a pairing-based blind signature e-voting scheme
DESCRIPTION
A Pairing-Based Blind Signature E-Voting Scheme. LOURDES L PEZ-GARC A, LUIS J. DOMINGUEZ PEREZ, FRANCISCO RODR GUEZ-HENR QUEZ The Computer Journal July 2013 Presenter: 陳昱安 Date:2013/10/14. Outline. Introduction Mathematical Background Digital Signatures The Proposed E-Voting Scheme - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/1.jpg)
A Pairing-Based Blind Signature E-Voting Scheme
LOURDES LPEZ-GARCA, LUIS J. DOMINGUEZ PEREZ,FRANCISCO RODRGUEZ-HENRQUEZ
The Computer Journal July 2013Presenter: 陳昱安Date:2013/10/14
![Page 2: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/2.jpg)
Outline
• Introduction• Mathematical Background• Digital Signatures• The Proposed E-Voting Scheme• Security Analysis• Implementation Aspects• Conclusions
2
![Page 3: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/3.jpg)
Outline
• Introduction• Mathematical Background• Digital Signatures• The Proposed E-Voting Scheme• Security Analysis• Implementation Aspects• Conclusions
3
![Page 4: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/4.jpg)
Introduction(1/2)
4
![Page 5: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/5.jpg)
Introduction(2/2)
• Eligibility • Uniqueness• No-coercion• Accuracy• Receipt-freeness• Variability
5
![Page 6: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/6.jpg)
Outline
• Introduction• Mathematical Background• Digital Signatures• The Proposed E-Voting Scheme• Security Analysis• Implementation Aspects• Conclusions
6
![Page 7: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/7.jpg)
Mathematical Background
• Elliptic curves• Bilinear pairings over Barreto-Naehig curves• Security assumptions
7
![Page 8: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/8.jpg)
Outline
• Introduction• Mathematical Background• Digital Signatures• The Proposed E-Voting Scheme• Security Analysis• Implementation Aspects• Conclusions
8
![Page 9: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/9.jpg)
Digital Signatures(1/4)
• The Boneh-Lynn-Shacham short signature scheme Let (1 = 〈 P 〉 , 2 = 〈 Q 〉 ) : additive groups of order r P , Q : points over an elliptic curve r : a prime number H1 : the map-to-point function H1 : → 1
9
![Page 10: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/10.jpg)
Digital Signatures(2/4)
• Key generation Pick a random integer d ∈ r and compute V = dQ. V ∈ 2 : public key , d : private key.• Signing Given a private key d, a message m ∈ Compute M = H1(m) and S = dM. The signature of m is S ∈ 1.• Verification Given a public key V ∈ 2, a message m , ∈ and a signature S ∈ 1. = (V,H1(m))
?
10
![Page 11: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/11.jpg)
Digital Signatures(3/4)
• Blind signatures
(1 , 2, P , Q , r , H1) • Key generation Pick a random integer d ∈ r and compute V = dQ. V ∈ 2 : public key , d : private key.• Blinding (user) Given a message m , calculate M = H1(m) , randomly find b ; compute∈ .
11
![Page 12: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/12.jpg)
Digital Signatures(4/4)
• Signature (signer) Given a blind message; d : private key of the signer, compute • Unblinding (user) Given a blind signature and a blind factor b, calculate . Then S is the signature of the message m.• Signature Verification (third party) Given a message m, a signature S ; V : public key of the signer , check = (V,H1(m))?
12
![Page 13: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/13.jpg)
Outline
• Introduction• Mathematical Background• Digital Signatures• The Proposed E-Voting Scheme• Security Analysis• Implementation Aspects• Conclusions
13
![Page 14: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/14.jpg)
The Proposed E-Voting Scheme(1/4)
14
Registration Authentication
VotingCounting
![Page 15: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/15.jpg)
The Proposed E-Voting Scheme(2/4)
• Protocol dataflow Notation Authentication Server (AS) ; Voting Server (VS) {dAS , VAS}: private/public key pair of AS. {dVS , VVS}: private/public key pair of VS. {IDV , dV , VV}: identifier and private/public key
15
![Page 16: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/16.jpg)
The Proposed E-Voting Scheme(3/4)
16
![Page 17: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/17.jpg)
The Proposed E-Voting Scheme(4/4)
17
![Page 18: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/18.jpg)
Outline
• Introduction• Mathematical Background• Digital Signatures• The Proposed E-Voting Scheme• Security Analysis• Implementation Aspects• Conclusions
18
![Page 19: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/19.jpg)
Security Analysis (1/6)
• Voter privacy The pseudonym private key dt and public key Vt are randomly generated.
Knowing the message m implies finding b in the equation.
19
![Page 20: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/20.jpg)
Security Analysis (2/6)
• Eligibility The voter requests from the AS a blind signed ballot that will be accepted as legitimate.
Before producing the blind signature , the AS must authenticate the voter by reviewing the nominal list, S using the public key of the voter who is requesting the blank ballot.
20
![Page 21: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/21.jpg)
Security Analysis (3/6)
• Uniqueness During the authentication phase the AS marks the voter record in the nominal list.
In the voting phase, the VS checks the ballots, if both signatures are valid, then the ballot is stored as valid or invalid otherwise.
In the counting phase, the VS verifies the signatures with which was generated for the ballot.
21
![Page 22: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/22.jpg)
Security Analysis (4/6)
• No-coercion ; Receipt-freeness When the results are published after the counting phase, the voter cannot prove who she voted for.
This is because of the generation of a random value a that adds randomness to the hash message used as a receipt.
The ACK has the goal to show to the voter that the ballot was received by the VS.
22
![Page 23: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/23.jpg)
Security Analysis (5/6)
• Accuracy To identify a fraudulent ballot means to find a pair that uses the same value for Vt .
If when comparing two ballots, both have the same Vt , then the VS discards the second ballot as fraudulent/repeated and counts only the first one.
23
![Page 24: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/24.jpg)
Security Analysis (6/6)
• Verifiability The ACK guarantees two things : a. The voter can verify if her ACK is found in the list of valid votes , no chance to extract the value of the vote, due to the random number a and the hash of all values mentioned. b. The VS can prove the accuracy of the results to show that all ACK are unique.
24
![Page 25: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/25.jpg)
Outline
• Introduction• Mathematical Background• Digital Signatures• The Proposed E-Voting Scheme• Security Analysis• Implementation Aspects• Conclusions
25
![Page 26: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/26.jpg)
Implementation Aspects (1/4)
26
![Page 27: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/27.jpg)
Implementation Aspects (2/4)
27
![Page 28: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/28.jpg)
Implementation Aspects (3/4)
28
![Page 29: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/29.jpg)
Implementation Aspects (4/4)
29
![Page 30: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/30.jpg)
Outline
• Introduction• Mathematical Background• Digital Signatures• The Proposed E-Voting Scheme• Security Analysis• Implementation Aspects• Conclusions
30
![Page 31: A Pairing-Based Blind Signature E-Voting Scheme](https://reader035.vdocuments.us/reader035/viewer/2022062501/568164cb550346895dd6e9cc/html5/thumbnails/31.jpg)
Conclusions
• An electronic voting scheme based on blind signature is proposed which meets the necessary requirements to guarantee a reliable election.
• This proposal requires a minimal number of interactions with electoral entities and more efficient than other
e-voting schemes based on RSA or DSA crypto schemes.
31