Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.

Slides:



Advertisements
Similar presentations
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.
Advertisements

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Pretty Good Democracy James Heather, University of Surrey
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
David Evans CS588: Cryptography University of Virginia Computer Science Lecture 17: Public-Key Protocols.
Electronic Voting Ronald L. Rivest MIT CSAIL Norway June 14, 2004.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.
Can voters check that their e-vote is cast as they intended and properly included in an accurate count? Vanessa Teague University of Melbourne
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
A Pairing-Based Blind Signature
A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission Craig Burton 1 Chris Culnane 2 James Heather 2 Thea Peacock 3 Peter Y. A.
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Digital Signatures. Anononymity and the Internet.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Kickoff Meeting „E-Voting Seminar“
Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CRYPTOGRAPHY WHAT IS IT GOOD FOR? Andrej Bogdanov Chinese University of Hong Kong CMSC 5719 | 6 Feb 2012.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Chapter 3 Encryption Algorithms & Systems (Part C)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Guide to the Voting Action Planner Voting is the way we elect government officials, pass laws and decide on issues…
Introduction to Public Key Cryptography
Civitas Toward a Secure Voting System AFRL Information Management Workshop October 22, 2010 Michael Clarkson Cornell University.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Perspectives on “End-to-End” Voting Systems Ronald L. Rivest MIT CSAIL NIST E2E Workshop George Washington University October 13, 2009 Ballot Bob Ballot.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2013 Nitesh Saxena.
Andreas Steffen, , LinuxTag2009.ppt 1 LinuxTag 2009 Berlin Verifiable E-Voting with Open Source Prof. Dr. Andreas Steffen Hochschule für Technik.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Implementation Requirements for UK General Elections TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A A A A Chris.
Digital Signatures, Message Digest and Authentication Week-9.
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
Focus Groups Experiences with Prêt à Voter Steve Schneider, University of Surrey 3 September 2010 TexPoint fonts used in EMF. Read the TexPoint manual.
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
A Brief Introduction to Mix Networks Ari Juels RSA Laboratories © 2001, RSA Security Inc.
Almost Entirely Correct Mixing With Applications to Voting Philippe Golle Dan Boneh Stanford University.
Secure Remote Electronic Voting CSE-681 Fall 2006 David Foster and Laura Stapleton Laura StapletonLaura Stapleton.
Secure, verifiable online voting 29 th June 2016.
Demonstration of the Version 1 Prototype of Prêt à Voter Steve Schneider, Chris Culnane University of Surrey SecVote, Bertinoro 3rd September 2010 TexPoint.
Cryptographic protocols
Perspectives on “End-to-End” Voting Systems
Recipt-free Voting Through Distributed Blinding
ThreeBallot, VAV, and Twin
Secure and Insecure Mixing
ISI Day – 20th Anniversary
Some Thoughts on Electronic Voting
Some Thoughts on Electronic Voting
Some Thoughts on Electronic Voting
Ronald L. Rivest MIT ShafiFest January 13, 2019
Presentation transcript:

Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of Surrey, Peter Y A Ryan at University of Luxembourg, Craig Burton at the Victorian Electoral Commission, and many helpful others

Disclaimer This is a technical talk about our proposed design, with the aim of getting other researchers interested in it and perhaps in doing some analysis, verification, or improving I’m not representing the VEC’s official position on anything. Though at the moment my understanding is that they intend to use this system in the 2014 state election for specific classes of voters who would otherwise need assistance to vote

Why verifiable voting? What’s wrong with this picture? Electoral Commission server with decryption key Voters PCsEncrypted votes Election outcome RSA

The main idea This talk is about how to adapt a verifiable cryptographic voting system called Prêt à Voter to Victorian State Elections. It’s an attendance system designed for privacy and verifiability

The challenge Vote privacy is relatively easy Using standard crypto and a completely trusted decryption & counting system Verifiability is relatively easy If you don’t care about privacy: just make all the votes public The challenge is to do both: verifiably accurate results that preserve privacy Verify the election not the system!

