1 / 23

Voting*

Voting*. CSCI284 Spring 2005 GWU. * This telling influenced by Josh Benaloh and Sara Robinson. Goals of an election. Integrity : each vote is correctly counted Anonymity : a vote cannot be connected to a voter (without voter complicity)

fleur
Download Presentation

Voting*

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Voting* CSCI284 Spring 2005 GWU *This telling influenced by Josh Benaloh and Sara Robinson

  2. Goals of an election • Integrity: each vote is correctly counted • Anonymity: a vote cannot be connected to a voter (without voter complicity) • Involuntary privacy: a voter cannot prove how she voted CS284/Spring05/GWU/Vora/Voting

  3. Goals of an election • Voter verifiability: a voter can confirm that her vote was: • counted as cast and • anonymous • Public verifiability: a member of the public can verify that the election has integrity, anonymity and involuntary privacy • Robustness: an individual cannot falsely charge that the above objectives were not achieved CS284/Spring05/GWU/Vora/Voting

  4. Typical election participants and roles • Voter requires that her vote is: • counted correctly and • is anonymous. • Polling Booth/Station • correctly communicates votes • ensures voter anonymity • ensures only legitimate voters vote • ensures each voter votes only once CS284/Spring05/GWU/Vora/Voting

  5. Typical election participants – contd. • Trustees ensure that votes are counted correctly and anonymously after leaving polling booth • Independent Third Parties observe and ensure process is followed at polling booth • Auditor/Certification Authority certifies election results were determined as specified • Public follow election process as much as possible CS284/Spring05/GWU/Vora/Voting

  6. Anonymity and Integrity

  7. Anonymity and Integrity • Either • hide the voter (e.g. Chaum MIXnet (1981)) or • hide the vote (Benaloh Homomorphic Secret Sharing) all through the process*. • Both require more than one trustee *Inspired by: Electronic Voting Schemes (Zuzana Rjaskova, MSc thesis, 2003) CS284/Spring05/GWU/Vora/Voting

  8. Hide the voter: A single MIX EKiEKi+1…EKn(m1) EKi+1…EKn(m(1)) MIX i: Decryption + shuffle EKiEKi+1…EKn(m2) EKi+1…EKn(m(2)) EKiEKi+1…EKn(mk) EKi+1…EKn(m(k)) CS284/Spring05/GWU/Vora/Voting

  9. Hide the voter: MIXnet: Many consecutive MIXesrun by trustees in e-voting Count decrypted votes Trustee n (MIX n) Trustee 1 (MIX 1) Trustee 2 (MIX 2) …. CS284/Spring05/GWU/Vora/Voting

  10. Hide the vote: Homomorphic Secret Sharing • Use a secret sharing scheme where: the sum of the shares are shares of the sum of the secrets (votes) vi  (si1, si2, …siN) i=1K vi  (i=1K si1, i=1K si2, … i=1K siN) • And a public key cryptosystem where: encrypted values of the sum of shares can be computed from encrypted values of the shares (Ej(s1j), Ej(s2j), … Ej(sKj))  Ej(i=1K si1) CS284/Spring05/GWU/Vora/Voting

  11. Hide the vote: Each trustee calculates a share of the sum • Each voter splits her vote into a share each for the N trustees: vi  (si1, si2, …siN) • She encrypts each share with the public key of the corresponding trustee Ej(sij) and sends it • Each trustee computes its share of the sum of the votes (Ej(s1j), Ej(s2j), … Ej(sKj))  Ej(i=1K si1)  i=1K si1 • Anyone can compute the sum of the votes from the shares (i=1K si1, i=1K si2, … i=1K siN)  i=1K vi CS284/Spring05/GWU/Vora/Voting

  12. Can show both methods provide anonymity and integrity • Homomorphic secret sharing as described previously requires the existence of a secure homomorphic encryption scheme; El Gamal is thought to be one such • Another option is for the voter to send to each trustee the vote encrypted with a share of a key, so that trustees get together to obtain the vote. RSA is thought to be capable of providing the homomorphic properties for this. CS284/Spring05/GWU/Vora/Voting

  13. Voter Verifiability The system so far: Trustees: Counting, anonymity

  14. Voter verifiability • Challenge: allow the voter to keep a record of her vote so she can • determine that it was counted as cast (voter verifiability) • yet not prove how she voted (involuntary privacy) • Further, this record ought to be on paper, so as to allow processing of the vote in case of failure of the electronic systems CS284/Spring05/GWU/Vora/Voting

  15. Paper Record: Solution (Chaum, Neff) • Encrypted paper receipts which can be decrypted only by a subset of trustees • Example: the encrypted vote that is input to the MIXnet • Example: the encrypted shares sent to individual trustees using homomorphic encryption CS284/Spring05/GWU/Vora/Voting

  16. How does the voter know the encryption decrypts to her vote? • Chaum solution: Provide two, symmetric, encrypted paper ballots such that: • One ballot on top of the other provides the decrypted ballot • The voter chooses which ballot to take away • Each ballot has, before the voter chooses, printed “commitments”: the encrypted versions of both ballots for the trustees, and a serial number • After the voter chooses, the seed for the encrypted version CS284/Spring05/GWU/Vora/Voting

  17. Public Verifiability The system so far: Trustees: Counting, anonymity Voter-verified Encrypted Vote Polling Booth Store link between vote and serial number?

  18. Public verifiability • The polling booth needs to be checked to determine it is: • Communicating votes correctly (including no ballot stuffing) • Not retaining copies of votes linked to voter (or voter sequence) • Issuing valid receipts • The trustees need to be audited to determine that they are following the decryption/counting/anonymizing process. CS284/Spring05/GWU/Vora/Voting

  19. Polling booth check obtained by: • Posting all receipts to be counted at a publicly accessible place, such as a website • Voters or their representatives can check the presence of their receipts • Voters, Interested Third Parties and Auditors can check commitments to ensure that each receipt was appropriately generated by the Polling Booth CS284/Spring05/GWU/Vora/Voting

  20. Need participation Need a minimum number of checks of both: • receipt presence (only possible through voter participation) and • receipt accuracy (does not require voter participation) to ensure a given probability that all votes posted were correctly generated Without these checks, voting is not less accurate than that of any electronic system without checks Might be less accurate than a mechanical/physical system which requires more effort to break? CS284/Spring05/GWU/Vora/Voting

  21. Trustee check obtained by auditing CS284/Spring05/GWU/Vora/Voting

  22. Robustness

  23. Signed Receipts • The entire receipt is digitally signed by the polling booth • This prevents voters from generating false receipts to claim a rigged election CS284/Spring05/GWU/Vora/Voting

More Related