• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Helios - Real-World Open-Audit Voting
 

Helios - Real-World Open-Audit Voting

on

  • 5,423 views

Helios and the recent UCL election presented at the electronic voting workshop in Israel, Tel Aviv University, May 2009.

Helios and the recent UCL election presented at the electronic voting workshop in Israel, Tel Aviv University, May 2009.

Statistics

Views

Total Views
5,423
Views on SlideShare
5,388
Embed Views
35

Actions

Likes
1
Downloads
23
Comments
1

4 Embeds 35

http://benlog.com 24
http://www.slideshare.net 6
https://twitter.com 3
http://www.linkedin.com 2

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • exceptional demonstration..convinced me to have a hardlook at my company model..amazing
    Sharika
    http://winkhealth.com http://financewink.com
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Helios - Real-World Open-Audit Voting Helios - Real-World Open-Audit Voting Presentation Transcript

    • Helios real-world open-audit voting Ben Adida Harvard University Workshop on Electronic Voting Tel Aviv University 18 May 2009
    • http://www.cs.uiowa.edu/~jones/voting/pictures/ 2
    • Who counts the votes?
    • http://www.cs.uiowa.edu/~jones/voting/pictures/ 4
    • Democratizing the Tallying Process + secrecy
    • Public Ballots Bulletin Board Bob: McCain Carol: Obama 6
    • Public Ballots Bulletin Board Bob: McCain Carol: Obama Alice 6
    • Public Ballots Bulletin Board Alice: Bob: Obama McCain Carol: Obama Alice 6
    • Public Ballots Bulletin Board Alice: Bob: Obama McCain Carol: Obama Tally Obama....2 McCain....1 Alice 6
    • Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Rice Tally Obama....2 McCain....1 Alice 7
    • Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Ali Rice ce ver Tally ifie s he rv Obama....2 ote McCain....1 Alice 7
    • Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Ali ce Rice ta lly ver e thTally ifie rifies s he ne ve rv ver yo Obama....2 ote E McCain....1 Alice 7
    • How can we verify operations on encrypted data? Mathematical Proofs. 8
    • Zero-Knowledge Proof President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Obama Vote For: Obama 9
    • Zero-Knowledge Proof President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Obama Vote For: Obama 9
    • Zero-Knowledge Proof President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Obama Vote For: Obama This last envelope likely contains “Obama” 9
    • Zero-Knowledge Proof President: President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Vote For: Mickey Mouse Obama McCain Paul Open envelopes don’t prove anything after the fact. 10
    • “And there are cryptographic techniques that can be used to achieve software independence so that even if there's a bug in the software, you'll detect if there's a problem. But those are not ready for prime time in my opinion.” Avi Rubin, 7/9/2008
    • “But with cryptography, you’re just moving the black box. Few people really understand it or trust it.” Debra Bowen California Sec. of State, 7/30/2008 (paraphrased)
    • Where to Start?
    • Most Open-Audit schemes Complex voting process In-person voting Few can experience it
    • Helios Simplify Low-coercion elections Web-based: all can experience
    • “Low-Coercion?” - A more appropriate term might be “stratified coercion” - If the voting public is a subset of the population, there may be inherent limits to coercion. - e.g. university voting - e.g. EFCA in the US
    • Technical Concepts
    • Technical Concepts - Probabilistic Encryption & Threshold Decryption. posting ciphertexts safely on a bulletin board
    • Technical Concepts - Probabilistic Encryption & Threshold Decryption. posting ciphertexts safely on a bulletin board - Homomorphic Tallying. no write-ins, proofs of correct plaintext
    • Technical Concepts - Probabilistic Encryption & Threshold Decryption. posting ciphertexts safely on a bulletin board - Homomorphic Tallying. no write-ins, proofs of correct plaintext - Benaloh Challenge. cast or audit, authenticate only upon cast
    • Technical Concepts - Probabilistic Encryption & Threshold Decryption. posting ciphertexts safely on a bulletin board - Homomorphic Tallying. no write-ins, proofs of correct plaintext - Benaloh Challenge. cast or audit, authenticate only upon cast - In-Browser Encryption. plaintext only in user’s browser
