Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
Data compressor
Next
Download to read offline and view in fullscreen.

Share

Electronic Voting in the Standard Model

Download to read offline

Electronic Voting in the Standard Model
Thomas Briner September 2003

Electronic voting schemes that claim to satisfy the property of receipt-freeness usually need strong physical assumptions which are not available in real life. In this paper we present a protocol that achieves receipt-freeness in a threshold model without unrealistic assumptions. It is designed for large scale votes. It uses an existing type of untappable channels for the initialization of a vote but only usual internet connections for the voting phase. The untappable channels are needed only in order to achieve receipt-freeness but are not mandatory for all other properties.

The protocol achieves receipt-freeness by allowing each voter to convince a votebuyer who is willing to pay for a certain vote even though the voter casted an arbitrary vote. Even if the votebuyer is able to eavesdrop all channels between voters and authorities except for the untappable ones, it is indistinguishable for him whether or not the voter is telling the truth.

In case of coercion, a voter who is forced to cast a certain vote is still able to make sure that the vote will be considered invalid and therefore ignored by the authorities without giving the coercer the opportunity to figure it out. All these properties hold under the assumption that no authority cooperates with a votebuyer or blackmailer.
A dishonest authority is able to prevent a voter from casting a vote. This cannot be prevented but at least it will be detected that some irregularity has occurred. It is possible that the correctness of the result can be influenced by dishonest authorities, but in a context of a large scale vote, the level of overall correctness can still be judged by detecting the number of such irregularities and comparing it to the result.

Universal verifiability is not achieved with this protocol. The protocol is based on a threshold on the number of honest authorities. This is no loss compared to the protocols that claim to have the property of universal verifiability in theory as they need additional elements e.g. a kind of bulletin board that do not exist in real life. To implement this bulletin board it has to be simulated by the authorities and therefore depends on the honesty of those authorities too.

  • Be the first to like this

Electronic Voting in the Standard Model

  1. 1. Electronic Votingin the Standard ModelSemesterarbeitSS03Thomas Briner Betreuung: Martin HirtVote vVoter Authority
  2. 2. Bulletin BoardSKA
  3. 3. Homomorphic EncryptionE(v1) ⊕ E(v2) = E(v1+ v2)
  4. 4. Bulletin BoardSKA
  5. 5. Bulletin BoardSKA
  6. 6. Bulletin BoardSKArandomness
  7. 7. Bulletin Board1,...,TN)
  8. 8. Bulletin Board1,...,TN)
  9. 9. e = E(v,α)homomorphicencryptionvblindingē
  10. 10. SKA
  11. 11. ē ē
  12. 12. ē ē
  13. 13. homomorphicencryptionvblindingē0 1 0 0 0 0 0Cand 1 Cand LCand 2 .....e E(0) E(1) E(0) E(0) E(0) E(0) E(0)E(0) E(0) E(0) E(0) E(0) E(1) E(0)
  14. 14. homomorphic encryptionvblinding with correct keyēecasted voteencrypted and blinded voteas sent in ballot
  15. 15. homomorphic encryptionvblinding with correct keyēevecasted votehomomorphic encryptionblinding with fake keyclaimed voteencrypted and blinded voteas sent in ballot
  16. 16. ēcasted voteclaimed vote
  17. 17. ballot = (voter ID,vote ID,encrypted and permuted vote ,ēvalidity proof,tag,signature )
  18. 18. encrypted permuted vote ētagTkey = ax + bPpermutation π
  19. 19. encrypted permuted vote ētagTkey = ax + bPpermutation πpermutation πPtagT
  20. 20. key = ax + bencrypted permuted vote , permutationē πtagTencrypted permuted vote , permutationē π tagTclaimed keys
  21. 21. Possible States for each Voterempty: No correctly signed ballotinvalid: One or more correctly signed butonly invalid onesvalid: Exactly one correctly signed and validdouble: More than one correctly signed andvalid ones
  22. 22. List ofAccusations
  23. 23. The Voters View Receives letter with a permutation and akey Chooses his vote Encrypts his vote Permutes the encrypted vote Sends it to at least one honest authority Generates fake keys for each permutationhe wants to claim “Proves” to the votebuyer that he hascasted the desired vote
  24. 24. Properties of this ProtocolPrivacy: Yes!Availability: Yes!Correctness: Not completely,detection of irregularitiesbut no preventionReceipt-freeness:Yes!
  25. 25. EPKA(v)
  26. 26. EPKA(v)
  27. 27. Vielen Dank für die Aufmerksamkeit!

Electronic Voting in the Standard Model Thomas Briner September 2003 Electronic voting schemes that claim to satisfy the property of receipt-freeness usually need strong physical assumptions which are not available in real life. In this paper we present a protocol that achieves receipt-freeness in a threshold model without unrealistic assumptions. It is designed for large scale votes. It uses an existing type of untappable channels for the initialization of a vote but only usual internet connections for the voting phase. The untappable channels are needed only in order to achieve receipt-freeness but are not mandatory for all other properties. The protocol achieves receipt-freeness by allowing each voter to convince a votebuyer who is willing to pay for a certain vote even though the voter casted an arbitrary vote. Even if the votebuyer is able to eavesdrop all channels between voters and authorities except for the untappable ones, it is indistinguishable for him whether or not the voter is telling the truth. In case of coercion, a voter who is forced to cast a certain vote is still able to make sure that the vote will be considered invalid and therefore ignored by the authorities without giving the coercer the opportunity to figure it out. All these properties hold under the assumption that no authority cooperates with a votebuyer or blackmailer. A dishonest authority is able to prevent a voter from casting a vote. This cannot be prevented but at least it will be detected that some irregularity has occurred. It is possible that the correctness of the result can be influenced by dishonest authorities, but in a context of a large scale vote, the level of overall correctness can still be judged by detecting the number of such irregularities and comparing it to the result. Universal verifiability is not achieved with this protocol. The protocol is based on a threshold on the number of honest authorities. This is no loss compared to the protocols that claim to have the property of universal verifiability in theory as they need additional elements e.g. a kind of bulletin board that do not exist in real life. To implement this bulletin board it has to be simulated by the authorities and therefore depends on the honesty of those authorities too.

Views

Total views

375

On Slideshare

0

From embeds

0

Number of embeds

25

Actions

Downloads

16

Shares

0

Comments

0

Likes

0

×