addressing the challenges of e-voting through crypto … · addressing the challenges of e-voting...

AddressingtheChallengesofe-VotingThroughCryptoDesign

ThomasZachariasUniversityofEdinburgh

29November2017Scotland’sDemocraticFuture:ExploringElectronicVoting

ScottishGovernmentandUniversityofEdinburghSchoolofInformaticsWorkshop

2

Whendoweactuallysetupanelectronicvotingprocedure?

• Whatistheextentof“digitilisation”ofatraditionalelectionprotocolthatqualifiesase-voting?

3


E-votingmeanstheuseofelectronicmeansinoneofthefollowingthreeprocesses:

• Identificationofvoters• Castingthevote

• Countingthevote

Source:https://www.e-voting.cc/en/it-elections/definitions/

4


• Whatistheextentof“digitilisation”ofatraditionalelectionprotocolthatqualifiesase-voting?–Registration–Voting–Counting–Auditing

5

Replacingthehumanprotocolwithelectronicprocedures

6


7


8


9


10

Thebenefitsofe-voting

● Increasetheparticipationofsocialgroupsthatfaceconsiderablephysicalbarriers.

● Increasetheefficiencyofthepreparationoftheelectionandthecalculationofthefinalresults.

● Reducethefinancialcostoftheelections(inlongterm).

11

Therisksofe-voting

• Unauthorised interventionofthirdpartiesmaycausedenialofservice.

• Large-scalemanipulationbyasmallgroupofinsiders.

• Lackofwidelyagreedstandards fortheelectionprocedure(infrastructure,software).

12

Thechallengesofe-voting

● Atanypointofreplacingthetraditionalprotocolwithelectronicmeans, extremecareinthealgorithmicdesign,implementation,andexecutionoversight isrequired.

13

Thechallengesofe-voting

● Preservethefundamentalrequirementsofavotingsystem.

Availability

Integrity Privacy

14

Addressinge-votingchallengesviacryptographictools

Accessibility

Integrity Privacy

Availability

Integrity Privacy

15

Moderncryptographicdesign

1. Understandingandformaldefinitionofthestudiednotion.

2. Rigorousspecificationofthethreatmodel.3. Realisation viaawell-describedconstruction.4. Mathematicalproof oftheconstruction’s

securityunderthedefinedthreatmodel.

16

Moderncryptographyinthereal-world

● Secureinternetcommunication(HTTPSoverTLS/SSL,end-to-endencryption).

● Authentication (Digitalsignatures,passwordmanagement).

● Privacypreservation(aggregatestatistics,anonymouswebbrowsing).

● Blockchaintechnologies(Bitcoin,Ethereum,smartcontracts).

17

Moderncryptographyinthereal-world

● Securewebbrowsing.● E-banking.● E-mail.● Privacy-preservingprofilemanagement.● Securemessaging.● Decentralised publiclyverifiabletransactions.

18

Thenecessityofcryptographyforrealising securee-voting

• Collecting,storing and/orcommunicatingsensitiveelectiondataovertly,caneasilyjeopardise electionsecurity.

• Offline (onsite):avotecollectiondevicethatkeepslogsofunencryptedballotcastingcannotprotectvoters’privacywhenthelogsareaudited.

• Online:whenevertwodevicesshouldinteract,secureandauthenticatedcommunicationmustbeappliedtoprotecttheexchangeddata.

19


Accessibility

Integrity Privacy

Availability

Integrity Privacy

20

Addressinge-votingchallengesviacryptographictools:

Privacy

IntegrityAvailability

Privacy

21

Ballotsecrecy

• Encryptionrealises theconceptofa“digitalenvelope”.– Thevoter’sselectioniscryptographically“sealed”.– Anattackercannotobtaininformationabouttheencryption’scontent(voteselection).

22

Voter-voteUnlinkability

• Atsomepointoftheelectionprocess,thevotesmustbeanonymised,topreventcoercionandvote-selling.

23


• Mix-nets:apowerfulcryptographicprimitiverealising voteshufflinginadigitalballotbox.

