1 / 14

Evaluating Security of Voting Schemes in the Universal Composability Framework

Evaluating Security of Voting Schemes in the Universal Composability Framework. Jens Groth BRICS, University of Aarhus Cryptomathic. Ideal Voting Functionality. vote. vote. V 1. …. V m. F voting. S. A 1. …. A n. result. result. Real Life. vote. vote. V 1. …. V m.  voting. A.

liseli
Download Presentation

Evaluating Security of Voting Schemes in the Universal Composability Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evaluating Security of Voting Schemes in the Universal Composability Framework Jens Groth BRICS, University of AarhusCryptomathic

  2. Ideal Voting Functionality vote vote V1 … Vm Fvoting S A1 … An result result

  3. Real Life vote vote V1 … Vm voting A A1 … An result result

  4. Universal Composability Real Ideal Z Z vote vote vote vote V1 … Vm V1 … Vm A S Fvoting A1 … An A1 … An result result result result

  5. Security Requirements • Privacy • Authentication • Accuracy • Robustness • Fairness • Availability • Verifiability • Incoercibility • Hacker protection

  6. Homomorphic Threshold Encryption Each voter: Epk(vote) + ZK proof + signature Homomorphic property: Epk(result)= Epk(vote1) *…* Epk(voten) Threshold decryption: Authority 1 .. Epk(result) result Authority n

  7. Example ElGamal-encryption:pk = (q,p,g,h), q|p-1, g,h order q in Zp*sk = x, h=gx mod p yes-vote = 1, no-vote = 0 Each voter: (gr mod p, hrgv mod p) + ZK proof Homomorphic property: (gr1+…+rm mod p, hr1+…+rmgv1+…+vm mod p) = (gri mod p, hrigvi mod p) Threshold decryption: Lagrange interpolation  gv1+…+vm mod p, discrete log  v1+…+vm

  8. Key Generation Functionality public key public key V1 … Vm Fkey generation A A1 … An public keysecret share public keysecret share

  9. Message Board Functionality message message V1 … Vm Fmessage board A A1 … An Voters’ messagesAuthority’s message Voters’ messagesAuthority’s message

  10. Universal Composability Hybrid Ideal Z Z vote vote vote vote V1 … Vm V1 … Vm A S Fvoting FKM A1 … An A1 … An result result result result

  11. result The Simulator S simulates A,V1,…,Vm,A1,…,An,FKM and random oracle Z vote vote vote V1 … Vm V1 … Vm S Fvoting A FKM A1 … An A1 … An result result

  12. Results Homomorphic threshold encryption voting securely realizes Fvoting in the FKM-hybrid model against non-adaptive adversaries Homomorphic threshold encryption voting does NOT securely realize Fvoting in the FKM-hybrid model against adaptive adversaries Modified homomorphic threshold encryption voting securely realizes Fvoting in the FKM-hybrid model against adaptive adversaries

  13. Modified Voting Scheme Each voter: Epk(vote) + ZK proof + signatureDelete vote and coins Threshold decryption: Epk(result) -> Epk(result)’ -> resultDelete coins

  14. Thanks Questions?

More Related