SlideShare a Scribd company logo
1 of 79
Download to read offline
Helios
   real-world
open-audit voting
           Ben Adida
       Harvard University

  Workshop on Electronic Voting
       Tel Aviv University
         18 May 2009
http://www.cs.uiowa.edu/~jones/voting/pictures/   2
Who counts
the votes?
http://www.cs.uiowa.edu/~jones/voting/pictures/   4
Democratizing
the Tallying Process

      + secrecy
Public Ballots
   Bulletin Board


               Bob:
              McCain

         Carol:
         Obama




                       6
Public Ballots
           Bulletin Board


                       Bob:
                      McCain

                 Carol:
                 Obama




Alice
                               6
Public Ballots
            Bulletin Board

         Alice:         Bob:
         Obama         McCain

                  Carol:
                  Obama




Alice
                                6
Public Ballots
            Bulletin Board

         Alice:         Bob:
         Obama         McCain

                  Carol:
                  Obama
                                   Tally

                                Obama....2
                                McCain....1
Alice
                                              6
Encrypted Public Ballots
            Bulletin Board

        Alice:          Bob:
         Rice          Clinton

                  Carol:
                   Rice
                                    Tally

                                 Obama....2
                                 McCain....1
Alice
                                               7
Encrypted Public Ballots
                             Bulletin Board

                         Alice:          Bob:
                          Rice          Clinton

                                   Carol:
 Ali                                Rice
    ce
         ver                                         Tally
             ifie
                s   he
                      rv                          Obama....2
                        ote
                                                  McCain....1
Alice
                                                                7
Encrypted Public Ballots
                             Bulletin Board

                         Alice:          Bob:
                          Rice          Clinton

                                   Carol:
 Ali
    ce                              Rice                             ta lly
         ver                                                      e
                                                                thTally
             ifie                                          rifies
                s   he                            ne   ve
                      rv                 ver   yo               Obama....2
                        ote            E
                                                                McCain....1
Alice
                                                                              7
How can we verify
  operations on
 encrypted data?

Mathematical Proofs.

                       8
Zero-Knowledge Proof
                 President:
                   President:
                Mickey Mouse
                    President:
                 Mickey Mouse
                      President:
                   Mickey Mouse
                       President:
                    Mickey Mouse
                         President:
                      Mickey Mouse
                          Vote For:
                       Mickey Mouse
                          Obama
Vote For:
 Obama




                                      9
Zero-Knowledge Proof
                 President:
                   President:
                Mickey Mouse
                    President:
                 Mickey Mouse
                      President:
                   Mickey Mouse
                       President:
                    Mickey Mouse
                         President:
                      Mickey Mouse
                          Vote For:
                       Mickey Mouse
                          Obama
Vote For:
 Obama




                                      9
Zero-Knowledge Proof
                                       President:
                                         President:
                                      Mickey Mouse
                                          President:
                                       Mickey Mouse
                                            President:
                                         Mickey Mouse
                                             President:
                                          Mickey Mouse
                                               President:
                                            Mickey Mouse
                                                Vote For:
                                             Mickey Mouse
                                                Obama
Vote For:
 Obama




                This last envelope
            likely contains “Obama”
                                                            9
Zero-Knowledge Proof
    President:            President:
      President:
   Mickey Mouse             President:
                         Mickey Mouse
       President:
    Mickey Mouse             President:
                          Mickey Mouse
         President:
      Mickey Mouse             President:
                            Mickey Mouse
          President:
       Mickey Mouse             President:
                             Mickey Mouse
            President:
         Mickey Mouse             President:
                               Mickey Mouse
             Vote For:
          Mickey Mouse             Vote For:
                                Mickey Mouse
             Obama                 McCain
                                    Paul




     Open envelopes don’t prove
       anything after the fact.
                                               10
“And there are cryptographic
    techniques that can be used to
 achieve software independence so
   that even if there's a bug in the
  software, you'll detect if there's a
problem. But those are not ready for
      prime time in my opinion.”

        Avi Rubin, 7/9/2008
“But with cryptography, you’re just
moving the black box. Few people really
      understand it or trust it.”

            Debra Bowen
  California Sec. of State, 7/30/2008
             (paraphrased)
Where to Start?
Most Open-Audit schemes

 Complex voting process
    In-person voting
  Few can experience it
Helios

          Simplify
   Low-coercion elections
Web-based: all can experience
“Low-Coercion?”

- A more appropriate term might be
  “stratified coercion”
- If the voting public is a subset of the population,
  there may be inherent limits to coercion.
- e.g. university voting
- e.g. EFCA in the US
Technical Concepts
Technical Concepts
- Probabilistic Encryption & Threshold Decryption.
  posting ciphertexts safely on a bulletin board
Technical Concepts
- Probabilistic Encryption & Threshold Decryption.
  posting ciphertexts safely on a bulletin board
- Homomorphic Tallying.
  no write-ins, proofs of correct plaintext
Technical Concepts
- Probabilistic Encryption & Threshold Decryption.
  posting ciphertexts safely on a bulletin board
- Homomorphic Tallying.
  no write-ins, proofs of correct plaintext
- Benaloh Challenge.
  cast or audit, authenticate only upon cast
Technical Concepts
- Probabilistic Encryption & Threshold Decryption.
  posting ciphertexts safely on a bulletin board
- Homomorphic Tallying.
  no write-ins, proofs of correct plaintext
- Benaloh Challenge.
  cast or audit, authenticate only upon cast
- In-Browser Encryption.
  plaintext only in user’s browser
Probabilistic Encryption &
  Threshold Decryption
Public-Key Encryption
Public-Key Encryption
Keypair consists of a public key pk and a secret key sk.
Public-Key Encryption
Keypair consists of a public key pk and a secret key sk.

         quot;Obamaquot;         Enc pk       8b5637
Public-Key Encryption
Keypair consists of a public key pk and a secret key sk.

         quot;Obamaquot;         Enc pk       8b5637



          quot;McCainquot;       Enc pk       c5de34
Public-Key Encryption
Keypair consists of a public key pk and a secret key sk.

         quot;Obamaquot;         Enc pk       8b5637



          quot;McCainquot;       Enc pk       c5de34



         quot;Obamaquot;         Enc pk       a4b395
Threshold Decryption
      Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.




    8b5637
Threshold Decryption
      Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.

                 Dec sk1    b739cb



    8b5637
Threshold Decryption
      Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.

                 Dec sk1    b739cb

                 Dec sk2    261ad7
    8b5637
Threshold Decryption
      Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.

                 Dec sk1    b739cb

                 Dec sk2    261ad7
    8b5637
                 Dec sk3    7231bc
Threshold Decryption
      Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.

                 Dec sk1    b739cb

                 Dec sk2    261ad7
    8b5637
                 Dec sk3    7231bc

                 Dec sk4    8239ba
Threshold Decryption
      Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.

                 Dec sk1    b739cb

                 Dec sk2    261ad7
    8b5637                                   quot;Obamaquot;
                 Dec sk3    7231bc

                 Dec sk4    8239ba
Homomorphic
  Tallying
Homomorphic Property




First: r’th residuosity [Benaloh85]
Also: Paillier Cryptosystem [P99]     22
Homomorphic Property

          Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 )




First: r’th residuosity [Benaloh85]
Also: Paillier Cryptosystem [P99]               22
Homomorphic Property

          Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 )




First: r’th residuosity [Benaloh85]
Also: Paillier Cryptosystem [P99]               22
Homomorphic Property

          Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 )


                    then we can simply
          add votes “under cover” of encryption!

First: r’th residuosity [Benaloh85]
Also: Paillier Cryptosystem [P99]                  22
Homomorphic Tally
                        Vote for None Adam
      0001 0000 0000 0000      Vote for

                        Vote for Vote for Bob
      0000 0001 0000 0000        Obama

                        Vote for McCain
      0000 0000 0001 0000      Vote for Charlie

      0000 0000 0000 0001         Vote for David


      0003 0001 0008 0002
      0004 0006 0005              Sample Tally

[B+2001, P1999]
                                                   23
Benaloh
Casting Protocol
http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
Alice




        http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;


Alice




                  http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

        Encrypted
          Ballot
Alice




                    http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                Encrypted
                  Ballot
        Alice




Alice




                            http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                     Encrypted
                       Ballot
             Alice



        quot;AUDITquot;


