Your SlideShare is downloading. ×
0
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Efficient Receipt-Free Ballot Casting Resistant to Covert Channels

1,423

Published on

EVT/WOTE 2009 Presentation

EVT/WOTE 2009 Presentation

Published in: Technology, Business
1 Comment
0 Likes
Statistics
Notes
  • thanq its very good together with helpful to me in thinking about development comes and think of that.... very nice function.... tanq for this.....
    Sharika
    http://winkhealth.com http://financewink.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
1,423
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Efficient Receipt-Free Ballot Casting Resistant to Covert Channels Ben Adida C. Andrew Neff EVT / WOTE August 11th, 2009 Montreal, Canada
  • 2. Andy uses a voting machine to prepare a ballot. Andy wants to verify that the machine properly encrypted the ballot. 2
  • 3. Neff ’s MarkPledge and Moran-Naor. Two Problems. 1) 2 ciphertexts per challenge bit (40-50) 2) machine can use ballot to leak plaintext. 3
  • 4. MarkPledge2 efficient ballot encoding: 2 ciphertexts for any challenge length covert-channel resistance: no leakage via the ballot. voting machine is significantly simplified. ➡ simpler voting machine = less chance of errors. 4
  • 5. Voter Experience 5
  • 6. Voter Experience Voter Check-in Andy _________ Ben _________ 5
  • 7. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ 5
  • 8. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ Hillary Barack John Bill 5
  • 9. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ Hillary Barack John Bill 5
  • 10. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ Hillary Barack Barack John 8DX5 Bill 5
  • 11. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ Hillary Barack Barack Challenge? John 8DX5 Bill 5
  • 12. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ Hillary Barack Barack Challenge? John 8DX5 VHTI Bill 5
  • 13. Voter Experience Voter Receipt Check-in Hillary MCN3 Andy VHTI _________ Barack 8DX5 Ben _________ John I341 Bill LQ21 Challenge Hillary VHTI Barack Barack Challenge? John 8DX5 VHTI Bill 5
  • 14. Voter Experience Voter Receipt Check-in Hillary MCN3 Andy VHTI _________ Barack 8DX5 Ben _________ John I341 Bill LQ21 Challenge Hillary VHTI Barack Barack Challenge? John 8DX5 VHTI Bill 5
  • 15. Voter Experience Voter Receipt Check-in Hillary MCN3 Andy VHTI _________ Barack 8DX5 Ben _________ John I341 Bill LQ21 Challenge Hillary VHTI Barack Barack Challenge? John 8DX5 VHTI Bill 5
  • 16. Special Bit Encryption Hillary 0 Barack 1 Encrypt a 0 or 1 John for each candidate 0 Bill 0 Special proof protocol ➡ for bit b=1 ➡ meaningful short strings as part of the commitment ➡ short challenge strings for real and simulated proofs 6
  • 17. Special Bit Encryption Hillary 0 Barack 1 Encrypt a 0 or 1 John for each candidate 0 Bill 0 Special proof protocol ➡ for bit b=1 ➡ meaningful short strings <ciphertexts>, "8DX5" as part of the commitment ➡ short challenge strings for real and simulated proofs 6
  • 18. Special Bit Encryption Hillary 0 Barack 1 Encrypt a 0 or 1 John for each candidate 0 Bill 0 Special proof protocol ➡ for bit b=1 ➡ meaningful short strings <ciphertexts>, "8DX5" as part of the commitment "VHTI" ➡ short challenge strings for real and simulated proofs 6
  • 19. Special Bit Encryption Hillary 0 Barack 1 Encrypt a 0 or 1 John for each candidate 0 Bill 0 Special proof protocol ➡ for bit b=1 ➡ meaningful short strings <ciphertexts>, "8DX5" as part of the commitment "VHTI" ➡ short challenge strings for real and simulated proofs reveal enc factors 6
  • 20. Voter Experience (II) Hillary 0 Barack 1 John 0 Bill 0 7
  • 21. Voter Experience (II) <ciphertexts>, !!!!!!!!!! Hillary 0 <ciphertexts>, "8DX5" Barack 1 <ciphertexts>, !!!!!!!!!! John 0 <ciphertexts>, !!!!!!!!!! Bill 0 7
  • 22. Voter Experience (II) <ciphertexts>, !!!!!!!!!! Hillary "VHTI" 0 <ciphertexts>, "8DX5" Barack 1 "VHTI" <ciphertexts>, !!!!!!!!!! John 0 "VHTI" <ciphertexts>, !!!!!!!!!! Bill 0 "VHTI" 7
  • 23. Voter Experience (II) <ciphertexts>, "MCN3" Hillary "VHTI" 0 <ciphertexts>, "8DX5" Barack 1 "VHTI" <ciphertexts>, "I341" John 0 "VHTI" <ciphertexts>, "LQ21" Bill 0 "VHTI" 7
  • 24. Voter Experience (II) <ciphertexts>, "MCN3" Hillary "VHTI" 0 reveal enc factors <ciphertexts>, "8DX5" Barack 1 "VHTI" reveal enc factors <ciphertexts>, "I341" John 0 "VHTI" reveal enc factors <ciphertexts>, "LQ21" Bill 0 "VHTI" reveal enc factors 7
  • 25. Voter Experience (II) <ciphertexts>, "MCN3" Hillary "VHTI" MCN3 0 reveal enc factors <ciphertexts>, "8DX5" Barack 1 "VHTI" reveal enc factors 8DX5 <ciphertexts>, "I341" John 0 "VHTI" reveal enc factors I341 <ciphertexts>, "LQ21" Bill 0 "VHTI" reveal enc factors LQ21 7
  • 26. MarkPledge & Moran-Naor BitEnc(1) 0 0 1 1 ... 0 0 Pledge 0 1 ... 0 Challenge 1 1 ... 0 Reveal 0 0 1 1 ... 0 0 unique BitEnc(0) 1 0 0 1 ... 0 1 that fits the challenge 8
  • 27. Markpledge 2 different bit encryption (α, β) ∈ Zq , 2 with α + β = 1 2 2 ➡ isomorphic to SO(2, q) ➡ operation is rotation (matrix mult.) Designate 1-, 0-, and T-vectors ➡ any pair of a 1-vector and 0-vector bisected by a test vector ➡ dot-product with test vector. 9
  • 28. Same pattern emerges MarkPledge MarkPledge2 BitEnc(1) 0 0 1 1 ... 0 0 xi yi Pledge 0 1 ... 0 i Challenge 1 1 ... 0 xC,yC Reveal 0 0 1 1 ... 0 0 xCxi + yCyi m0,i chal unique xi,yi BitEnc(0) 1 0 0 1 ... 0 1 that fits the challenge 10
  • 29. Covert Channel Raised by Karloff, Sastry & Wagner If the voting machine chooses the random factor, it can embed info Can we make the voting machine fully deterministic given a voter ID and a selection in a given race? 11
  • 30. Covert Channel Ballot #42 1 0 0 0 0 2, r'1 Trustee #1 0 0 1 0 0 Ballot #42 7 = 2 mod 5 1, r'2 Trustee #2 0 0 0 1 0 r'1 + r'2 + r'3 Voting Machine 4, r'3 Trustee #3 0 0 1 0 0 Bulletin Board Ballot #42 0 0 1 0 0 Pre-generate ciphertexts with trustees Rotate them on voter selection 12
  • 31. Why is this receipt-free? What can the coercer ask the voter to do that affects the ballot / receipt? Only the challenge, which is selected before the voter enters the booth. All proofs will look the same, whether real or simulated. 13
  • 32. Questions? 14

×