Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting

Similar documents
David Chaum s Voter Verification using Encrypted Paper Receipts

Tear and Destroy: Chain voting and destruction problems shared by Prêt à Voter and Punchscan and a solution using Visual Encryption

Cryptography CS 555. Topic 5: Pseudorandomness and Stream Ciphers. CS555 Spring 2012/Topic 5 1

Stream Ciphers. Debdeep Mukhopadhyay

CRYPTOGRAPHY. Sharafat Ibn Mollah Mosharraf TOUCH-N-PASS EXAM CRAM GUIDE SERIES. Special Edition for CSEDU. Students CSE, DU )

CSc 466/566. Computer Security. 4 : Cryptography Introduction

International Journal of Advance Engineering and Research Development REMOTE VOTING MACHINE

An Introduction to Cryptography

V.Sorge/E.Ritter, Handout 5

Stream Cipher. Block cipher as stream cipher LFSR stream cipher RC4 General remarks. Stream cipher

CS408 Cryptography & Internet Security

ELECTION JUDGE/COORDINATOR HANDBOOK GENERAL ELECTION 2018 CHAPTER 6

Sequences and Cryptography

Document Analysis Support for the Manual Auditing of Elections

Sherlock Holmes and the adventures of the dancing men

Chapter 17: Online Scanning

New Address Shift Linear Feedback Shift Register Generator

LFSR stream cipher RC4. Stream cipher. Stream Cipher

SECTION 7: Troubleshoot

Cryptagram. Photo Privacy for Online Social Media Matt Tierney, Ian Spiro Christoph Bregler, Lakshmi Subramanian

CONDITIONS FOR USE FOR CLEAR BALLOT GROUP S CLEARVOTE VOTING SYSTEM

arxiv: v1 [cs.cr] 3 May 2016

ISSN (Print) Original Research Article. Coimbatore, Tamil Nadu, India

Multiple Image Secret Sharing based on Linear System

New York State Board of Elections Voting Machine Replacement Project Task List Revised

Na Overview. 1. Introduction B Single-Ended Amplifiers

Chapter 1. Voting Equipment Testing

Digital holographic security system based on multiple biometrics

6.115 KryptoPhone Final Project Report

HCCA: A Cryptogram Analysis Algorithm Based on Hill Climbing

Key- The key k for my cipher is a single number from 1-26 which is shared between the sender and the reciever.

Where to present your results. V4 Seminars for Young Scientists on Publishing Techniques in the Field of Engineering Science

From Theory to Practice: Private Circuit and Its Ambush

SMART VOTING SYSTEM WITH FACE RECOGNITION

Physical Layer Built-in Security Enhancement of DS-CDMA Systems Using Secure Block Interleaving

Randomness analysis of A5/1 Stream Cipher for secure mobile communication

Automatic Commercial Monitoring for TV Broadcasting Using Audio Fingerprinting

A Layered Approach for Watermarking In Images Based On Huffman Coding

Physical Layer Built-in Security Enhancement of DS-CDMA Systems Using Secure Block Interleaving

BEL. Electronic Voting Machine (EVM) User Manual

Feedback: Part A - Basics

Separating Semantic and Circular Security for Symmetric Key Bit Encryption from LWE. Rishab Goyal Venkata Koppula Brent Waters

Fault Analysis of Stream Ciphers

HYBRID CONCATENATED CONVOLUTIONAL CODES FOR DEEP SPACE MISSION

Reducing DDR Latency for Embedded Image Steganography

Singing Games. 28. Inspiration for a Song. 99 More Musical Games

2018 FOR YOUR CONSIDERATION (FYC) VIEWING PLATFORM

Adult Numeracy Entry 3 Practice Assignment E3NAC

Pairing Devices with Good Quality Output Interfaces

Reproducibility Assessment of Independent Component Analysis of Expression Ratios from DNA microarrays.

