp, simha, jstanton, Dept. of Computer.

Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora {bhosp, simha, jstanton, Dept. of Computer.
Software Quality Control Methods. Introduction Quality control methods have received a world wide surge of interest within the past couple of decades.

Software Quality Control Methods. Introduction Quality control methods have received a world wide surge of interest within the past couple of decades.

Similar presentations

Ads by Google