Download - Kickoff Meeting „ E-Voting Seminar“
![Page 1: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/1.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 1
Kickoff Meeting „E-Voting Seminar“
An Introduction toCryptographic Voting
SystemsAndreas Steffen
Hochschule für Technik [email protected]
![Page 2: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/2.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 2
Cryptographic Voting Systems
• Due to repeated failures and detected vulnerabilities in both electro-mechanical and electronic voting machines, voters have somehow lost faith that the outcome of a poll always represents the true will of the electorate.
• Even more uncertain is electronic voting over the Internet which is potentially prone to coercion and vote-selling (this doesn‘t seem to be an issue in Switzerland).
• Manual counting of paper ballots is not really an option in the21st century and is not free from tampering either.
• Modern cryptographic voting systems allow true end-to-end verification of the complete voting process by any individual voter, without sacrificing secrecy and privacy.
Summary:
![Page 3: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/3.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 3
E-Voting in my home town Schlieren
Hidden PIN
„Internet-based voting does not have tobe more secure as voting per snail mail“Justice Department of the Canton of Zurich
![Page 4: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/4.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 4
[In]Security Features
???
Protection fromMan-in-the-Middle
attacks
![Page 5: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/5.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 5
E-Voting Website
![Page 6: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/6.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 6
Voter Login
![Page 7: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/7.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 7
Ballot (PHP Form)
![Page 8: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/8.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 8
E-Voting in my home town Schlieren
PIN
![Page 9: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/9.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 9
Voter Authentication
![Page 10: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/10.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 10
Transmission Receipt
![Page 11: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/11.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 11
Conclusion
So what?„You are not allowed to know. The exact transactionprocessing is kept secret due to security reasons“
Justice Department of the Canton of Zurich
![Page 12: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/12.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 12
Traditional Chain-of-Custody Security
Tallying
Source: Ben Adida, Ph.D. Thesis 2006
Software VerificationSealing
Verification by proxy only
![Page 13: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/13.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 13
Desirable: End-to-End Verification by Voter
Source: Ben Adida, Ph.D. Thesis 2006
Secrecy?Privacy?
![Page 14: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/14.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 14
End-to-End Auditable Voting System (E2E)
• Any voter can verify that his or her ballot is included unmodified in a collection of ballots.
• Any voter (and typically any independent party additionally) can verify [with high probability] that the collection of ballots produces the correct final tally.
• No voter can demonstrate how he or she voted to any third party (thus preventing vote-selling and coercion).
Source: Wikipedia
![Page 15: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/15.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 15
Solution: Cryptographic Voting Systems
Source: Ben Adida, Ph.D. Thesis 2006
A B C
A
B
C
Threshold Decryption
ElGamal / Paillier
HomomorphicTallying
Mixnet
Tamper-ProofBulletin Board
![Page 16: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/16.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 16
Proposed E2E Systems
• Punchscan by David Chaum.• Prêt à Voter by Peter Ryan.• Scratch & Vote by Ben Adida and Ron Rivest.• ThreeBallot by Ron Rivest (paper-based without
cryptography)• Scantegrity II by David Chaum, Ron Rivest, Peter Ryan et
al.(add-on to optical scan voting systems using Invisible Ink)
• Helios by Ben Adida (www.heliosvoting.org/)• Selectio Helvetica by BFH (www.baloti.ch)• Primevote by MSE graduates Christoph Galliker and Halm
Reusser(www.smartprimes.ch)
![Page 17: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/17.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 17
Conclusion
• Modern Cryptographic Voting Systems allow true end-to-end verification of the whole voting process by anyone while maintaining a very high level of secrecy.
• Due to the advanced mathematical principles they are based on, Cryptographic Voting Systems are not easy to understand and are therefore not readily accepted by authorities and the electorate.
• But let‘s give Cryptographic Voting Systems a chance!They can give democracy a new meaning in the 21st century!
![Page 18: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/18.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 18
E-Voting Literature and Simulators
• http://security.hsr.ch/msevote/• Collection of MSE E-Voting seminar papers• E-Voting Simulator based on the Paillier Cryptosystem• E-Voting Simulator on the Damgard-Jurik Cryptosystem
• Generalized Paillier, reduces to Paillier Cryptosystem with s = 1
• Threshold Decryption with Distributed Keys issued by Trusted Dealer
• Assume generator g = n+1 ( = 1, = 1)• The Paillier Cryptosystem, presented at the BFH E-Voting
seminar
![Page 19: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/19.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 19
E-Voting Seminar Project
• Verifiable E-Voting System for Shareholder Meetings.• Example: Novartis AG with 2‘745‘623‘000 shares• Item 1: Approval of the Annual Report and Financial
Statements yes / no / abstention (32 bit field per option)
• Voter 1550‘000‘010 sharesVoter 2500‘000‘010 sharesVoter 3400‘000‘010 sharesVoter 4350‘000‘010 sharesVoter 5300‘000‘010 sharesVoter 6150‘000‘010 sharesVoter 7100‘000‘010 sharesVoter 8 50‘000‘010 sharesVoter 9 50‘000‘010 sharesVoter 10 50‘000‘010 shares
Total 2‘500‘000‘100 shares
![Page 20: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/20.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 20
Partial Private Keyi=N, N, T, d, n
Encrypted Ballotv=V, c, a[], e[],
z[]
E-Voting Seminar Project Tasks
Threshold KeyGeneration byTrusted Dealer
1
Public Keyn, g=n+1
Ballot Encrypt.and ZKP by Voter
v
2
Encrypted Ballotv=1, c, a[], e[],
z[]
keysize, N, T
Partial Private Keyi=1, N, T, d, n
ZKP CheckWeighted
Tallying
3
Shareholder Registryv[], w[]
Partial Decrypt.by Trustee i
4
Encrypted Tallyct
Partial Private Keyi=N, N, T, pt, n
Partiallly Decr. Tallyi=1, N, T, pt, n
ThresholdDecryption
5
Decrypted Tallyyes, no,
abstention
Paillier Cryptosystemkeysize = 1536 bitsV=10, N=5, T=3
protected channel
![Page 21: Kickoff Meeting „ E-Voting Seminar“](https://reader035.vdocuments.us/reader035/viewer/2022062301/56815ce6550346895dcaead0/html5/thumbnails/21.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 21
Conditions
• Goal: Restrict effort spent on project to 90 working hours (3 ECTS)
• Programming or scripting language: Arbitrary• Program code without whistles and bells!
• No GUI required, may be a command line program.• I/O Format: JSON
• Big numbers encoded as hexadecimal strings{"v":1,"c":"2fe698..daf57e"}
• Details of interface specification to be settled among tasks• Deliverables: Commented program code and final test run
data• Slides of final presentation