Module 4: Video Sampling Rate Conversion Lecture 25: Scan rate doubling, Standards conversion. The Lecture Contains: Algorithm 1: Algorithm 2:

Enigma. Developed and patented (in 1918) by Arthur Scherbius Many variations on basic design Eventually adopted by Germany

PA Substitution Cipher

VLSI Test Technology and Reliability (ET4076)

NUMB3RS Activity: Coded Messages. Episode: The Mole

- Courtesy of Jeremiah Akin - SEQUOIA. - From Black Box Voting Document Archive - voting systems. AVC Edge 0. Pollworker Manual

Image Steganalysis: Challenges

Permutation-based cryptography for the Internet of Things

Example: compressing black and white images 2 Say we are trying to compress an image of black and white pixels: CSC310 Information Theory.

WHITEPAPER. Customer Insights: A European Pay-TV Operator s Transition to Test Automation

How to write a scientific paper for an international journal

Modified Version of Playfair Cipher Using Linear Feedback Shift Register and Transpose Matrix Concept

A LOW COST TRANSPORT STREAM (TS) GENERATOR USED IN DIGITAL VIDEO BROADCASTING EQUIPMENT MEASUREMENTS

1.1 Cable Schedule Table

LECTURE NOTES ON Classical Cryptographic Techniques ( Substitution Ciphers System)

Implementing a Proton Beam Scanning System within an Operating Clinical Facility

Digital signature documents on Sourcing Tender System

Troubleshooting Guide for E-Poll Book

EURORADIO JAZZ COMPETITION

Manual and Guidelines. For. Library Automation Software Version

Visualization of Hash-functions

WG Stream Cipher based Encryption Algorithm

THE NEXT GENERATION OF CITY MANAGEMENT INNOVATE TODAY TO MEET THE NEEDS OF TOMORROW

Implementation of a new DES chip 1

(12) United States Patent (10) Patent No.: US 6,409,089 B1. Eskicioglu (45) Date of Patent: Jun. 25, 2002

Institute of Southern Punjab, Multan

RECOGNITION OF PRIOR LEARNING CANDIDATE APPLICATION FORM UEE30811 CERTIFICATE III IN ELECTROTECHNOLOGY - ELECTRICIAN

DM Scheduling Architecture

The Swiss cipher machine NeMa

Performance Evaluation of Stream Ciphers on Large Databases

Breaking the Enigma. Dmitri Gabbasov. June 2, 2015

MATHEMATICAL APPROACH FOR RECOVERING ENCRYPTION KEY OF STREAM CIPHER SYSTEM

013 INTERNATIONAL STANDARD MUSIC NUMBER (ISMN)

QT Plus Quick Launch Overview Guide. Revised February 2018

THE MAJORITY of the time spent by automatic test

Troubleshooting Guide for E-Poll Book

Unlinkable Outsourced Channel Monitoring

Distortion Compensated Lookup-Table Embedding: Joint Security and Robustness Enhancement for Quantization Based Data Hiding

IP Broadcasting System. User manual

How can you use Orion to get your publications registered with ACU?

Guidelines for completing the electronic form for the scientific activity of PhD students of the School of Medicine by using web application

Functional Skills Mathematics Entry 3 Sample assessment

ES&S - EVS Release , Version 4(Revision 1)

NEW MEXICO STATE UNIVERSITY Electrical and Computer Engineering Department. EE162 Digital Circuit Design Fall Lab 5: Latches & Flip-Flops

Qs7-1 DEVELOPMENT OF AN IMAGE COMPRESSION AND AUTHENTICATION MODULE FOR VIDEO SURVEILLANCE SYSTEMS. DlSTRlBUllON OF THIS DOCUMENT IS UNLlditEb,d

DESIGN and IMPLETATION of KEYSTREAM GENERATOR with IMPROVED SECURITY

Kaba Clock Time Collection Device Update. onesource.uga.edu

Adding Analog and Mixed Signal Concerns to a Digital VLSI Course

Aadhar based Finger print EVM System

Modelling a master detail scheduler for the laboratory

Transcription:

Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting Jörn Müller-Quade 1, Dirk Achenbach 1, Carmen Kempka 2, Bernhard Löwe 1 KARLSRUHE INSTITUTE OF TECHNOLOGY, NTT SECURE PLATFORM LABORATORIES 1) Karlsruhe Institute of Technology 2) NTT Secure Platform Laboratories www.kit.edu www.seclab.ecl.ntt.co.jp/e/

