Efficient Receipt-Free Ballot Casting Resistant to Covert Channels

1,943 views
1,865 views

Published on

EVT/WOTE 2009 Presentation

Published in: Technology, Business
1 Comment
0 Likes
Statistics
Notes
  • thanq its very good together with helpful to me in thinking about development comes and think of that.... very nice function.... tanq for this.....
    Sharika
    http://winkhealth.com http://financewink.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
1,943
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
7
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Efficient Receipt-Free Ballot Casting Resistant to Covert Channels

  1. 1. Efficient Receipt-Free Ballot Casting Resistant to Covert Channels Ben Adida C. Andrew Neff EVT / WOTE August 11th, 2009 Montreal, Canada
  2. 2. Andy uses a voting machine to prepare a ballot. Andy wants to verify that the machine properly encrypted the ballot. 2
  3. 3. Neff ’s MarkPledge and Moran-Naor. Two Problems. 1) 2 ciphertexts per challenge bit (40-50) 2) machine can use ballot to leak plaintext. 3
  4. 4. MarkPledge2 efficient ballot encoding: 2 ciphertexts for any challenge length covert-channel resistance: no leakage via the ballot. voting machine is significantly simplified. ➡ simpler voting machine = less chance of errors. 4
  5. 5. Voter Experience 5
  6. 6. Voter Experience Voter Check-in Andy _________ Ben _________ 5
  7. 7. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ 5
  8. 8. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ Hillary Barack John Bill 5
  9. 9. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ Hillary Barack John Bill 5
  10. 10. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ Hillary Barack Barack John 8DX5 Bill 5
  11. 11. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ Hillary Barack Barack Challenge? John 8DX5 Bill 5
  12. 12. Voter Experience Voter Check-in Andy VHTI _________ Ben _________ Hillary Barack Barack Challenge? John 8DX5 VHTI Bill 5
  13. 13. Voter Experience Voter Receipt Check-in Hillary MCN3 Andy VHTI _________ Barack 8DX5 Ben _________ John I341 Bill LQ21 Challenge Hillary VHTI Barack Barack Challenge? John 8DX5 VHTI Bill 5
  14. 14. Voter Experience Voter Receipt Check-in Hillary MCN3 Andy VHTI _________ Barack 8DX5 Ben _________ John I341 Bill LQ21 Challenge Hillary VHTI Barack Barack Challenge? John 8DX5 VHTI Bill 5
  15. 15. Voter Experience Voter Receipt Check-in Hillary MCN3 Andy VHTI _________ Barack 8DX5 Ben _________ John I341 Bill LQ21 Challenge Hillary VHTI Barack Barack Challenge? John 8DX5 VHTI Bill 5
  16. 16. Special Bit Encryption Hillary 0 Barack 1 Encrypt a 0 or 1 John for each candidate 0 Bill 0 Special proof protocol ➡ for bit b=1 ➡ meaningful short strings as part of the commitment ➡ short challenge strings for real and simulated proofs 6
  17. 17. Special Bit Encryption Hillary 0 Barack 1 Encrypt a 0 or 1 John for each candidate 0 Bill 0 Special proof protocol ➡ for bit b=1 ➡ meaningful short strings <ciphertexts>, "8DX5" as part of the commitment ➡ short challenge strings for real and simulated proofs 6