Voter-verifiability overview Each voter can check that their vote is recorded as they intended Using a polling-place protocol described here The voter leaves the polling place with an encrypted receipt Encodes their vote Doesn’t reveal how they voted All the receipts (i.e. encrypted votes) are published The voter or a proxy can check that it’s properly included in the count Anyone can check that the set of cast votes is properly shuffled & decrypted While privacy is preserved

The requirements Let’s demonstrate that the system does the right thing, even if some of the computers are compromised This is how ordinary paper-based elections work At least most of the time Other requirements like usability, robustness, security from outside attack, etc are also important But not part of this talk

Talk outline Voting Checking from home that your vote is there Verifying shuffling and decryption Privacy

Prêt à Voter Uses pre-prepared paper ballot forms that encode the vote in familiar form. The candidate list is randomised for each ballot form. Information defining the candidate list is encrypted in an “onion” value printed on each ballot form. Actually, we print a serial number that points to the encrypted values in a public table Red Green Chequered Fuzzy Cross $rJ9*mn4R&8

Ballot auditing Each voter can challenge as many ballots as they like And get a proof that the onion matches the candidate list Then don’t use that ballot Then vote on an unchallenged one So you can’t prove how you voted Red Green Chequered Fuzzy Cross $rJ9*mn4R&8

Voting Fill in the boxes as usual Use a computer to help Check its printout Against candidate list Shred candidate list Computer uploads vote Same info as on printout Take printout home It doesn’t reveal the vote $rJ9*mn4R&8 Red Green Chequered Fuzzy Cross $rJ9*mn4R&

Talk outline Voting Checking from home that your vote is there Verifying shuffling and decryption Privacy

Checking from home that your vote is there There’s a public website listing all the receipts More precisely, there’s a “bulletin board” which is a public website augmented with some evidence that everyone sees the same data Find yours

Talk outline Voting Checking from home that your vote is there Verifying shuffling and decryption First some background on public key crypto Randomised partial checking Privacy

Verifying shuffling and decryption Now we have a list of encrypted votes On a public website Encrypted, and linked to voter’s identities Because each voter still holds their receipt We want to Shuffle the votes To break the link with voter ID Decrypt the votes Prove that this was done correctly

What’s public-key cryptography? The receiver generates two keys: a public key e (for encrypting), and a private key d (for decrypting) She publicises the public key e People use this for encrypting messages They also include some randomness She keeps the private key d secret She uses this for decrypting messages

Picture of public-key cryptography Sender Receiver RSA

Re-randomising encryption Without knowing the secret key, re-do the randomness used in the encryption The message stays the same But the new encryption can’t be linked to the old one

Randomised partial checking By Jakobsson, Juels & Rivest Significant improvements by Wikström We can’t (completely) prevent a hacker from breaking in to all the computers and changing the votes, but We can check the process thoroughly enough to be confident that If the checks succeed then The system produced the right output With very high probability

Randomised partial checking A pair of mix servers shuffle and rerandomise Choose randomly to prove the link to start or end

Provable decryption step Trust me, this can be done Using chaum-pedersen proofs of dlog equality Showing proper decryption of El Gamal ciphertext given El Gamal public key

Talk outline Voting Checking from home that your vote is there Verifying shuffling and decryption Privacy

Whenever you have a computer helping you fill in your vote, that computer is a privacy risk So is the ballot printer There are some clever schemes for verifiable voting that don’t tell your computer how you voted e.g. the “plain” version of prêt à voter in which you fill in the ballot with a pencil But none of them work with 30-candidate STV This scheme does about the best I can imagine at preserving privacy while providing a usable 30- candidate STV vote

Summary This provides a rigorous after-the-fact argument that the answer was right (with high probability) To the court we’d say We worked really hard to make sure the software was correct We worked really hard to make the computers secure But even if these were not perfect: The voters & the public could check the integrity of the data directly And the scrutineers can reconcile that with the rest of the count And would have detected a manipulation with high probability

Further info ote12/evtwote12-final9_0.pdf neider/papers/2013/SDSTechReport.pdf neider/papers/2013/SDSTechReport.pdf Though both are a bit out of date – if you want to read an up-to-date design doc with care then wait a few weeks for an updated TR

Conclusion and questions If you’d like to write your own proof checker, verifier, signature checker, etc, please come and talk to me, If you think you’ve found a bug, please come and talk to me, If you read the supporting materials and you think you’ve found a bug, please come and talk to me. Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.