A secure e-voting scheme based on blind signatures Student: María de Lourdes López García Thesis advisor: Dr. Francisco Rodríguez Henríquez Seminario Doctoral 07
Contents E-voting Problem statement General and specifics goals Blind signatures Our proposal Related e-voting schemes Final remarks and future work 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
E-voting An electronic voting scheme can be defined as an election system which generates electronic ballots; where these electronic ballots allow registered citizens to cast their votes from an electronic device and to transmit them via Internet towards the electronic electoral urn. An electronic voting scheme can be defined as an election system that generates electronic ballots which allow registered citizens to emit their votes from an electronic device and to transmit them via Internet towards the electronic electoral urn, where they will be stored and counted at the end of the electoral day. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
E-voting Advantages: Comfort and easiness to cast votes Instantaneous results A quick electoral process The Electronic voting systems may offer some advantages over traditional voting techniques. This type of systems offers a quick and comfortable form of casting a vote; can speed the counting of ballots which leads us to an electoral process quicker. Though debate on the issue of e-voting has been and will continue to be controversial, because the democracy depends upon the public believing in fair elections, these systems must be show to be as secure and reliable as other voting methods. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
E-voting Requirements: Authentication Anonymity Integrity Uniqueness Verifiable and auditable An e-voting system should be guarantees the following requirements: Authentication: only authorized voters should be able to vote. Fairness: no voter should be able to vote more than one time. Accuracy: election systems should record the votes correctly. Integrity: votes should not be able to be modified, forged, or deleted without detection. Anonimity: no one should be able to determine how any individual voted, and voters should not be able to prove how they voted. Transparency: the voters should understand and know the voting process. Verification and Accountability: it should be possible to verify that the votes have been correctly counted at the end of the election and this way to demonstrate their authenticity. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
E-voting Conflict Voting Counting To automate the process of voting takes us to offer the voter anonymity when casting their votes, however, be produced on the counting is necessary to give greater weight to verification to prevent fraudulent votes are counted. This leads us to consider the following problem. Voting Counting 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Blind signatures Layers of e-voting system Secure e-voting schemes digital/blind signatures 4 Blind signatures RSA, DSA, ECDSA, Pairing 3 This figure shows a hierarchical four layers model of e-voting schemes. On layer one, we present arithmetic operation that will use us. The next layer is compose for digital signatures algorithms, such as, RSA, ElGamal, DSA, ECDSA, and with pairing. The layer three we illustrate algorithms blind signatures, that they are a kind of digital signatures. The last layer is the combination of blind signatures and digital signatures, which it produces us a secure e-voting scheme. Digital signatures RSA, ElGamal, DSA, ECDSA, Pairing 2 Arithmetic operation add, multiplication, inversion and exponentiation 1 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Contents E-voting Problem statement General and specifics goals Blind signatures Our proposal Related e-voting schemes Final remarks and future work 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Problem statement How to create a verifiable e-voting scheme that preserves the voter’s anonymity. By combine cryptographic techniques, we want to reach an appropriated balance between voter’s anonymity and a verifiable system. To get the balance between voter’s anonymity and the need for a reliable audit system is complicated. Because, it’s extremely difficult, to create a verifiable e-voting scheme that still preserves the voter’s anonymity. Several schemes have been proposed which provide anonymity, however, haven’t been achieve the appropriate balance to identify fraudulent votes or malicious voters without to affect the identity reliable voters. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Contents E-voting Problem statement General and specifics goals Blind signatures Our proposal Related e-voting schemes Final remarks and future work 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Main goal To develop a secure e-voting scheme, based on blind signatures, which guarantees: voter’s anonymity and fraudulent vote identification as well as those voters who cast such duplicated votes. To develop a secure e-voting scheme, based on blind signatures, which guarantees: voter’s anonymity and to identify fraudulent votes as well as those voters who emit such votes. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Specific goals To select a suitable blind signature algorithm and digital signature. To develop a secure scheme for e-voting based just on DSA algorithm. To develop a secure scheme for e-voting based just on ECDSA algorithm. To look for cryptographic algorithms based on pairing blind signatures. To select a suitable pair of blind signature and digital signatures algorithms To development a secure scheme for e-voting scheme based just on Discrete Logarithm Problem To development a secure scheme for e-voting scheme based just on Discrete Logarithm Problem with Elliptic Curves. To look for cryptographic algorithms based on blind signatures. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Contents E-voting Problem statement General and specifics goals Blind signatures Our proposal Related e-voting schemes Final remarks and future work 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Blind signatures Digital signatures scheme M S Key Generation Kpriv Kpub SE: M S VE: M x S {true, false} Key Generation (kpriv,kpub) Signature (m,kpriv) s Verification (m,s,kpub) {true,false} sign A digital signature is a data string associating a message with an originating entity and uses three algorithms: To produce a digital signature are need the following: M represent the set of messages that can be signed. S represent the set of sign. Kpriv and kpub, represent the sets of private and public keys. Se represent the transformation rule for an entity e Ve represent the verification entities in order to verify signatures produced by e. The Key Generation algorithm get a pair private and public keys for signatory. The sign algorithm produces the sign s, from one message m and signatory’s private key. The verification algorithm, verify the sign of message m using the public key of signatory and produces true or false. ver 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Blind signatures Blind signatures [Chaum 1982] A commutative function c and its inverse c’ both known only by requester, such that: where b is a blindness factor for message. In 1982 Chaum proposed a blind signature scheme. Blind signature allows a provider to get a message signed by the signatory without revealing any information about the message. we as provider. Have a commutative function c and its inverse c’. we use a blinding factor b and my message m into function c and produce a blind message m’. After, I request the sign. The signatory sign the blinding message with his private key and we get a blind signature. Last, we use the inverse function c’ and the blinding factor b, and we get the sign of the message. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Blind signatures Primitives Key Generation Blindness Signing Unblindness Verification The blind signature's primitives are similar to digital signatures. It conserves key generation, signing and verification and add blindness and unblindness primitives. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Blind signatures Requester Signer Blind signature Message Blindness To make more clear the steps of blind signatures, we consider the following example: We have a message m which we desire to get the sign. We choose a blinding facto b and hidden the message. We request to signatory his sign. The signatory sign our blinding message with his private key. To get the message’s sign, we take the blinding factor and uses the function c’. Unblindness 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Blind signatures Requirements Accuracy (public) Blindness (signer) If m,s are reliable and kpub is the pair of kpriv which was used to sign s over m then: Blindness (signer) Knowing c, c’ and m’, and any b, it is hard to get: . A blind signature should not only preserve the properties of digital signatures but also meet additional requirements as follows: Accuracy: the correctness of the signature of a message signed through the proposed blind signature scheme can be checked by anyone using the signer’s public key. If m and s are reliable and public key is the pair of private key, which was used to sign s over m then the verification always is true. Blindness: the content of the message should be blind to the signer; the signer of the blind signature does not see the content of message. Knowing c, c’ and m’, and any b, i’t’s hard to get the message m. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Blind signatures Requirements Unforgability (requester) Untraceability (signer) Unforgability: the signature is the proof of the signer, and no one else can derive any forged signature y and pass verification. Untraceability: the signer of the blind signature is unable to link the message-signature pair even when the signature has been reveled to the public. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Blind signatures RSA-based blind signature [Chaum 1982] Blinding factor b A blind signature-based RSA uses a blinding factor b. the blinding function is b at singer’s public key e by the message m. The signer sign the message and return it to the provider. The provider moves the blinding. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Blind signatures DSA-based blind signature [Camenisch 1994] Requester Signer p, q, g (DSA) A blind signature-based DSA was proposed by Camenisch in 1994. Uses two blinding factor alpha and beta. Bob is the signer and Alice is the provider. This scheme start with the signer. Bob randomly chooses k and computes R’ and send R’ to Alice Alice randomly chooses alpha and beta and computes R. She blind the message m using blinding factor alpha and get m’. Bob receives to m’ and sign using session key k and private key x. Alice gets s using the blinding factor beta. The message's sign is the pair (s,R). La verificacion es verdadera si se cumple la siguiente ecuacion donde se usa la llave publica del signatario. Verification: 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Blind signatures DSA-based blind signature [Camenisch 1994] Modifies DSA digital signature Uses a first blinding factor for blinding the message Uses a second blinding factor for unblinding the message The message’s signature is the pair (R,s) Meets all requirements the blind signatures A blind signature by Camenisch is based over one modification of digital signature DSA. Uses a first blinding factor for blinding the message. Uses a second blinding factor for unblinding the message. The message’s signature is the pair (r,s) Meets all requirements of the blind signatures. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Contents E-voting Problem statement General and specifics goals Blind signatures Our proposal Related e-voting schemes Final remarks and future work 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Our proposal ECDSA-based Camenisch blind signature Requester Signer E, G, n (EC) However, Camenisch the blind signature haven’t be attacked. For this reason we did the adaptation of algorithm to elliptic curves. The passes of messages are similar to original schemes. Verification: 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Our proposal ECDSA based Camenisch’s blind signature The proposed scheme meets all requirements of blind signatures and provides the same security as the original scheme, however, uses fewer resources due to the fact that the keys are smaller. The proposal scheme meets all requirements of blind signatures and provides the same security as the original scheme, however, uses fewer resources due its keys are smaller. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Contents E-voting Problem statement General and specifics goals Blind signatures Our proposal Related e-voting schemes Final remarks and future work 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Related e-voting schemes Mu-Varadharajan 1998 Lin-Hwang-Chang 2003 Yang-Lin-Yang 2004 Hwang-Wen-Hwang 2005 Rodríguez-Ortíz-García 2007 Asadpour-Jalili 2008 The secure schemes than we analyze are. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Related e-voting schemes Mu-Varadaharajan scheme: Services Anonymity RSA Blind signatures. Detects fraudulent ballot Comparing one to one with other ballots. Identify malicious voter By taking advantage of a weakness of ElGamal digital signature, when the session keys is repeated. The mu and varadharajan scheme tries to offer anonymity with blind signatures-based RSA. Detects fraudulent ballot comparing one to one with other ballots And identifies malicious voter taking advantage over weakness of elgamal digital signature. The attack consists in to sign two or more messages with the same session key, this permits to get the private key of the signer. As vote are sign by the voter so we get his identity. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Related e-voting schemes Mu-Varadharajan scheme Voter Authentication Voter Id generation Blind signature Voter AS Request identity of malicious voter Fraudulent vote detection Yes=Get Id voter No =Count vote In 1998 Mu and Varadharajan proposed one scheme for e-voting that addressed the issue of voter’s privacy and was capable of detecting vote duplicity. Mu-Varadharajan scheme consists of three phases. Autentication phase: The voter blind the message and request the sign of the Authentication Server, who verifies voter’s identity if it’s true generates a voter id and sing the message. The voter obtain the signature removing the blinding factor. And emit his vote. Voting phase: The voter sign his vote using the digital signature algorithm. And sends his vote to voting server who verifies the vote. Counting phase: The voting server sends votes to counting server. The counting server is also responsible for detecting if two or more votes were sent by the same voter. Finally, the counting server can identify the malicious voter by asking to AS which voter is associated with the id. Unblinding message Blinding message VS CS Vote Verification Voting Counting 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Related e-voting schemes Mu-Varadharajan scheme RSA Blind signatures ElGamal Digital signatures V, AS, x4: Id V x5:blind signature t: time stamp V, AS, x1, x2, x3 blind messages t: time stamp a: kpub ElGamal g: generator s: sign AS m: vote Signatures ElGamal (s1,y1) (s2,y2) {V, AS, CertV, (x1||x2||x3||t)dv mod nv} Voter AS {V, AS, x4, (x5||t)ev mod nv} T= {a||g||y1||y2||s||s1||s2||m} VS Message passing is as follows: In the authentication phase the voter sends V: voter’s name, Id of AS, Digital Certificate of the Votante, x1,x2 and x3 are blind messages. The AS sends V, SA, x4 the voter id and x5 is the blind signature In the voting phase: the voter sent de ballot T and contents a is a public key of the digital signature elgamal, g is a generator, y1 and s1 and y2 and s2, are signatures of the vote m. T CS 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Related e-voting schemes Mu-Varadharajan scheme: Attacks Double voting Uniqueness Ballot voting false Verification Untraceability Anonymity However, several authors mention that the mu and varadharajan scheme is weak in three points: 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Related e-voting schemes Detects double voting Preserves anonymity Identifies malicious voter Functionality Detects double voting Preserves anonymity Identifies malicious voter Functionality Detects double voting Preserves anonymity Identifies malicious voter Functionality Detects double voting Preserves anonymity Identifies malicious voter Functionality Detects double voting Preserves