Beruflich Dokumente
Kultur Dokumente
7 Conclusions
Verifiable Privacy: the fact that a particular voted in a particular way is not
Incoercible revealed to anyone
Receipt-freeness: a voter cannot later prove to a coercer that she voted
raising hands using Tor in a certain way
Coercion-resistance: a voter cannot interactively cooperate with a
? coercer to prove that she voted in a certain way
Individual verifiability: a voter can verify that her vote was really counted
Universal verifiability: a voter can verify that the published outcome
really is the sum of all the votes
Eligibility verifiability: a voter can verify that only eligible votes have
website voting been counted
Fairness no early results can be obtained which could influence the
remaining voters
Usable . . . and all this even in the presence of corrupt election authorities!
Are these properties even simultaneously satisfiable? Where are we?
Contradiction?
Eligibility: only legitimate
1 Potential & current situation
voters can vote, and only once
Effectiveness: the number of
2 Desired properties
votes for each candidate is
published after the election Contradiction? 3 Trust assumptions
Privacy: the fact that a Receipt-freeness: a voter
particular voted in a particular cannot later prove to a coercer 4 Example 1: FOO (1992)
way is not revealed to anyone that she voted in a certain way
(not even the election Individual verifiability: a 5 Example 2: Helios (2009)
authorities) voter can verify that her vote
was really counted
6 Example 3: JCJ/Civitas (2008) (main focus)
Individual verifiability
(stronger): . . . , and if her
7 Conclusions
vote wasnt counted, she can
prove that.
Nothing is required-to-be-trusted
it is
e.g. current DRE solutions
Security by trusted client software Where are we?
2 Desired properties
3 Trust assumptions
Blind signatures
Normally, when Alice signs a Alice aDministrator Collector
message M, creating { blind (commit (v, c), b)} A 1
FOO usability in a real election: an exercise for the reader. 6 Example 3: JCJ/Civitas (2008) (main focus)
7 Conclusions
1 Potential & current situation JCJ Civitas is the only protocol (to my knowledge) that achieves both
verifiability and incoercibility in strong forms. This makes it of great
2 Desired properties theoretical interest, although its complexity may make it unusable in
practice.
3 Trust assumptions How does it achieve these properties?
Incoercibility
4 Example 1: FOO (1992) Verifiability Voters cannot prove that a given value
Everything is their credential. Votes under invalid
5 Example 2: Helios (2009) that the credentials may be cast, but wont be
servers counted. Observers can verify that
6 Example 3: JCJ/Civitas (2008) (main focus) process is votes with incorrect credentials werent
published counted, but they cant see which ones
7 Conclusions those were.
Verifiable reencryption mixes JCJ/Civitas step-by-step
Problem
Solution: a verifiable reencryption mix Voter obtains her credential d.
We want to shuffle a 1
bunch of encryptions It takes as input the bunch of She obtains it in several parts, each one from a different Registrar.
{v }m encryptions {v }mpk . She puts them together herself
pk , like putting them
into a big box, closing it, It re-randomises them all. She cant prove to anyone the validity of her credential.
and shaking it for a long It outputs the results. 2 Voter casts her ballot:
time! 0
the box is what goes If heads, ask it to prove the 5 System compares all the {v }m
pkT parts using a plaintext equivalence
in, as a whole correspondence between the input test (PET), and discards duplicates.
No-one can link any and the result of the second mix. 6 System uses PETs to remove any ineligible votes
particular object that If tails, ask it to prove the
comes out with a
7 Keyholders decrypt using verifiable threshold decryption.
correspondence between the output
particular object that and the result of the second mix.
went in