Alice




                                 http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                       Encrypted
                         Ballot
               Alice



        quot;AUDITquot;
         Decrypted
           Ballot
Alice




                                   http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                                   Encrypted
                                     Ballot
                    Alice



        quot;AUDITquot;
           Decrypted
             Ballot
Alice

        Encrypted      Decrypted
          Ballot         Ballot




            VERIFICATION




                                               http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                                   Encrypted
                                     Ballot
                    Alice



        quot;AUDITquot;
           Decrypted
             Ballot
Alice

        Encrypted      Decrypted
          Ballot         Ballot




            VERIFICATION




                                               http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                                   Encrypted
                                     Ballot
                    Alice



        quot;AUDITquot;
           Decrypted
             Ballot
Alice

        Encrypted      Decrypted
          Ballot         Ballot




            VERIFICATION




                                               http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                                   Encrypted
                                     Ballot
                    Alice



        quot;AUDITquot;
           Decrypted
             Ballot
Alice                                          Alice

        Encrypted      Decrypted
          Ballot         Ballot




            VERIFICATION




                                                       http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                                   Encrypted
                                     Ballot
                    Alice



        quot;AUDITquot;                                         quot;CASTquot;
           Decrypted
             Ballot
Alice                                          Alice

        Encrypted      Decrypted
          Ballot         Ballot




            VERIFICATION




                                                       http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                                   Encrypted
                                     Ballot
                    Alice



        quot;AUDITquot;                                         quot;CASTquot;
           Decrypted                                       Signed
             Ballot                                       Encrypted
                                                            Ballot
Alice                                          Alice

        Encrypted      Decrypted
          Ballot         Ballot




            VERIFICATION




                                                       http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                                   Encrypted
                                     Ballot
                    Alice



        quot;AUDITquot;                                         quot;CASTquot;
           Decrypted                                       Signed
             Ballot                                       Encrypted
                                                            Ballot
Alice                                          Alice

        Encrypted      Decrypted
          Ballot         Ballot




            VERIFICATION
                                               Alice




                                                       http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
quot;Obamaquot;

                                   Encrypted
                                     Ballot
                    Alice



        quot;AUDITquot;                                         quot;CASTquot;
           Decrypted                                       Signed
             Ballot                                       Encrypted
                                                            Ballot
Alice                                          Alice

        Encrypted      Decrypted
          Ballot         Ballot
                                                          Signed
                                                         Encrypted
                                                           Ballot

            VERIFICATION
                                               Alice




                                                       http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
Helios System Details
Helios System Details

- Python & JavaScript logic & crypto
Helios System Details

- Python & JavaScript logic & crypto
- Free/Open-Source stack
Helios System Details

- Python & JavaScript logic & crypto
- Free/Open-Source stack
- Deployed on Google App Engine
Helios System Details

-   Python & JavaScript logic & crypto
-   Free/Open-Source stack
-   Deployed on Google App Engine
-   Deployed on Apache/Python/PostgreSQL
Helios System Details

-   Python & JavaScript logic & crypto
-   Free/Open-Source stack
-   Deployed on Google App Engine
-   Deployed on Apache/Python/PostgreSQL
-   Customizable
    authentication, look-and-feel, translations
So, does it work?

-   Université catholique de Louvain
-   25,000 eligible voters
-   University president election
-   Helios 2.0, optimized
-   customized for UCL (French, improved UI)
28
29
30
500                                                                                                    500

                                                                                           1st round                                                                                              1st round
                                                                                           2nd round                                                                                              2nd round
                                     400       DAY 1                                                                                        400       DAY 2
          Number of votes per hour




                                                                                                                 Number of votes per hour
                                     300                                                                                                    300



                                     200                                                                                                    200



                                     100                                                                                                    100



                                      0                                                                                                      0
                                           0   2   4   6   8   10    12     14   16   18   20   22                                                0   2   4   6   8   10    12     14   16   18   20   22
                                                                 Time [h]                                                                                               Time [h]

                          4000                                                                                                   4000


                          3500                                                                                                   3500


                          3000                                                                                                   3000
Total number of votes




                                                                                                       Total number of votes
                          2500                                                                                                   2500


                          2000                                                                                                   2000


                          1500                                                                                                   1500


                          1000                                                                                                   1000
                                               DAY 1                                       1st round                                                  DAY 2                                       1st round
                                                                                           2nd round                                                                                              2nd round
                                     500                                                                                                    500


                                      0                                                                                                      0
                                           0   2   4   6   8   10    12     14   16   18   20   22                                                0   2   4   6   8   10    12     14   16   18   20   22
                                                                 Time [h]                                                                                               Time [h]




                                                                                                                                                                                                              31
32
32
32
Most Interesting Lesson:
    spurious claims
  are easily countered
brief demo
Questions?
     ben_adida@harvard.edu

http://heliosvoting.org/

More Related Content

Recently uploaded

Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهMohamed Sweelam
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxMasterG
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)Wonjun Hwang
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfOverkill Security
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 

Recently uploaded (20)

Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Helios - Real-World Open-Audit Voting

  • 1. Helios real-world open-audit voting Ben Adida Harvard University Workshop on Electronic Voting Tel Aviv University 18 May 2009
  • 6. Public Ballots Bulletin Board Bob: McCain Carol: Obama 6
  • 7. Public Ballots Bulletin Board Bob: McCain Carol: Obama Alice 6
  • 8. Public Ballots Bulletin Board Alice: Bob: Obama McCain Carol: Obama Alice 6
  • 9. Public Ballots Bulletin Board Alice: Bob: Obama McCain Carol: Obama Tally Obama....2 McCain....1 Alice 6
  • 10. Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Rice Tally Obama....2 McCain....1 Alice 7
  • 11. Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Ali Rice ce ver Tally ifie s he rv Obama....2 ote McCain....1 Alice 7
  • 12. Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Ali ce Rice ta lly ver e thTally ifie rifies s he ne ve rv ver yo Obama....2 ote E McCain....1 Alice 7
  • 13. How can we verify operations on encrypted data? Mathematical Proofs. 8
  • 14. Zero-Knowledge Proof President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Obama Vote For: Obama 9
  • 15. Zero-Knowledge Proof President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Obama Vote For: Obama 9
  • 16. Zero-Knowledge Proof President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Obama Vote For: Obama This last envelope likely contains “Obama” 9
  • 17. Zero-Knowledge Proof President: President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Vote For: Mickey Mouse Obama McCain Paul Open envelopes don’t prove anything after the fact. 10
  • 18. “And there are cryptographic techniques that can be used to achieve software independence so that even if there's a bug in the software, you'll detect if there's a problem. But those are not ready for prime time in my opinion.” Avi Rubin, 7/9/2008
  • 19. “But with cryptography, you’re just moving the black box. Few people really understand it or trust it.” Debra Bowen California Sec. of State, 7/30/2008 (paraphrased)
  • 21. Most Open-Audit schemes Complex voting process In-person voting Few can experience it
  • 22. Helios Simplify Low-coercion elections Web-based: all can experience
  • 23. “Low-Coercion?” - A more appropriate term might be “stratified coercion” - If the voting public is a subset of the population, there may be inherent limits to coercion. - e.g. university voting - e.g. EFCA in the US
  • 25. Technical Concepts - Probabilistic Encryption & Threshold Decryption. posting ciphertexts safely on a bulletin board
  • 26. Technical Concepts - Probabilistic Encryption & Threshold Decryption. posting ciphertexts safely on a bulletin board - Homomorphic Tallying. no write-ins, proofs of correct plaintext
  • 27. Technical Concepts - Probabilistic Encryption & Threshold Decryption. posting ciphertexts safely on a bulletin board - Homomorphic Tallying. no write-ins, proofs of correct plaintext - Benaloh Challenge. cast or audit, authenticate only upon cast