𝐸𝑛𝑐(𝑉&)

𝐸𝑛𝑐(𝑉()

𝐸𝑛𝑐(𝑉))

𝐸𝑛𝑐(𝑉*)

𝐶& 𝐶( 𝐶) 𝐶*

𝐶&, 𝐶(, 𝐶), 𝐶* = {𝐸𝑛𝑐 𝑉& , 𝐸𝑛𝑐 𝑉( , 𝐸𝑛𝑐 𝑉) , 𝐸𝑛𝑐 𝑉* }

Mix-net

24


• Additivehomomorphictally:amathematicalpropertyofspecialencryptionschemes(E.g.ElGamal,Paillier)thatallowforthecountingofvotesinencryptedmanner.

𝐸𝑛𝑐 𝑋 1 𝐸𝑛𝑐 𝑌 = 𝐸𝑛𝑐(𝑋 + 𝑌)

YES YESNO NO

25


• Additivehomomorphictally:amathematicalpropertyofspecialencryptionschemes(E.g.ElGamal,Paillier)thatallowforthecountingofvotesinencryptedmanner.

𝐸𝑛𝑐 𝑋 1 𝐸𝑛𝑐 𝑌 = 𝐸𝑛𝑐(𝑋 + 𝑌)

NO :2votesYES:2votes

26


• Anonymousauthentication:thevoterproveshereligibilityviaaone-showanonymouscredential(e.g.blindsignatureofthevoter’sballot).

“Iamaneligibleuserandthisismyvote”

“Iconfirmyoureligibilityandrecordyourvote”

27

Coercionresistance

• Concernsaboutcoercioninothertypesofremotevoting(e.g.postalvoting)alsoapplytointernetvoting.

• Incaseswherepostalvotingisallowed,internetvotingcouldbeused,supportingmultiplevotingasacoercioncountermeasure(Estoniane-voting).

28


Privacy

IntegrityAvailability

Privacy

29


Availability

Integrity Privacy

Availability

30

Usability:makinge-votingfeasibleforeverycitizen

• Whenballotencodingisappliedduringvotecasting,thevoterinteractsviaauser-friendlyinterfaceinadesignatedvotingdevice,ortheirbrowser.

• Basicfamiliaritywithastandardoperatingsystem(e.g.,Windows,iOS,Android)orwebbrowser(e.g.,Edge/Explorer,Safari,Chrome,Firefox)istheonlyrequiredbackground.

31


32


33


34


• Whencode-voting isapplied,thevoterobtainsaballotwithapre-encodingoftheelectionoptions(vote-code).

35

What is your stance on the potential of adopting e-voting for national elections?

Serial number: 1001 VERY POSITIVE

4 POSITIVE

5 NEUTRAL

2 NEGATIVE

3 VERY NEGATIVE


36


• Whencode-voting isapplied,thevoterobtainsaballotwithalistofrandomcryptographicpre-encodingoftheelectionoptions(vote-code).

• Thevotersimplysubmitsthevote-codethatcorrespondtoheroptionselection,whichcanbedoneinlightwight electronicdevices.

37

Serialnumber:100Vote-code:5


Serial number: 1001 VERY POSITIVE

4 POSITIVE

5 NEUTRAL

2 NEGATIVE

3 VERY NEGATIVE

38


• Whencode-voting isapplied,thevoterobtainsaballotwithalistofrandomcryptographicpre-encodingoftheelectionoptions(vote-code).

• Thevotersimplysubmitsthevote-codethatcorrespondtoheroptionselection,whichcanbedoneinanyelectronicdevicewithinternetaccess.

• Incasethevotingdeviceistrustedforprivacy,votecastingcanrunviaauser-friendlyinterface.

39

Faulttolerance:protectingtheelection’sliveness

• Thresholdcryptographyincombinationwithadistributedsystemarchitectureallowsforasecureanduninterruptedelectionaccessandexecution,evenwhenasubstantialamountofelectionserversisnotavailable.

40


Availability

Integrity Privacy

Availability

41


Integrity

Privacy

Integrity

Availability

42

Eligibility

• Theauthentication/registrationauthorityisequippedwiththealgorithmthatspecifiesthesetofeligiblevoters.– Digitalsignatures:eachvoterhasanID-cardwithanembeddedsigningkey(Estonia).

– Password-based:theauthenticationserver(s)maintainsacryptographichashtablewithallthepasswordsthatcorrespondtoeligiblevoters.

43

End-to-endverifiability

• Universallevel: Anypartycanverifythecorrectnessoftheelectiontranscript.