anonymity Identifies malicious voter Functionality Mu-Varadharajan RSA,b1,ElGamal,g Yang-Lin-Yang RSA,b1,b2,ElGamal,g,q Lin-Hwang-Chang RSA,b1,b2,ElGamal,g Detects double voting Preserves anonymity Detects double voting Preserves anoymity Detects double voting Hwang-Wen-Hwang RSA,b1,b2,ElGamal,g,h Rodríguez-Ortíz-García RSA,b1,b2,DSA,g Detects double voting Preserves anonymity In 2003 Lin-Hwang-Chang proposed a modification to Mu et al, adding a protection scheme against possible frauds based on the use of blind signatures. In 2004 Yan-Lin-Yang proposed a new modification. These scheme uses two blinding factor and q to eliminate the double vote. In 2005 Hwang et al, proposed a modification over lin et al. Hwang et al uses to generators and preserves anonymity but not identifies a malicious voter in all cases. In 2007 Rodriguez et al found a error functionality and proposed a solution. In 2007 Asadpour et al. mention than the anteriores schemes are vulnerables to identify malicious voter and they proposed a new solution. Preserves anonymity Corrects functionality error Asadpour-Jalili RSA,b0,b1,b2,ElGamal,g,h Detects double voting Preserves anonymity Identifies malicious voter 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Related e-voting schemes Asadpour-Jalili scheme Prevents double voting Uses three blinding factors Offers untraceability Preserves anonymity Uses two generator g and h Detects fraudulent ballots Comparing one to one with other ballots Identifies malicious voter Not in all cases Asadpour et al. scheme is most robust of the Mu and varadharajan family, because offers to prevent double voting, untraceability and detect fraudulent ballots. However they not identifies a malicious voter in all cases. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Contents E-voting Problem statement General and specifics goals Blind signatures Our proposal Related e-voting schemes Final remarks and future work 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Our proposal To use blind signature based on Discrete Logarithm Problem (DLP) instead of blind signature based on RSA into Asadpour-Jalili scheme. To adapt the above scheme to Discrete Logarithm Problem with Elliptic Curves (ECDLP) To use blind signature based on DLP instead of blind signature based on RSA into Asadpour-Jalili scheme. To adapt the above scheme to DLP with EC. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Our proposal Proposal 1 Digital signature: DSA Blind signature: DSA [Camenisch 1994] E-voting scheme: Asadpour-Jalili our proposal is to use a digital signature DSA for the vote’s signatures and blind signatures based DSA for voter’s anonymity. Both into e-voting scheme of Asadpour-Jalili. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Our proposal Camenisch into Asadpour-Jalili Prevents double voting Uses two blinding factors Offers untraceability Preserves anonymity Uses two generators g and h Detects fraudulent tickets ballots Comparing one to one with other ballots Identifies of a malicious voter It seems impossible to use three blinding factors To introduce the digital y blind signatures based DSA permits us prevent double voting, offers untraceability, to detect fraudulent ballots, However, it’s not possible to identity of a malicious voter. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Our proposal Proposal 2 Pairing cryptography research of: Blind signatures Digital signatures E-voting schemes 07/12/2018 Doctoral Seminar 2007
Contents E-voting Problem statement General and specifics goals Blind signatures Our proposal Related e-voting schemes Final remarks and future work 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Final remarks We analyzed secure schemes which use DSA-based blind signatures. The Asadpour-Jalili scheme offers more security in the Mu-Varadharajan family. We identify Camenisch’s blind signature as the most robust and reliable signature based on DLP. We analyzed secure schemes which use blind signatures-based DSA The asadpour et al scheme offers more security in the Mu et al family 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Final remarks We implemented Camenisch’s blind signature into Asadpour-Jalili scheme, however, with this implementation it is not possible to identify a malicious voter in all cases. We decided to investigate about the use of pairing blind signature to prevent fraudulent ballots. We identify Camenisch’s blind signature as the most robust and reliable signature to be implemented in the asadpour et al scheme. However with this implementation it is not possible to identify a malicious voter. We decide to investigate about the use of pairing blind signature to prevent fraudulent ballots. 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Future work To select RSA blind signatures + pairing digital signatures To select pairing blind signatures + DSA digital signatures To select pairing e-voting scheme 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Future work Activities chronogram Activities 2007 2008 Analysis and implementation of secure e-voting schemes ü Cryptography Course Security in Information Systems Course Maple implementation of the proposed scheme with DSA Camenisch Maple implementation of the proposed scheme with ECDSA Camenisch Doctoral Seminar Analysis and implementation of pairing blind signatures Maple implementation of the proposed pairing e-voting scheme Evaluation of proposed scheme Probability Course Cryptography II Paper preparation 07/12/2018 Doctoral Seminar 2007 Seminario Doctoral 07
Thank you. Seminario Doctoral 07