    • Probabilistic Encryption & Threshold Decryption
    • Public-Key Encryption
    • Public-Key Encryption Keypair consists of a public key pk and a secret key sk.
    • Public-Key Encryption Keypair consists of a public key pk and a secret key sk. quot;Obamaquot; Enc pk 8b5637
    • Public-Key Encryption Keypair consists of a public key pk and a secret key sk. quot;Obamaquot; Enc pk 8b5637 quot;McCainquot; Enc pk c5de34
    • Public-Key Encryption Keypair consists of a public key pk and a secret key sk. quot;Obamaquot; Enc pk 8b5637 quot;McCainquot; Enc pk c5de34 quot;Obamaquot; Enc pk a4b395
    • Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. 8b5637
    • Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb 8b5637
    • Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637
    • Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 Dec sk3 7231bc
    • Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 Dec sk3 7231bc Dec sk4 8239ba
    • Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 quot;Obamaquot; Dec sk3 7231bc Dec sk4 8239ba
    • Homomorphic Tallying
    • Homomorphic Property First: r’th residuosity [Benaloh85] Also: Paillier Cryptosystem [P99] 22
    • Homomorphic Property Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) First: r’th residuosity [Benaloh85] Also: Paillier Cryptosystem [P99] 22
    • Homomorphic Property Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) First: r’th residuosity [Benaloh85] Also: Paillier Cryptosystem [P99] 22
    • Homomorphic Property Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) then we can simply add votes “under cover” of encryption! First: r’th residuosity [Benaloh85] Also: Paillier Cryptosystem [P99] 22
    • Homomorphic Tally Vote for None Adam 0001 0000 0000 0000 Vote for Vote for Vote for Bob 0000 0001 0000 0000 Obama Vote for McCain 0000 0000 0001 0000 Vote for Charlie 0000 0000 0000 0001 Vote for David 0003 0001 0008 0002 0004 0006 0005 Sample Tally [B+2001, P1999] 23
    • Benaloh Casting Protocol
    • http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Decrypted Ballot Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Decrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; quot;CASTquot; Decrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; quot;CASTquot; Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; quot;CASTquot; Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; quot;CASTquot; Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot Signed Encrypted Ballot VERIFICATION Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
    • Helios System Details
    • Helios System Details - Python & JavaScript logic & crypto
    • Helios System Details - Python & JavaScript logic & crypto - Free/Open-Source stack
    • Helios System Details - Python & JavaScript logic & crypto - Free/Open-Source stack - Deployed on Google App Engine
    • Helios System Details - Python & JavaScript logic & crypto - Free/Open-Source stack - Deployed on Google App Engine - Deployed on Apache/Python/PostgreSQL
    • Helios System Details - Python & JavaScript logic & crypto - Free/Open-Source stack - Deployed on Google App Engine - Deployed on Apache/Python/PostgreSQL - Customizable authentication, look-and-feel, translations
    • So, does it work? - Université catholique de Louvain - 25,000 eligible voters - University president election - Helios 2.0, optimized - customized for UCL (French, improved UI)
    • 28
    • 29
    • 30
    • 500 500 1st round 1st round 2nd round 2nd round 400 DAY 1 400 DAY 2 Number of votes per hour Number of votes per hour 300 300 200 200 100 100 0 0 0 2 4 6 8 10 12 14 16 18 20 22 0 2 4 6 8 10 12 14 16 18 20 22 Time [h] Time [h] 4000 4000 3500 3500 3000 3000 Total number of votes Total number of votes 2500 2500 2000 2000 1500 1500 1000 1000 DAY 1 1st round DAY 2 1st round 2nd round 2nd round 500 500 0 0 0 2 4 6 8 10 12 14 16 18 20 22 0 2 4 6 8 10 12 14 16 18 20 22 Time [h] Time [h] 31
    • 32
    • 32
    • 32
    • Most Interesting Lesson: spurious claims are easily countered
    • brief demo
    • Questions? ben_adida@harvard.edu http://heliosvoting.org/