1 / 21

Kickoff Meeting „ E-Voting Seminar“

Kickoff Meeting „ E-Voting Seminar“. An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für Technik Rapperswil andreas.steffen@hsr.ch. Cryptographic Voting Systems . Summary :.

mulan
Download Presentation

Kickoff Meeting „ E-Voting Seminar“

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kickoff Meeting „E-Voting Seminar“ An Introduction toCryptographicVoting Systems Andreas Steffen Hochschule für Technik Rapperswil andreas.steffen@hsr.ch

  2. Cryptographic Voting Systems Summary: • Due to repeatedfailures and detectedvulnerabilities in bothelectro-mechanical and electronicvotingmachines, votershavesomehow lost faiththattheoutcome of a poll alwaysrepresentsthetrue will of theelectorate. • Even moreuncertainiselectronicvotingoverthe Internet whichispotentiallyprone to coercion and vote-selling (thisdoesn‘tseem to be an issue in Switzerland). • Manual counting of paperballotsis not really an option in the21stcentury and is not freefromtamperingeither. • Modern cryptographicvotingsystemsallowtrueend-to-endverification of thecompletevotingprocessbyanyindividualvoter, withoutsacrificingsecrecy and privacy.

  3. E-Voting in myhometown Schlieren Hidden PIN „Internet-basedvotingdoes not havetobemoresecure as voting per snailmail“ Justice Department of theCanton of Zurich

  4. [In]Security Features ??? ProtectionfromMan-in-the-Middleattacks

  5. E-Voting Website

  6. Voter Login

  7. Ballot (PHP Form)

  8. E-Voting in myhometown Schlieren PIN

  9. VoterAuthentication

  10. Transmission Receipt

  11. Conclusion So what? „Youare not allowed to know. Theexacttransactionprocessingiskeptsecretdue to securityreasons“Justice Department of theCanton of Zurich

  12. Traditional Chain-of-Custody Security Software Verification Sealing Tallying Verification by proxy only Source: Ben Adida, Ph.D. Thesis 2006

  13. Desirable: End-to-End Verification by Voter Secrecy? Privacy? Source: Ben Adida, Ph.D. Thesis 2006

  14. End-to-End Auditable Voting System (E2E) • Any voter can verify that his or her ballot is included unmodified in a collection of ballots. • Any voter (and typically any independent party additionally) can verify [with high probability] that the collection of ballots produces the correct final tally. • No voter can demonstrate how he or she voted to any third party (thus preventing vote-selling and coercion). Source: Wikipedia

  15. Solution: Cryptographic Voting Systems ThresholdDecryption Mixnet A B A B C C ElGamal /Paillier Tamper-ProofBulletin Board HomomorphicTallying Source: Ben Adida, Ph.D. Thesis 2006

  16. Proposed E2E Systems • Punchscanby David Chaum. • Prêt à Voterby Peter Ryan. • Scratch & Voteby Ben Adidaand Ron Rivest. • ThreeBallotby Ron Rivest (paper-basedwithoutcryptography) • Scantegrity II by David Chaum, Ron Rivest, Peter Ryan et al.(add-on toopticalscanvotingsystemsusing Invisible Ink) • Heliosby Ben Adida (www.heliosvoting.org/) • SelectioHelveticaby BFH (www.baloti.ch) • Primevoteby MSE graduates Christoph Gallikerand Halm Reusser(www.smartprimes.ch)

  17. Conclusion • Modern CryptographicVoting Systems allowtrue end-to-end verificationofthewholevotingprocessbyanyonewhilemaintaining a veryhighlevelofsecrecy. • Due totheadvancedmathematicalprinciplestheyarebased on, CryptographicVoting Systems are not easy to understand andaretherefore not readilyacceptedbyauthoritiesandtheelectorate. • But let‘sgiveCryptographicVoting Systems a chance!Theycangivedemocracy a newmeaning in the 21stcentury!

  18. E-VotingLiteratureand Simulators • http://security.hsr.ch/msevote/ • Collection of MSE E-Voting seminar papers • E-Voting Simulator based on the Paillier Cryptosystem • E-Voting Simulator on the Damgard-Jurik Cryptosystem • Generalized Paillier, reduces to Paillier Cryptosystem with s = 1 • Threshold Decryption with Distributed Keys issued by Trusted Dealer • Assume generator g = n+1 ( = 1,  = 1) • The Paillier Cryptosystem, presented at the BFH E-Voting seminar

  19. E-Voting Seminar Project • Verifiable E-Voting System for Shareholder Meetings. • Example: Novartis AG with 2‘745‘623‘000 shares • Item 1: Approvalofthe Annual Report and Financial Statementsyes / no / abstention (32 bitfield per option) • Voter 1 550‘000‘010 sharesVoter 2 500‘000‘010 sharesVoter 3 400‘000‘010 sharesVoter 4 350‘000‘010 sharesVoter 5 300‘000‘010 sharesVoter 6 150‘000‘010 sharesVoter 7 100‘000‘010 sharesVoter 8 50‘000‘010 sharesVoter 9 50‘000‘010 sharesVoter 10 50‘000‘010 shares Total 2‘500‘000‘100 shares

  20. E-Voting Seminar Project Tasks keysize, N, T protectedchannel PaillierCryptosystem keysize = 1536 bits V=10, N=5, T=3 Threshold Key Generation by Trusted Dealer 1 PartialDecrypt. byTrustee i 4 Encrypted Ballot Encrypted Ballot Partial Private Key Partial Private Key Public Key Partial Private Key PartialllyDecr. Tally DecryptedTally EncryptedTally n, g=n+1 i=1, N, T, d, n v=1, c, a[], e[], z[] v=V, c, a[], e[], z[] ct i=1, N, T, pt, n i=N, N, T, d, n yes, no, abstention i=N, N, T, pt, n Ballot Encrypt. and ZKP byVoter v 2 Threshold Decryption 5 ZKP Check WeightedTallying 3 Shareholder Registry v[], w[]

  21. Conditions • Goal: Restricteffortspent on projectto 90 workinghours (3 ECTS) • Programming orscriptinglanguage: Arbitrary • Program codewithoutwhistlesandbells! • No GUI required, maybe a commandlineprogram. • I/O Format: JSON • Big numbersencodedashexadecimalstrings{"v":1,"c":"2fe698..daf57e"} • Details ofinterfacespecificationtobesettledamongtasks • Deliverables: Commentedprogramcodeand final testrundata • Slidesof final presentation

More Related