On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.

Slides:



Advertisements
Similar presentations
Non-interactive Zero- Knowledge Arguments for Voting Jens Groth UCLA.
Advertisements

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.
Analysis of an Internet Voting Protocol Dale Neal Garrett Smith.
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Electronic Voting Systems
Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Pretty Good Democracy James Heather, University of Surrey
SECURITY AND VERIFICATION Lecture 4: Cryptography proofs in context Tamara Rezk INDES TEAM, INRIA January 24 th, 2012.
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
1 e-voting (requirements & protocols) 1) Aggelos Kiayias, Moti Yung: Self-tallying Elections and Perfect Ballot Secrecy 2) Jens Groth: Efficient Maximal.
Electronic Voting Ronald L. Rivest MIT CSAIL Norway June 14, 2004.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
A Pairing-Based Blind Signature
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.
Lesson 7: The Voting Process. Opening Discussion Have you ever voted for something before? How was the winner decided? Did you think the process was fair?
James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
The Punchscan Voting System Refinement and System Design Rick Carback Kevin Fisher Sandi Lwin May 8, 2006.
Edinburgh 12 June 2008 P Y A Ryan Prêt à Voter 1 Trust and Security in Voting Systems Peter Y A Ryan Newcastle University.
Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora {bhosp, simha, jstanton, Dept. of Computer.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
Zero-Knowledge Proofs And Their Applications in Cryptographic Systems Sultan Almuhammadi ICS 454.
Kickoff Meeting „E-Voting Seminar“
Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.
Overview of Cryptography Anupam Datta CMU Fall A: Foundations of Security and Privacy.
Efficient Maximal Privacy in Boardroom Voting and Anonymous Broadcast Jens Groth BRICS, University of Aarhus Cryptomathic A/S.
1 CIS 5371 Cryptography 9. Data Integrity Techniques.
PRESENTED BY CHRIS ANDERSON JULY 29, 2009 Using Zero Knowledge Proofs to Validate Electronic Votes.
Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.
Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.
Requirements for Electronic and Internet Voting Systems in Public Elections David Jefferson Compaq Systems Research Center Palo Alto, CA
A Brief Intro to Aperio and Eperio Aleksander Essex University of Waterloo, *University of Ottawa SecVote 2010 Sept. 3, Bertinoro Italy.
Secret Ballot Receipts True Voter-Verifiable Elections Richard Carback Kevin Fisher Sandi Lwin CMSC 691v April 3, 2005.
6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.
Andreas Steffen, , LinuxTag2009.ppt 1 LinuxTag 2009 Berlin Verifiable E-Voting with Open Source Prof. Dr. Andreas Steffen Hochschule für Technik.
A. Steffen, , Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für.
Zero-Knowledge Proofs And Their Applications in Cryptographic Systems ICS 555 Cryptography and Data Security Sultan Almuhammadi.
“The right of citizens of the United States to vote shall not be denied or abridged by the United States or by any state on account of [race, color, or.
Determination of The Winners of 2012 Thomson Medal Award (Deadline for casting the 2 nd round vote is: 15 April, 2012 The sponsors of the top 10 candidates.
Voting System The PunchScan Rick Carback, David Chaum, Jeremy Clark, Aleks Essex, Kevin Fisher, Ben Hosp, Stefan Popoveniuc, and Jeremy Robin.
A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,
Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Almost Entirely Correct Mixing With Applications to Voting Philippe Golle Dan Boneh Stanford University.
Determination of The Winners of 2012 Thomson Medal Award 1.The 1 st round voting will be held to select the top 9 candidates by the members of the IMSF.
7 th Grade Civics Miss Smith *pgs  Must be ___ years old by a set ____ before the next ________  Voter _________ protects your vote  No one.
The Initial Bulletin Board Posting 1 st Batch2 nd BatchEmpty forms Envelopes are: Opaque Sealed Bubbles unfilled Serial numbered (numbers unique per batch)
Voting System Properties Most voting systems assume no collusion between more than one party for keys Most voting systems require a consistency check by.
Ronald L. Rivest MIT NASEM Future of Voting Meeting June 12, 2017
ThreeBallot, VAV, and Twin
Audit Thoughts Ronald L. Rivest MIT CSAIL Audit Working Meeting
Secure and Insecure Mixing
Ronald L. Rivest MIT NASEM Future of Voting December 7, 2017
1.3 The Borda Count Method.
ISI Day – 20th Anniversary
Slide Deck: The Voting Process (Municipal Elections)
eVoting System Proposal
Four-Cut: An Approximate Sampling Procedure for Election Audits
Zero-Knowledge Proofs
Slide Deck: The Voting Process (Municipal Elections)
Ronald L. Rivest MIT ShafiFest January 13, 2019
Presentation transcript:

On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark

Introduction A comparison of useful information leaked by ballot receipts in three E2E systems: 1)ThreeBallot 2)Prêt à Voter 3)Punchscan Full Disclosure: First and second authors are members of the Punchscan team. Attach due scepticism. On the Security of Ballot Receipts in E2E Voting Systems

A ballot receipt should satisfy the following two properties: Privacy Property: The ballot receipt should provide no information that would increase an adversary’s ability to determine how the ballot was cast. Integrity Property: The ballot receipt should provide no information that would increase an adversary’s ability to add, delete, or modify ballots without detection. On the Security of Ballot Receipts in E2E Voting Systems No Information

Prêt à Voter On the Security of Ballot Receipts in E2E Voting Systems 1)Chosen: a random permutation. 2)Choose a candidate. Does 1 reveal information about 2?

Punchscan 1)Chosen: a random permutation on top sheet. 2)Chosen: a random permutation on bottom sheet. 3)Choose a candidate. Does 1&2 reveal information about 3? On the Security of Ballot Receipts in E2E Voting Systems

ThreeBallot 1)Choose a candidate. 2)Choose a marking pattern to vote for that candidate. 3)Choose a ballot to keep as a receipt. Do 2&3 reveal information about 1? On the Security of Ballot Receipts in E2E Voting Systems R. Rivest. Public Domain

“No” Information Privacy Property: The ballot receipt should provide no information that would increase an adversary’s ability to determine how the ballot was cast. What does “no information” mean? Insufficient information – receipt cannot be used in any manner to prove with certainty the cast vote of its respective ballot. Negligible information – receipt cannot be used in any manner to guess with better than random probability the cast vote of its respective ballot. On the Security of Ballot Receipts in E2E Voting Systems

Attack Game To test for ‘guess with better than random probability’ information, we implement an attack game. Random Voting Oracle – randomly selects a candidate to vote for and produces a ballot receipt based on random choices for each of the dynamic elements of a ballot. On the Security of Ballot Receipts in E2E Voting Systems

Prêt à Voter On the Security of Ballot Receipts in E2E Voting Systems 1)Chosen: a random permutation. 2)Choose a candidate. Does 1 reveal information about 2?

Punchscan 1)Chosen: a random permutation on top sheet. 2)Chosen: a random permutation on bottom sheet. 3)Choose a candidate. Does 1&2 reveal information about 3? On the Security of Ballot Receipts in E2E Voting Systems

ThreeBallot 1)Choose a candidate. 2)Choose a marking pattern to vote for that candidate. 3)Choose a ballot to keep as a receipt. Do 2&3 reveal information about 1? On the Security of Ballot Receipts in E2E Voting Systems R. Rivest. Public Domain

Attack Game To test for ‘guess with better than random probability’ information, we implement an attack game. Random Voting Oracle – randomly selects a candidate to vote for and produces a ballot receipt based on random choices for each of the dynamic elements of a ballot. Adversary – guesses which candidate was voted for based on the ballot receipt alone. Assumed to be PPT-bounded. