SlideShare a Scribd company logo

Code Verification Elections

A
Anthi Orfanou

This document summarizes a presentation on scaling privacy guarantees in code verification elections. It discusses previous work on internet voting that aimed to guarantee vote integrity and secrecy against a malicious personal computer. It then presents a new vote verification protocol that uses secret sharing across multiple identical voting servers to avoid infrastructure server collusions. Each server receives a share of the vote and provides its share to the voter for verification. The protocol is adapted to also work for code verification elections and visual vote representations.

1 of 36
Download to read offline
Scaling Privacy Guarantees in Code Verification Elections Anthi Orfanou Columbia University July 18, 2013 Joint work with Aggelos Kiayias (University of Athens) Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 1 / 19
Internet voting / The untrusted platform problem Voters: Cast votes Personal Computers: Encode, encrypt and submit votes Vote Collectors: Receive and store votes Talliers: Process the votes and compute the result The untrusted platform problem: PC is vulnerable malicious software attempts to modify the vote Voter PC Vote Collector Tallier Internet Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 2 / 19
Previous work Code Voting [SureVote: Chaum’01] [PGD: RT’09, HRT’10] ... Vote secrecy & vote integrity against malicious PC Code Verification Voting [HLV’10] [Gjøsteen’10,’11] [Lipmaa’11] Simpler approach Integrity against malicious PC (the PC sees the vote) Uses receipts to guarantee correct vote submission generation, distribution, reconstruction phases Requires secondary platform that receives the receipts (e.g. mobile phone) Requires 2 attacker free channels Pre/Post-channel: receipt distribution, receipt feedback Postal service/SMS Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 3 / 19
Security Guarantees Previous work [HLV’10] [Gjøsteen’10,’11] Messenger server (MS): reconstructed the security code to be sent to the voter Cast as intended: Detection if the PC is malicious. Violated: PC & MS coalitions Vote Secrecy: Guaranteed against individuals only. Violated: VC & MS coalitions Our results Question: How to avoid the latter infrastructure server collusion attack? Without additional PC-side secrets (key management) [Lipmaa’11] Maintaining human verifiability Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 4 / 19
A New Vote-Verification Protocol Use a set of identical voting servers: No distinction between vote collectors & messenger Share the receipt among the servers: No share leaks information The receipt can be: the vote itself or a voter-dependent security code as before or a visual representation of the vote (image) Voter verification: combine the shares to reconstruct the receipt Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 5 / 19
A New Vote-Verification Protocol Assumption: an average human can do additions mod 10, 100, . . . Consider m candidates in Zm and n ≥ 2 voting servers Pedersen commitments, ElGamal cryptosystem over g q ⊂ Zp, (q, p) primes, Range proof in exponents [LAN’03] The receipt is the actual vote Let u = minλ 10λ s.t. m ≤ 10λ < q, System parameters (g, q, p, u) Broadcast channel from PC to the voting servers Untappable (post)channel from servers to the voter Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 6 / 19
A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm Server S1 Server Sn SSS Tallier x Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Server Sn SSS Tallier x Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Server Sn C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) xn x1 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm x ? = x1 + · · · + xn mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) xn x1 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm x ? = x1 + · · · + xn mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) xn x1 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
A New Vote-Verification Protocol A 2-Server example Vote 7 7 5 5 Server 1 2 9 2 9 Server 2 5 8 3 6 Sum mod 10 7 mod 10 17 mod 10 5 mod 10 15 mod 10 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 8 / 19
Security & Complexity Cast as intended: A correct receipt guarantees a successfully submitted original vote Threshold vote secrecy: with an (n, n)-secret sharing scheme no coalition of less than n servers can extract information about the vote Complexity (online exponentiations): PC: 4( log2(m − 1) + 1 + 11n, 1 signing Server: 5( log2(m − 1) + 1 + 5n + 4, 1 signing, 1 signature verification Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 9 / 19
Adaptation to Code Verification protocol Code generation: Pick bV ,1 . . . bV ,n ∈ Zu bV = n i=1 bV ,i mod u CodeV [x] = x + bV mod uVoter V Votes for x ∈ Zm x ? = x1 + · · · + xn mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) xn x1 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 10 / 19
Adaptation to Code Verification protocol Code generation: Pick bV ,1 . . . bV ,n ∈ Zu bV = n i=1 bV ,i mod u CodeV [x] = x + bV mod uVoter V Votes for x ∈ Zm C = CodeV [x] x ? = x1 + · · · + xn mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 bV ,1 ∈ Zu Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn bV ,n ∈ Zu Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) xn x1 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 10 / 19
Adaptation to Code Verification protocol Code generation: Pick bV ,1 . . . bV ,n ∈ Zu bV = n i=1 bV ,i mod u CodeV [x] = x + bV mod uVoter V Votes for x ∈ Zm C = CodeV [x] x ? = x1 + · · · + xn mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 bV ,1 ∈ Zu Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u a1 = x1 + bV ,1 mod u Server Sn bV ,n ∈ Zu Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u an = xn + bV ,n mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) an a1 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 10 / 19
Adaptation to Code Verification protocol Code generation: Pick bV ,1 . . . bV ,n ∈ Zu bV = n i=1 bV ,i mod u CodeV [x] = x + bV mod uVoter V Votes for x ∈ Zm C = CodeV [x] C ? = a1 + · · · + an mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 bV ,1 ∈ Zu Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u a1 = x1 + bV ,1 mod u Server Sn bV ,n ∈ Zu Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u an = xn + bV ,n mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) an a1 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 10 / 19
Adaptation to Visual Vote verification protocol Visual vote representation Previous work: Visual Cryptography [NS’94]: secret sharing of an image supervised (booth) voting [Chaum’04] Our approach: Associate a message x ∈ Zm with a simple image, with a provable relation Visual sharing of shape descriptions (VSSD) Consider two shapes that can be visually interpreted by a human: A “full” circle A “half” circle Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 11 / 19
Visual sharing of shape descriptions (VSSD) What shape does the overlaying of two half circles create? + = full circle + = full circle + = half circle + = half circle Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 12 / 19
n-VSSD definition In general n share-holders (servers) M a set of m ≥ 2 messages (candidates) Dx the set of visual descriptions for message x ∈ M, |Dx | ≥ 1 Λ the visual alphabet, commutative semigroup with operation ∨ P : M → Λn randomized splitting function Properties: Solvability: ∀x ∈ M ∀ v1, . . . , vn ∈ P(x): ∨n i=1vi ∈ Dx (t, n)-Resilience: Consider n-tuple w = (a ∪ {#})n s.t. w has (at most) t < n known shares a ∈ Λ n − t unknown shares # ∈ Λ then ∃ 0 < c < 1 s.t. Probv←P(x)[w ∈ v] = c Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 13 / 19
Our approach: A 2-VSSD Simple 2-VSSD: n=2 servers, m = 2 messages 2 messages: M∗ = {0, 1} Λ∗ = { , }, ∨: visual overlaying (logical bitwise OR) 0 ↔: full circle D∗ 0 = { }, P∗ (0) = { , , , } 1 ↔ half circle D∗ 1 = { , }, P∗ (1) = { , , , } Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 14 / 19
Our approach: A 2-VSSD Simple 2-VSSD: n=2 servers, m = 2 messages 2 messages: M∗ = {0, 1} Λ∗ = { , }, ∨: visual overlaying (logical bitwise OR) 0 ↔: full circle D∗ 0 = { }, P∗ (0) = { , , , } 1 ↔ half circle D∗ 1 = { , }, P∗ (1) = { , , , } General 2-VSSD: n=2 servers, m ≥ 2 messages M = Zm, k = # of bits of m − 1 Λ = Λ∗k P(x): Splits each bit bi of x in Λ∗ Dx : A description of x is a concatenation of its bits’ visual descriptions in D∗ x Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 14 / 19
An example Message Shape Dx P(x) 00 Two full circles ( , ) ( , ) ( , ) ( , ) 01 Full circle fol- lowed by half circle ( , ) ( , ) ( , ) ( , ) 10 Half circle fol- lowed by full cir- cle ( , ) ( , ) ( , ) ( , ) 11 Two half circles , ( , ) ( , ) , ( , ) ( , ) (1, 2)-Resilience: Prob[( , #) ∈ P(0)] = Prob[( , #) ∈ P(1)] = Prob[( , #) ∈ P(2)] = Prob[( , #) ∈ P(3)] = 1/4 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 15 / 19
A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” Server S1 Server S2 Tallier 1 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 Server S2 Tallier 1 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 Server S2 Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 π : VSSD(v1) ↔ Et Server S2 π : VSSD(v2) ↔ Et Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 π : VSSD(v1) ↔ Et Server S2 π : VSSD(v2) ↔ Et Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” ( , ) ∨ ( , ) ? ∈ D1 VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 π : VSSD(v1) ↔ Et Server S2 π : VSSD(v2) ↔ Et Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” Yes: ( , ) ∈D1 VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 π : VSSD(v1) ↔ Et Server S2 π : VSSD(v2) ↔ Et Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” Yes: ( , ) ∈D1 VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 π : VSSD(v1) ↔ Et Server S2 π : VSSD(v2) ↔ Et Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
Future work General (t, n)-VSSD? Perhaps using Colored Visual Secret Sharing [VT’97]? Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 17 / 19
The end Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 18 / 19
References David Chaum. Surevote. International patent WO 01/55940 A1, 2001. David Chaum. Secret-ballot receipts: True voter-verifiable elections. IEEE Security & Privacy, 2(1):38-47, 2004. Kristian Gjøsteen. The norwegian internet voting protocol. In VOTE-ID, pages 1-18, 2011. Kristian Gjøsteen. Analysis of an internet voting protocol. IACR Cryptology ePrint Archive, 2010:380, 2010. James Heather, Peter Y. A. Ryan, and Vanessa Teague. Pretty good democracy for more expressive voting schemes. In Proceedings of the 15th European conference on Research in computer security, ESORICS10, pages 405-423, Berlin, Heidelberg, 2010. Springer-Verlag. Sven Heiberg, Helger Lipmaa, and Filip van Laenen. On e-vote integrity in the case of malicious voter computers. In ESORICS, pages 373-388, 2010. Helger Lipmaa. Two simple code-verification voting protocols. IACR Cryptology ePrint Archive, 2011:317, 2011. Helger Lipmaa, N. Asokan, and Valtteri Niemi. Secure Vickrey auctions without threshold trust. In Proceedings of the 6th international conference on Financial cryptography, FC02, pages 87-101, Berlin, Heidelberg, 2003. Springer-Verlag. Moni Naor and Adi Shamir. Visual cryptography. In EUROCRYPT, pages 1-12, 1994. Peter Y. A. Ryan and Vanessa Teague. Pretty good democracy. In Security Protocols Workshop, pages 111-130, 2009. Eric R. Verheul and Henk C. A. Van Tilborg. Constructions and properties of k out of n visual secret sharing schemes. Des. Codes Cryptography, 11(2):179-196, May 1997. Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 19 / 19