44

End-to-endverifiability

• Individuallevel: Thevotersobtainsomeauditdatainordertoverifythemselvesthattheirvoteswere:

• Cast-as-intended• Recorded-as-cast

• Tallied-as-recorded

45

UniversalVerifiability

• Everystepoftheelectionprocedureisassociatedwithacryptographicproofofitsexecution.

“Thisisaballotthatencryptsavalidelectionoption”

𝜋

46


• Everystepoftheelectionprocedureisassociatedwithacryptographicproofofitsexecution. “Allthecastballotsare

encryptionsofavalidelectionoption”

𝜋& 𝜋( 𝜋)

𝜋* … 𝜋5

47


• Everystepoftheelectionprocedureisassociatedwithacryptographicproofofitsexecution.

𝐸𝑛𝑐(𝑉&)

𝐸𝑛𝑐(𝑉()

𝐸𝑛𝑐(𝑉))

𝐸𝑛𝑐(𝑉*)

Mix-net

“Theoutputciphertextsareapermutationofexactlytheinputciphertexts”

𝐶& 𝐶( 𝐶) 𝐶*𝜋

48


• Everystepoftheelectionprocedureisassociatedwithacryptographicproofofitsexecution. “Thedecryptedresultsare

apermutationofexactlyalleligiblerecordedvotes”

YESNOYESNO

𝐶& 𝐶( 𝐶) 𝐶*𝜋𝜋

49


• Eachproofsatisfiessoundness(invalidstatementswillnotbeaccepted)andpreventsanymaliciouspartyfromleakinginformationabouttheassociatedsensitivedata(zero-knowledgeproofs).

• Thesequenceofcryptographicproofsconstitutesaverifiableelectiontranscriptthatispostedinapubliclyaccessiblewebsite(bulletinboard)forauditingwhilepreservingelectionprivacy.

50

IndividualVerifiability

• State-of-the-arte-votingsystemssupportelaborateverificationmechanismthatallowthevotertochallengethecorrectencodingoftheirvote.1. Ballotencryption:auditthevalidityofthevoting

devicebyrandomlycheckingthelocalcryptographicoperations.

2. Code-voting:auditthehonestoftheballotpreparationauthoritiesbyrandomlycheckingtheconsistencyoftheencodingoftheelectionoptions.

51

Accountability

• Thee-votingsystemshouldprovideamechanismprovidesundeniableevidenceofwhichentityisresponsibleforanincorrectexecution.

52

Accountabilityexample:authenticatedcommunication

53

• Thevotersignsherballot.

𝜋SignVoter()


54


• Thevotersignsherballot.• Thevotecollectionserverreplieswithasignatureonthereceiveddata.

𝜋SignVoter()SignServer()

55


• Thevotersignsherballot.• Thevotecollectionserverreplieswithasignatureonthereceiveddata.

• Ifanauthorityisrealizedbyadistributedsubsystem,thenmaliciousnodescanbeblacklisted.

56

Accountabilityexample:postingonthebulletingboard

• Theauthoritiescommittothevalidityoftheirdata.– Theelectionpublickeyispostedpriortothevotingperiod.

– Theballotpreparationauthoritiesprovidecryptographicproofsofproperencodingoftheelectionoptions(Code-voting).

– Thetallyingauthoritiespostcryptographicproofsofcorrectdecryptionandelectiontally.

57


Accessibility

Integrity Privacy

Availability

Integrity Privacy

58


Mix-net 𝜋

𝜋(

𝜋&

𝜋)

𝜋*YESNOYESNO

59

Iscryptoenoughtoguaranteesecuree-voting?

60

Theimportanceofthehumanfactor

• Cryptographictoolsprovideasolidbackground,butdonotsuffice.

• Activeparticipationofthestakeholdersiscrucial.– Verificationmechanismsaremeaninglessifnotevenasmallratioofvotersarewillingtoverify(oroutsourceverificationtoatrustedparty).

– Thetrusteesshouldauditthecorrectpublishingoftheelectionpublickeytoprotectvoters’privacy.

• Aformallyanalysed humanprotocolande-votingcryptographicdesignshouldbeside-by-side.

61

Thank you!!!

AddressingtheChallengesofe-VotingThroughCryptoDesign

ThomasZachariasUniversityofEdinburgh

29November2017Scotland’sDemocraticFuture:ExploringElectronicVoting

ScottishGovernmentandUniversityofEdinburghSchoolofInformaticsWorkshop

addressing the challenges of e-voting through crypto … · addressing the challenges of e-voting...

Documents