  • 28. Technical Concepts - Probabilistic Encryption & Threshold Decryption. posting ciphertexts safely on a bulletin board - Homomorphic Tallying. no write-ins, proofs of correct plaintext - Benaloh Challenge. cast or audit, authenticate only upon cast - In-Browser Encryption. plaintext only in user’s browser
  • 29. Probabilistic Encryption & Threshold Decryption
  • 31. Public-Key Encryption Keypair consists of a public key pk and a secret key sk.
  • 32. Public-Key Encryption Keypair consists of a public key pk and a secret key sk. quot;Obamaquot; Enc pk 8b5637
  • 33. Public-Key Encryption Keypair consists of a public key pk and a secret key sk. quot;Obamaquot; Enc pk 8b5637 quot;McCainquot; Enc pk c5de34
  • 34. Public-Key Encryption Keypair consists of a public key pk and a secret key sk. quot;Obamaquot; Enc pk 8b5637 quot;McCainquot; Enc pk c5de34 quot;Obamaquot; Enc pk a4b395
  • 35. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. 8b5637
  • 36. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb 8b5637
  • 37. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637
  • 38. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 Dec sk3 7231bc
  • 39. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 Dec sk3 7231bc Dec sk4 8239ba
  • 40. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 quot;Obamaquot; Dec sk3 7231bc Dec sk4 8239ba
  • 42. Homomorphic Property First: r’th residuosity [Benaloh85] Also: Paillier Cryptosystem [P99] 22
  • 43. Homomorphic Property Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) First: r’th residuosity [Benaloh85] Also: Paillier Cryptosystem [P99] 22
  • 44. Homomorphic Property Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) First: r’th residuosity [Benaloh85] Also: Paillier Cryptosystem [P99] 22
  • 45. Homomorphic Property Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) then we can simply add votes “under cover” of encryption! First: r’th residuosity [Benaloh85] Also: Paillier Cryptosystem [P99] 22
  • 46. Homomorphic Tally Vote for None Adam 0001 0000 0000 0000 Vote for Vote for Vote for Bob 0000 0001 0000 0000 Obama Vote for McCain 0000 0000 0001 0000 Vote for Charlie 0000 0000 0000 0001 Vote for David 0003 0001 0008 0002 0004 0006 0005 Sample Tally [B+2001, P1999] 23
  • 49. Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 50. quot;Obamaquot; Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 51. quot;Obamaquot; Encrypted Ballot Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 52. quot;Obamaquot; Encrypted Ballot Alice Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 53. quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 54. quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Decrypted Ballot Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 55. quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 56. quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 57. quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 58. quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; Decrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 59. quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; quot;CASTquot; Decrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 60. quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; quot;CASTquot; Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 61. quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; quot;CASTquot; Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 62. quot;Obamaquot; Encrypted Ballot Alice quot;AUDITquot; quot;CASTquot; Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot Signed Encrypted Ballot VERIFICATION Alice http://en.wikipedia.org/wiki/Image:Barcode-scanner.jpg
  • 64. Helios System Details - Python & JavaScript logic & crypto
  • 65. Helios System Details - Python & JavaScript logic & crypto - Free/Open-Source stack
  • 66. Helios System Details - Python & JavaScript logic & crypto - Free/Open-Source stack - Deployed on Google App Engine
  • 67. Helios System Details - Python & JavaScript logic & crypto - Free/Open-Source stack - Deployed on Google App Engine - Deployed on Apache/Python/PostgreSQL
  • 68. Helios System Details - Python & JavaScript logic & crypto - Free/Open-Source stack - Deployed on Google App Engine - Deployed on Apache/Python/PostgreSQL - Customizable authentication, look-and-feel, translations
  • 69. So, does it work? - Université catholique de Louvain - 25,000 eligible voters - University president election - Helios 2.0, optimized - customized for UCL (French, improved UI)
  • 70. 28
  • 71. 29
  • 72. 30
  • 73. 500 500 1st round 1st round 2nd round 2nd round 400 DAY 1 400 DAY 2 Number of votes per hour Number of votes per hour 300 300 200 200 100 100 0 0 0 2 4 6 8 10 12 14 16 18 20 22 0 2 4 6 8 10 12 14 16 18 20 22 Time [h] Time [h] 4000 4000 3500 3500 3000 3000 Total number of votes Total number of votes 2500 2500 2000 2000 1500 1500 1000 1000 DAY 1 1st round DAY 2 1st round 2nd round 2nd round 500 500 0 0 0 2 4 6 8 10 12 14 16 18 20 22 0 2 4 6 8 10 12 14 16 18 20 22 Time [h] Time [h] 31
  • 74. 32
  • 75. 32
  • 76. 32
  • 77. Most Interesting Lesson: spurious claims are easily countered
  • 79. Questions? ben_adida@harvard.edu http://heliosvoting.org/