Introduction What we want to achieve Coercion-resistance: Even a fully cooperating voter can not convince the adversary that she has followed his instructions in any way which affects her choice. Verifiable Correctness: Every voter can verify that her ballot is included in the tally and processed correctly, and that the tally result is computed correctly. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 2/22

Introduction What we want to achieve Coercion-resistance: Even a fully cooperating voter can not convince the adversary that she has followed his instructions in any way which affects her choice. Verifiable Correctness: Every voter can verify that her ballot is included in the tally and processed correctly, and that the tally result is computed correctly. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 2/22

How to Achieve Coercion-Resistance How can we defend against observation during the voting process? Fake voting credentials, panic passwords Our approach: do nothing, then just revote Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 3/22

How to Achieve Coercion-Resistance How can we defend against observation during the voting process? Fake voting credentials, panic passwords Our approach: do nothing, then just revote Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 3/22

How to Achieve Coercion-Resistance How can we defend against observation during the voting process? Fake voting credentials, panic passwords Our approach: do nothing, then just revote Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 3/22

Our Contribution Modification of the voting scheme of Juels, Catalano and Jakobsson to allow deniable revoting instead of or in addition to fake credentials First revoting solution which simultaneously offers...... deniability of the revoting process... verifiable correctness of the processing of revotes without demanding of the voter to safe state between votes. Adaption of the security model of Juels at al. to allow revoting Proof of security of our voting scheme Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 4/22

Our Contribution Modification of the voting scheme of Juels, Catalano and Jakobsson to allow deniable revoting instead of or in addition to fake credentials First revoting solution which simultaneously offers...... deniability of the revoting process... verifiable correctness of the processing of revotes without demanding of the voter to safe state between votes. Adaption of the security model of Juels at al. to allow revoting Proof of security of our voting scheme Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 4/22

Our Contribution Modification of the voting scheme of Juels, Catalano and Jakobsson to allow deniable revoting instead of or in addition to fake credentials First revoting solution which simultaneously offers...... deniability of the revoting process... verifiable correctness of the processing of revotes without demanding of the voter to safe state between votes. Adaption of the security model of Juels at al. to allow revoting Proof of security of our voting scheme Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 4/22

Revoting vs. Fake Credentials Fake ceredentials pros and cons: + Robust against adversary who demands the secret key - No sound feedback whether authentication has been successful - Voter needs to be able to create a fake credential on the fly, voter needs to run a coercion evasion strategy online during coercion. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 5/22

Revoting vs. Fake Credentials Fake ceredentials pros and cons: + Robust against adversary who demands the secret key - No sound feedback whether authentication has been successful - Voter needs to be able to create a fake credential on the fly, voter needs to run a coercion evasion strategy online during coercion. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 5/22

Revoting vs. Fake Credentials Revoting pros and cons: + Sound feedback + No evasion strategy during coercion + Applicable in elections where deniable revoting is necessary - Inalienable credentials: Voter must not give away his secret key - Adversarial observation has to end before the voting phase ends Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 6/22

Revoting vs. Fake Credentials Revoting pros and cons: + Sound feedback + No evasion strategy during coercion + Applicable in elections where deniable revoting is necessary - Inalienable credentials: Voter must not give away his secret key - Adversarial observation has to end before the voting phase ends Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 6/22

Revoting: Attacks and Challenges Coercion-resistance: The adversary must not see whether the voter has overwritten her ballot. Revoting needs to be deniable. 1009 attack (Warren Smith): The adversary must not even see how often a ballot was cast using the same credential. At the same time, we need verifiable correctness: Of each voter, only one vote - the last - must count. Correct handling of the revotes needs to be proven. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 7/22

Revoting: Attacks and Challenges Coercion-resistance: The adversary must not see whether the voter has overwritten her ballot. Revoting needs to be deniable. 1009 attack (Warren Smith): The adversary must not even see how often a ballot was cast using the same credential. At the same time, we need verifiable correctness: Of each voter, only one vote - the last - must count. Correct handling of the revotes needs to be proven. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 7/22