Recommended

Transportation Problems-Maximum Profit
Transportation Problems-Maximum ProfitTransportation Problems-Maximum Profit
Transportation Problems-Maximum ProfitDrDeepaChauhan
 
Sergey Shelpuk & Olha Romaniuk - “Deep learning, Tensorflow, and Fashion: how...
Sergey Shelpuk & Olha Romaniuk - “Deep learning, Tensorflow, and Fashion: how...Sergey Shelpuk & Olha Romaniuk - “Deep learning, Tensorflow, and Fashion: how...
Sergey Shelpuk & Olha Romaniuk - “Deep learning, Tensorflow, and Fashion: how...Lviv Startup Club
 
Econometrics Notes
Econometrics NotesEconometrics Notes
Econometrics NotesLaurel Ayuyao
 
Integrals
IntegralsIntegrals
Integralstschmucker
 
7 latest rangka penyelesaian
7 latest rangka penyelesaian7 latest rangka penyelesaian
7 latest rangka penyelesaianNorelyana Ali
 
Self-Replication and the Halting Problem
Self-Replication and the Halting ProblemSelf-Replication and the Halting Problem
Self-Replication and the Halting ProblemHiroki Sayama
 
present_2_new
present_2_newpresent_2_new
present_2_newAnthi Orfanou
 
present_merged
present_mergedpresent_merged
present_mergedAnthi Orfanou
 

Recommended

Transportation Problems-Maximum Profit
Transportation Problems-Maximum ProfitTransportation Problems-Maximum Profit
Transportation Problems-Maximum ProfitDrDeepaChauhan
 
Sergey Shelpuk & Olha Romaniuk - “Deep learning, Tensorflow, and Fashion: how...
Sergey Shelpuk & Olha Romaniuk - “Deep learning, Tensorflow, and Fashion: how...Sergey Shelpuk & Olha Romaniuk - “Deep learning, Tensorflow, and Fashion: how...
Sergey Shelpuk & Olha Romaniuk - “Deep learning, Tensorflow, and Fashion: how...Lviv Startup Club
 