  18. 18. Special Bit Encryption Hillary 0 Barack 1 Encrypt a 0 or 1 John for each candidate 0 Bill 0 Special proof protocol ➡ for bit b=1 ➡ meaningful short strings <ciphertexts>, "8DX5" as part of the commitment "VHTI" ➡ short challenge strings for real and simulated proofs 6
  19. 19. Special Bit Encryption Hillary 0 Barack 1 Encrypt a 0 or 1 John for each candidate 0 Bill 0 Special proof protocol ➡ for bit b=1 ➡ meaningful short strings <ciphertexts>, "8DX5" as part of the commitment "VHTI" ➡ short challenge strings for real and simulated proofs reveal enc factors 6
  20. 20. Voter Experience (II) Hillary 0 Barack 1 John 0 Bill 0 7
  21. 21. Voter Experience (II) <ciphertexts>, !!!!!!!!!! Hillary 0 <ciphertexts>, "8DX5" Barack 1 <ciphertexts>, !!!!!!!!!! John 0 <ciphertexts>, !!!!!!!!!! Bill 0 7
  22. 22. Voter Experience (II) <ciphertexts>, !!!!!!!!!! Hillary "VHTI" 0 <ciphertexts>, "8DX5" Barack 1 "VHTI" <ciphertexts>, !!!!!!!!!! John 0 "VHTI" <ciphertexts>, !!!!!!!!!! Bill 0 "VHTI" 7
  23. 23. Voter Experience (II) <ciphertexts>, "MCN3" Hillary "VHTI" 0 <ciphertexts>, "8DX5" Barack 1 "VHTI" <ciphertexts>, "I341" John 0 "VHTI" <ciphertexts>, "LQ21" Bill 0 "VHTI" 7
  24. 24. Voter Experience (II) <ciphertexts>, "MCN3" Hillary "VHTI" 0 reveal enc factors <ciphertexts>, "8DX5" Barack 1 "VHTI" reveal enc factors <ciphertexts>, "I341" John 0 "VHTI" reveal enc factors <ciphertexts>, "LQ21" Bill 0 "VHTI" reveal enc factors 7
  25. 25. Voter Experience (II) <ciphertexts>, "MCN3" Hillary "VHTI" MCN3 0 reveal enc factors <ciphertexts>, "8DX5" Barack 1 "VHTI" reveal enc factors 8DX5 <ciphertexts>, "I341" John 0 "VHTI" reveal enc factors I341 <ciphertexts>, "LQ21" Bill 0 "VHTI" reveal enc factors LQ21 7
  26. 26. MarkPledge & Moran-Naor BitEnc(1) 0 0 1 1 ... 0 0 Pledge 0 1 ... 0 Challenge 1 1 ... 0 Reveal 0 0 1 1 ... 0 0 unique BitEnc(0) 1 0 0 1 ... 0 1 that fits the challenge 8
  27. 27. Markpledge 2 different bit encryption (α, β) ∈ Zq , 2 with α + β = 1 2 2 ➡ isomorphic to SO(2, q) ➡ operation is rotation (matrix mult.) Designate 1-, 0-, and T-vectors ➡ any pair of a 1-vector and 0-vector bisected by a test vector ➡ dot-product with test vector. 9
  28. 28. Same pattern emerges MarkPledge MarkPledge2 BitEnc(1) 0 0 1 1 ... 0 0 xi yi Pledge 0 1 ... 0 i Challenge 1 1 ... 0 xC,yC Reveal 0 0 1 1 ... 0 0 xCxi + yCyi m0,i chal unique xi,yi BitEnc(0) 1 0 0 1 ... 0 1 that fits the challenge 10
  29. 29. Covert Channel Raised by Karloff, Sastry & Wagner If the voting machine chooses the random factor, it can embed info Can we make the voting machine fully deterministic given a voter ID and a selection in a given race? 11
  30. 30. Covert Channel Ballot #42 1 0 0 0 0 2, r'1 Trustee #1 0 0 1 0 0 Ballot #42 7 = 2 mod 5 1, r'2 Trustee #2 0 0 0 1 0 r'1 + r'2 + r'3 Voting Machine 4, r'3 Trustee #3 0 0 1 0 0 Bulletin Board Ballot #42 0 0 1 0 0 Pre-generate ciphertexts with trustees Rotate them on voter selection 12
  31. 31. Why is this receipt-free? What can the coercer ask the voter to do that affects the ballot / receipt? Only the challenge, which is selected before the voter enters the booth. All proofs will look the same, whether real or simulated. 13
  32. 32. Questions? 14

×