Revoting: Attacks and Challenges Coercion-resistance: The adversary must not see whether the voter has overwritten her ballot. Revoting needs to be deniable. 1009 attack (Warren Smith): The adversary must not even see how often a ballot was cast using the same credential. At the same time, we need verifiable correctness: Of each voter, only one vote - the last - must count. Correct handling of the revotes needs to be proven. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 7/22

Deniable Revoting pre-election phase voter list voter registration candidate list voting phase post-election phase ballot creation and ballot casting deleting overwritten ballots tallying pre-calculation for post-election phase Our Algorithm...... starts with a list of encrypted ballots,... and ends with a weeded list of encrypted ballots, containing only the newest ballot of each voter. Security is proven up to this point. The tally of the weeded encrypted ballots can be done with standard techniques. Introduction Deniable Revoting Jo rn Mu ller-quade, Dirk Achenbach, Carmen Kempka, Bernhard Lo we Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting Conclusion 8/22

Attack Model pre-election phase voter list voter registration candidate list trustworthy KeyGen voting phase post-election phase ballot creation and ballot casting deleting overwritten ballots full coercion / observation * tallying full coercion / observation * time to recast a vote without observation Introduction Deniable Revoting Jo rn Mu ller-quade, Dirk Achenbach, Carmen Kempka, Bernhard Lo we Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting Conclusion 9/22

Deniable Revoting: Overview Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 10/22

Phase 1 and 2: Ballot Casting pk =signature verification key, v =vote, ts =timestamp List of Ballots: b 1 = (E(v 1 ), E(pk 1 ), ts 1 ), π 1 b 2 = (E(v 2 ), E(pk 2 ), ts 2 ), π 2... Phase 1 (Casting): Voter creates NIZK-proofs π...... of knowledge of signature σ with verify pk (ballot, σ) = 1... that E(pk) contains the key pk used in the proof above Phase 2 (pre-weeding): The NIZK-proofs π are checked. Ballots with invalid proofs are marked invalid and not considered any further. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 11/22

Phase 1 and 2: Ballot Casting pk =signature verification key, v =vote, ts =timestamp List of Ballots: b 1 = (E(v 1 ), E(pk 1 ), ts 1 ), π 1 b 2 = (E(v 2 ), E(pk 2 ), ts 2 ), π 2... Phase 1 (Casting): Voter creates NIZK-proofs π...... of knowledge of signature σ with verify pk (ballot, σ) = 1... that E(pk) contains the key pk used in the proof above Phase 2 (pre-weeding): The NIZK-proofs π are checked. Ballots with invalid proofs are marked invalid and not considered any further. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 11/22

Phase 1 and 2: Ballot Casting pk =signature verification key, v =vote, ts =timestamp List of Ballots: b 1 = (E(v 1 ), E(pk 1 ), ts 1 ), π 1 b 2 = (E(v 2 ), E(pk 2 ), ts 2 ), π 2... Phase 1 (Casting): Voter creates NIZK-proofs π...... of knowledge of signature σ with verify pk (ballot, σ) = 1... that E(pk) contains the key pk used in the proof above Phase 2 (pre-weeding): The NIZK-proofs π are checked. Ballots with invalid proofs are marked invalid and not considered any further. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 11/22

Phase 3: Weeding of old Ballots pk =signature verification key, v =vote, ts =timestamp List of Ballots: b 1 = (E(v 1 ), E(pk 1 ), ts 1 ) b 2 = (E(v 2 ), E(pk 2 ), ts 2 )... Phase 3: Older ballots are sorted out. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 12/22

Weeding old Ballots: Comparing Identities c 1 pk A 07:08 c 1 pk A 07:08 pk A/pk B pk A/pk C pk A/pk A pk A/pk D c 2 pk B 09:13 c 2 pk B 09:13 pk B/pk C pk B/pk A pk B/pk D c 3 pk C 12:25 c 4 pk A 13:37 c 5 pk D 17:42 c 3 pk C 12:25 c 4 pk A 13:37 c 5 pk D 17:42 pk C/pk A pk A/pk D pk C/pk D Ciphertext Plaintext Encrypted Plaintext Equality Tests (EPETs) on the credentials: ( ) { R pki Enc(1) if pk i = pk j EPET (pk i, pk j ) = Enc( ) = pk j Enc(r) if pk i pk j Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 13/22