Econometrics Notes
Econometrics NotesEconometrics Notes
Econometrics NotesLaurel Ayuyao
 
Integrals
IntegralsIntegrals
Integralstschmucker
 
7 latest rangka penyelesaian
7 latest rangka penyelesaian7 latest rangka penyelesaian
7 latest rangka penyelesaianNorelyana Ali
 
Self-Replication and the Halting Problem
Self-Replication and the Halting ProblemSelf-Replication and the Halting Problem
Self-Replication and the Halting ProblemHiroki Sayama
 
present_2_new
present_2_newpresent_2_new
present_2_newAnthi Orfanou
 
present_merged
present_mergedpresent_merged
present_mergedAnthi Orfanou
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data ScienceChristy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

More Related Content

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Code Verification Elections

  • 1. Scaling Privacy Guarantees in Code Verification Elections Anthi Orfanou Columbia University July 18, 2013 Joint work with Aggelos Kiayias (University of Athens) Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 1 / 19
  • 2. Internet voting / The untrusted platform problem Voters: Cast votes Personal Computers: Encode, encrypt and submit votes Vote Collectors: Receive and store votes Talliers: Process the votes and compute the result The untrusted platform problem: PC is vulnerable malicious software attempts to modify the vote Voter PC Vote Collector Tallier Internet Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 2 / 19
  • 3. Previous work Code Voting [SureVote: Chaum’01] [PGD: RT’09, HRT’10] ... Vote secrecy & vote integrity against malicious PC Code Verification Voting [HLV’10] [Gjøsteen’10,’11] [Lipmaa’11] Simpler approach Integrity against malicious PC (the PC sees the vote) Uses receipts to guarantee correct vote submission generation, distribution, reconstruction phases Requires secondary platform that receives the receipts (e.g. mobile phone) Requires 2 attacker free channels Pre/Post-channel: receipt distribution, receipt feedback Postal service/SMS Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 3 / 19
  • 4. Security Guarantees Previous work [HLV’10] [Gjøsteen’10,’11] Messenger server (MS): reconstructed the security code to be sent to the voter Cast as intended: Detection if the PC is malicious. Violated: PC & MS coalitions Vote Secrecy: Guaranteed against individuals only. Violated: VC & MS coalitions Our results Question: How to avoid the latter infrastructure server collusion attack? Without additional PC-side secrets (key management) [Lipmaa’11] Maintaining human verifiability Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 4 / 19
  • 5. A New Vote-Verification Protocol Use a set of identical voting servers: No distinction between vote collectors & messenger Share the receipt among the servers: No share leaks information The receipt can be: the vote itself or a voter-dependent security code as before or a visual representation of the vote (image) Voter verification: combine the shares to reconstruct the receipt Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 5 / 19
  • 6. A New Vote-Verification Protocol Assumption: an average human can do additions mod 10, 100, . . . Consider m candidates in Zm and n ≥ 2 voting servers Pedersen commitments, ElGamal cryptosystem over g q ⊂ Zp, (q, p) primes, Range proof in exponents [LAN’03] The receipt is the actual vote Let u = minλ 10λ s.t. m ≤ 10λ < q, System parameters (g, q, p, u) Broadcast channel from PC to the voting servers Untappable (post)channel from servers to the voter Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 6 / 19
  • 7. A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm Server S1 Server Sn SSS Tallier x Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
  • 8. A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Server Sn SSS Tallier x Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
  • 9. A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Server Sn C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
  • 10. A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
  • 11. A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) xn x1 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
  • 12. A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm x ? = x1 + · · · + xn mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) xn x1 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
  • 13. A New Vote-Verification Protocol - n Servers Voter V Votes for x ∈ Zm x ? = x1 + · · · + xn mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) xn x1 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 7 / 19
  • 14. A New Vote-Verification Protocol A 2-Server example Vote 7 7 5 5 Server 1 2 9 2 9 Server 2 5 8 3 6 Sum mod 10 7 mod 10 17 mod 10 5 mod 10 15 mod 10 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 8 / 19
  • 15. Security & Complexity Cast as intended: A correct receipt guarantees a successfully submitted original vote Threshold vote secrecy: with an (n, n)-secret sharing scheme no coalition of less than n servers can extract information about the vote Complexity (online exponentiations): PC: 4( log2(m − 1) + 1 + 11n, 1 signing Server: 5( log2(m − 1) + 1 + 5n + 4, 1 signing, 1 signature verification Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 9 / 19
  • 16. Adaptation to Code Verification protocol Code generation: Pick bV ,1 . . . bV ,n ∈ Zu bV = n i=1 bV ,i mod u CodeV [x] = x + bV mod uVoter V Votes for x ∈ Zm x ? = x1 + · · · + xn mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) xn x1 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 10 / 19
  • 17. Adaptation to Code Verification protocol Code generation: Pick bV ,1 . . . bV ,n ∈ Zu bV = n i=1 bV ,i mod u CodeV [x] = x + bV mod uVoter V Votes for x ∈ Zm C = CodeV [x] x ? = x1 + · · · + xn mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 bV ,1 ∈ Zu Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u Server Sn bV ,n ∈ Zu Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) xn x1 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 10 / 19
  • 18. Adaptation to Code Verification protocol Code generation: Pick bV ,1 . . . bV ,n ∈ Zu bV = n i=1 bV ,i mod u CodeV [x] = x + bV mod uVoter V Votes for x ∈ Zm C = CodeV [x] x ? = x1 + · · · + xn mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 bV ,1 ∈ Zu Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u a1 = x1 + bV ,1 mod u Server Sn bV ,n ∈ Zu Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u an = xn + bV ,n mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) an a1 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 10 / 19
  • 19. Adaptation to Code Verification protocol Code generation: Pick bV ,1 . . . bV ,n ∈ Zu bV = n i=1 bV ,i mod u CodeV [x] = x + bV mod uVoter V Votes for x ∈ Zm C = CodeV [x] C ? = a1 + · · · + an mod u Picks x1, . . . , xn ∈ Zu x = x1 + · · · + xn mod u Ci =Com(xi ) Et = Enctallier (x) ZKP π Server S1 bV ,1 ∈ Zu Open C1, π : x ∈ Zm x = x1 + · · · + xn mod u a1 = x1 + bV ,1 mod u Server Sn bV ,n ∈ Zu Open Cn, π : x ∈ Zm x = x1 + · · · + xn mod u an = xn + bV ,n mod u C1, . . . , Cn Et , π SSS Tallier x Open(C1) Open(Cn) an a1 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 10 / 19
  • 20. Adaptation to Visual Vote verification protocol Visual vote representation Previous work: Visual Cryptography [NS’94]: secret sharing of an image supervised (booth) voting [Chaum’04] Our approach: Associate a message x ∈ Zm with a simple image, with a provable relation Visual sharing of shape descriptions (VSSD) Consider two shapes that can be visually interpreted by a human: A “full” circle A “half” circle Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 11 / 19
  • 21. Visual sharing of shape descriptions (VSSD) What shape does the overlaying of two half circles create? + = full circle + = full circle + = half circle + = half circle Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 12 / 19
  • 22. n-VSSD definition In general n share-holders (servers) M a set of m ≥ 2 messages (candidates) Dx the set of visual descriptions for message x ∈ M, |Dx | ≥ 1 Λ the visual alphabet, commutative semigroup with operation ∨ P : M → Λn randomized splitting function Properties: Solvability: ∀x ∈ M ∀ v1, . . . , vn ∈ P(x): ∨n i=1vi ∈ Dx (t, n)-Resilience: Consider n-tuple w = (a ∪ {#})n s.t. w has (at most) t < n known shares a ∈ Λ n − t unknown shares # ∈ Λ then ∃ 0 < c < 1 s.t. Probv←P(x)[w ∈ v] = c Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 13 / 19
  • 23. Our approach: A 2-VSSD Simple 2-VSSD: n=2 servers, m = 2 messages 2 messages: M∗ = {0, 1} Λ∗ = { , }, ∨: visual overlaying (logical bitwise OR) 0 ↔: full circle D∗ 0 = { }, P∗ (0) = { , , , } 1 ↔ half circle D∗ 1 = { , }, P∗ (1) = { , , , } Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 14 / 19
  • 24. Our approach: A 2-VSSD Simple 2-VSSD: n=2 servers, m = 2 messages 2 messages: M∗ = {0, 1} Λ∗ = { , }, ∨: visual overlaying (logical bitwise OR) 0 ↔: full circle D∗ 0 = { }, P∗ (0) = { , , , } 1 ↔ half circle D∗ 1 = { , }, P∗ (1) = { , , , } General 2-VSSD: n=2 servers, m ≥ 2 messages M = Zm, k = # of bits of m − 1 Λ = Λ∗k P(x): Splits each bit bi of x in Λ∗ Dx : A description of x is a concatenation of its bits’ visual descriptions in D∗ x Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 14 / 19
  • 25. An example Message Shape Dx P(x) 00 Two full circles ( , ) ( , ) ( , ) ( , ) 01 Full circle fol- lowed by half circle ( , ) ( , ) ( , ) ( , ) 10 Half circle fol- lowed by full cir- cle ( , ) ( , ) ( , ) ( , ) 11 Two half circles , ( , ) ( , ) , ( , ) ( , ) (1, 2)-Resilience: Prob[( , #) ∈ P(0)] = Prob[( , #) ∈ P(1)] = Prob[( , #) ∈ P(2)] = Prob[( , #) ∈ P(3)] = 1/4 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 15 / 19
  • 26. A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” Server S1 Server S2 Tallier 1 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
  • 27. A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 Server S2 Tallier 1 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
  • 28. A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 Server S2 Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
  • 29. A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 π : VSSD(v1) ↔ Et Server S2 π : VSSD(v2) ↔ Et Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
  • 30. A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 π : VSSD(v1) ↔ Et Server S2 π : VSSD(v2) ↔ Et Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
  • 31. A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” ( , ) ∨ ( , ) ? ∈ D1 VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 π : VSSD(v1) ↔ Et Server S2 π : VSSD(v2) ↔ Et Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
  • 32. A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” Yes: ( , ) ∈D1 VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 π : VSSD(v1) ↔ Et Server S2 π : VSSD(v2) ↔ Et Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
  • 33. A Visual Vote-Verification Protocol - 2 VSSD Voter V Votes for 1 ∈ Zm D1 = “full followed by half” Yes: ( , ) ∈D1 VSSD: v1, v2 ← P(1) v = (v1 ∨ v2) ∈ D1 Commitments to v, v1, v2 Et = Enctallier (1) ZKP π Server S1 π : VSSD(v1) ↔ Et Server S2 π : VSSD(v2) ↔ Et Commitments Et , π Tallier 1 {Open(Com)}v1 {Open(Com)}v2 Et Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 16 / 19
  • 34. Future work General (t, n)-VSSD? Perhaps using Colored Visual Secret Sharing [VT’97]? Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 17 / 19
  • 35. The end Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 18 / 19
  • 36. References David Chaum. Surevote. International patent WO 01/55940 A1, 2001. David Chaum. Secret-ballot receipts: True voter-verifiable elections. IEEE Security & Privacy, 2(1):38-47, 2004. Kristian Gjøsteen. The norwegian internet voting protocol. In VOTE-ID, pages 1-18, 2011. Kristian Gjøsteen. Analysis of an internet voting protocol. IACR Cryptology ePrint Archive, 2010:380, 2010. James Heather, Peter Y. A. Ryan, and Vanessa Teague. Pretty good democracy for more expressive voting schemes. In Proceedings of the 15th European conference on Research in computer security, ESORICS10, pages 405-423, Berlin, Heidelberg, 2010. Springer-Verlag. Sven Heiberg, Helger Lipmaa, and Filip van Laenen. On e-vote integrity in the case of malicious voter computers. In ESORICS, pages 373-388, 2010. Helger Lipmaa. Two simple code-verification voting protocols. IACR Cryptology ePrint Archive, 2011:317, 2011. Helger Lipmaa, N. Asokan, and Valtteri Niemi. Secure Vickrey auctions without threshold trust. In Proceedings of the 6th international conference on Financial cryptography, FC02, pages 87-101, Berlin, Heidelberg, 2003. Springer-Verlag. Moni Naor and Adi Shamir. Visual cryptography. In EUROCRYPT, pages 1-12, 1994. Peter Y. A. Ryan and Vanessa Teague. Pretty good democracy. In Security Protocols Workshop, pages 111-130, 2009. Eric R. Verheul and Henk C. A. Van Tilborg. Constructions and properties of k out of n visual secret sharing schemes. Des. Codes Cryptography, 11(2):179-196, May 1997. Anthi Orfanou (Columbia University) Scaling Privacy Guarantees July 18, 2013 19 / 19