technology from seed Very Vote A Voter Verifiable

Зарегистрируйтесь, чтобы просмотреть полный документ!

technology from seed Very. Vote A Voter Verifiable Code Voting System Rui Joaquim rjoaquim@cc. isel. ipl. pt (INESC-ID ISEL) Carlos Ribeiro carlos. ribeiro@ist. utl. pt (INESC-ID IST) Paulo Ferreira paulo. ferreira@inesc-is. pt (INESC-ID IST) Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa Grupo de Sistemas Distribuídos

technology Introduction from seed • Very. Vote is an Internet voting system. • Internet voting: (+) brings more convenience to voters, allowing to vote from anywhere with an Internet connection. (–) suffers from the secure platform problem. • The client platform is not controlled nor trustworthy. • How to guarantee the election integrity in this setup? (–) vote buying and coercion issues inherent to remote voting. Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 2

technology from seed Very. Vote Overview • Very. Vote addresses the secure platform problem. • Very. Vote uses a code voting approach. – Prevents the misbehavior of the not trusted client platform. – However, it “does not” provide mechanisms to verify if the vote is counted as intended by the voter. • Very. Vote vote protocol is a fusion between a generic code voting protocol and the Mark. Pledge technique. – Cast-as-intended voter verification. – Universal count-as-cast verification. end-to-end verifiability. Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 3

technology from seed The Problem Voter Election Server Vote A Thank you! APP Tally A B Voter’s PC Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 4

technology from seed Generic Code Voting Approach Voter Election Server Code Sheet Vote codes A – 3 WQ B – M 8 W C – WAM … Confirmation code 3 WQ JRF • • How we can verify the tally? Publishing the received vote codes and associated candidates. – Each voter can verify her vote. – Anyone can do the vote count. – But, the voter cannot correct her vote. The election tally is already published!!! • Tally JRF A B APP Voter’s PC Is there a better way? – Yes, Very. Vote. Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 5

technology from seed Mark. Pledge Overview • Mark. Pledge is a cut-and-choose technique proposed to provide cast-as-intended verification to poll station voting, and works based on two functions: Bit. Enc(b) and Open. Bit. Enc(b), challenge). Bit. Enc(0) = A 3 C 53 W 8 F 9 324 SQ 1 DHJ IPS E 9 F 287 KJL FXC ZPT Bit. Enc(1) = JRF JRF JRF encrypted value Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 6

technology Mark. Pledge Overview • from seed Mark. Pledge is a cut-and-choose technique proposed to provide cast-as-intended verification to poll station voting, and works based on two functions: Bit. Enc(b) and Open. Bit. Enc(b), challenge). Bit. Enc(0) = A 3 C 53 W 8 F 9 324 SQ 1 DHJ IPS E 9 F 287 KJL FXC ZPT Bit. Enc(1) = JRF JRF JRF encrypted value decrypted value c 1 Open. Bit. Enc(0), c 1 ) = SQ 1 Open. Bit. Enc(1), c 1 ) = JRF Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 7

technology Mark. Pledge Overview • from seed Mark. Pledge is a cut-and-choose technique proposed to provide cast-as-intended verification to poll station voting, and works based on two functions: Bit. Enc(b) and Open. Bit. Enc(b), challenge). Bit. Enc(0) = A 3 C 53 W 8 F 9 324 SQ 1 DHJ IPS E 9 F 287 KJL FXC ZPT Bit. Enc(1) = JRF JRF JRF encrypted value decrypted value c 2 c 1 Open. Bit. Enc(0), c 1 ) = SQ 1 Open. Bit. Enc(1), c 1 ) = JRF Open. Bit. Enc(0), c 2 ) = IPS Open. Bit. Enc(1), c 2 ) = JRF Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 8

technology Mark. Pledge Overview • from seed Mark. Pledge is a cut-and-choose technique proposed to provide cast-as-intended verification to poll station voting, and works based on two functions: Bit. Enc(b) and Open. Bit. Enc(b), challenge). Bit. Enc(0) = A 3 C 53 W 8 F 9 324 SQ 1 DHJ IPS E 9 F 287 KJL FXC ZPT Bit. Enc(1) = JRF JRF JRF encrypted value JRF c 2 decrypted value Open. Bit. Enc(0), c 2 ) = IPS Open. Bit. Enc(1), c 2 ) = JRF Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 9

technology Mark. Pledge Vote/Receipt Verification Poll station voting (inside the voting booth) Voter from seed Printer Vote Machine JRF Random challenge (c) Commit to c Bob Mark. Pledge Vote/Receipt Candidates Vote Encryption (Bit. Enc) Vote Receipt (Open. Bit. Enc) Bit. Enc(0) Alice W 3 E After the election end: Bit. Enc(1)JRF Bob The Vote Machine publishes JRF 1. the Mark. Pledge vote/receipts. R 59 Bit. Enc(0) Charles 2. the Bit. Enc(0) Dino External organizations verify KMZ correctness of the published data. Challenge = c 3. The voter verify her receipt (and correct her vote if necessary). 4. The votes are tallied using a protocol with counted-as-cast verification. Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 10

technology Building Blocks And Very. Vote Protocol Overview Generic code voting Verifiability / Election integrity Voter interaction (while voting) from seed Mark. Pledge Very. Vote • Prevents APP vote manipulations. • End-to-end verifiable. Tricky • 3 inputs (total). • 2 non trivial inputs. • Step order must be respected. • Requires a printer while voting. Simple • Only one input. • Election server can manipulate the tally. Simple • Only one input. Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 11

technology Election Preparation 1. A set of trustees create a threshold shared election key pair. 2. The Election Server (ES) pre-computes and commits to the votes to be used in the election. from seed • The Bit. Enc(b) constructions are built using the election public key. Pre-computed Vote Bit. Enc(0) Bit. Enc(1)JRF Bit. Enc(0) Code Sheet 3. The code sheets are created and associated to a pre-computed vote. • The confirmation code is the value encrypted in the elements of the Bit. Enc(1) construction. Vote codes Alice – 3 WQ Bob – M 8 W Charles – WAM Dino – QGH Confirmation code JRF Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 12

technology Election Preparation 4. from seed The code sheets are distributed to the voters: • Anonymous distribution + ES does not know who the voters are (more privacy guarantees). – Allows the ES to add votes for the voters that did not vote. • Non anonymous distribution + Easier distribution process. + Prevents or makes detectable the addition of votes. – The ES knows who voted for who. 5. Just before the election, the trustees create and announce a Shared Random Election Value (SREV) • • The SREV value is not known at the creation time of the pre-computed votes. The SREV will be used as a random source in the challenge generation process. Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 13

technology from seed Very. Vote Protocol Voter Election Server Code Sheet Vote codes Alice – 3 WQ Bob – M 8 W Charles – WAM Dino – QGH Vote Receipt 3 WQ Confirmation code Alice – JRF Bob – I 5 W Charles – JCU Dino – KAI JRF After the election end: 1. The ES publishes all the pre-computed votes and corresponding Final Votes and receipts. 2. The trustees verify the correctness of the published data. 3. The voters confirm their receipts with the verified receipts. If any error is detected they make correct vote, because the election tally is not yet published. 4. Pre-computed Vote Bit. Enc(0) Bit. Enc(1)JRF Bit. Enc(0) Final Vote APP Bit. Enc(1)JRF Bit. Enc(0) Voter’s PC challenge = hash( , SREV) After the claiming stage, the votes are anonymized by a mix net and decrypted by the trustees. Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 14

technology from seed Very. Vote Integrity Quick analysis Voter Election Server Code Sheet Vote codes Alice – 3 WQ Bob – M 8 W Charles – WAM Dino – QGH Confirmation code JRF • Vote Receipt 3 WQ Alice – JRF Bob – I 5 W Charles – JCU Dino – KAI Bit. Enc(0) Bit. Enc(1)JRF Bit. Enc(0) The APP “cannot” modify the voter’s choice because it does not know the vote codes. Final Vote APP • The ES “cannot” modify the voter’s choice because the process changes the vote receipt. Pre-computed Vote Bit. Enc(1)JRF Bit. Enc(0) Voter’s PC challenge = hash( , SREV) Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 15

technology from seed Very. Vote Integrity Quick analysis Voter Election Server Code Sheet Vote codes Alice – 3 WQ Bob – M 8 W Charles – WAM Dino – QGH Confirmation code KJE • Vote Receipt 3 WQ Alice – KJE Bob – JRF Charles – JCU Dino – KAI Bit. Enc(0) Bit. Enc(1)JRF Bit. Enc(0) The ES can create a fake receipt if it can find the right permutation of the Bit. Enc(b) values. – The probability of this happening is approximately Final Vote APP P 1 = n! / #CC – This probability can be made constant if we generate the challenge from the Pre-Computed Vote. Pre-computed Vote Bit. Enc(0) Bit. Enc(1)JRF Bit. Enc(0) Voter’s PC P 2 = (n – 1) / #CC challenge = hash( , SREV) Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 16

technology from seed Conclusions • Very. Vote provides end-to-end verifiability in the Internet voting scenario. – The voter can privately verify and correct her vote before the tally publication. – The tally process is verifiable. • Very. Vote successfully addresses one of the most important problems of remote electronic voting. – The secure platform problem. • Very. Vote has a simple voter interaction, and therefore is very appealing for real use. – To the eyes of the voter, the Very. Vote protocol is very similar to a generic code voting protocol. • Very. Vote do not offer any special protection against vote buying and coercion. – It suffer from the problems of traditional remote voting systems, e. g. postal voting. – The verification mechanisms of Very. Vote do not break the voter’s privacy per se. Although, the voter can collaborate with the attacker to produce a convincing vote receipt. Questions? Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 17

technology Mark. Pledge Vote/Receipt Privacy Safeguard from seed Mark. Pledge Vote/Receipt Candidates Vote Encryption Vote. Enc | Bit. Enc Vote Receipt (Open. Bit. Enc) Alice E(v 0) Bit. Enc(0) W 3 E Bob E(v 1) Bit. Enc(1) JRF Charles E(v 0) Bit. Enc(0) R 59 Dino E(v 0) Bit. Enc(0) KMZ Challenge = c Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa VOTE-ID 2009, 7 -8 September 2009 18

Скачать презентацию technology from seed Very Vote A Voter Verifiable

f110a36e8db354c84f3381ad1cf1f60b.ppt

Количество слайдов: 18