How to Accumulate the Differences? c 1 pk A 07:08 c 2 pk B 09:13 c 3 pk C 12:25 c 4 pk A 13:37 81 53 1 48 46 418 28 49 9 13 c 5 pk D 17:42 Can we use the homomorphic property of the encryption? Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 14/22

How to Accumulate the Differences? c 1 pk A 07:08 c 2 pk B 09:13 c 3 pk C 12:25 c 4 pk A 13:37 81 53 1 48 46 418 28 49 9 13 c 5 pk D 17:42 Can we use the homomorphic property of the encryption? Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 14/22

How to Accumulate the Differences? We can use the homomorphic property of the encryption... Enc(25) = Enc(81) Enc(53) Enc(1) Enc(48) mod N Enc(139) = Enc(1) Enc(1) Enc(139) Enc(1) mod N... if we swap the encryption of an arbitrary number with an encryption of a 1 and vice versa. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 15/22

Preperation for Conversion c 1 pk A 07:08 81 53 1 48 c 1 pk A 07:08 07:08 81 07:08 53 07:08 48 c 2 pk B 09:13 46 418 28 c 2 pk B 09:13 09:13 46 09:13 418 09:13 28 c 3 pk C 12:25 49 9 c 3 pk C 12:25 12:25 49 12:25 9 c 4 pk A 13:37 13 c 4 pk A 13:37 13:37 13 c 5 pk D 17:42 c 5 pk D 17:42 Form tuples (Enc(ts), d ij ), where d ij = EPET (pk i, pk j ). Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 16/22

Conversion 07:08 81 39 09:13 1 07:08 53 Mix 07:08 53 09:13 46 1 r r 1 09:13 1 Mix 07:08 48 07:08 81 39 09:13 46.. 07:08 48...... No matter how we convert, we have that either d ij = 1 or d ij = 1. Set (a, b) := shuffle(d ij, d ij ), and show with PET that either ab = a, and ab b, or vice versa. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 17/22

Conversion 07:08 81 39 09:13 1 07:08 53 Mix 07:08 53 09:13 46 1 r r 1 09:13 1 Mix 07:08 48 07:08 81 39 09:13 46.. 07:08 48...... No matter how we convert, we have that either d ij = 1 or d ij = 1. Set (a, b) := shuffle(d ij, d ij ), and show with PET that either ab = a, and ab b, or vice versa. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 17/22

Conversion A coordinator reencrypts all dij, and sends them to the voting authority in random order, mixed with fake differences. The voting authority converts them to dij0 by hand (decrypt - convert - encrypt). The converted dij will also act as fake differences. random fill entrys Input Output real entrys no fill entry yes no 2nd time yes Converted fake values are discarded. Prove dij dij0 = dij or dij0 for the real ones. Introduction Deniable Revoting Jo rn Mu ller-quade, Dirk Achenbach, Carmen Kempka, Bernhard Lo we Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting Conclusion 18/22

Sort Back and Accumulate 09:13 1 c 1 pk A 07:08 1 1 139 1 c 1 pk A 07:08 139 c 2 pk B 09:13 1 1 1 c 2 pk B 09:13 1 c 3 pk C 12:25 1 1 c 3 pk C 12:25 1 39 c 4 pk A 13:37 1 c 4 pk A 13:37 1 c 5 pk D 17:42.. The first ballot has been overwritten. c 5 pk D 17:42 Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 19/22

Result c 1 pk A 07:08 1 1 139 1 c 2 pk B 09:13 1 1 1 c 2 pk B c 3 pk C 12:25 1 1 c 3 pk C c 4 pk A 13:37 1 c 4 pk A c 5 pk D 17:42 c 5 pk D The first ballot has been overwritten, and is therefore omitted. The remaining ballots are ready for tallying, using standard techniques. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 20/22

Conclusion We introduced...... Deniable revoting as an alternative/addition to fake credentials... Showed that deniable revoting is possible while maintaining public verifiability Security is proven in an adapted version of the model of Juels, Catalano and Jakobsson Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 21/22

Thank you very much! Thank you! Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting 22/22

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback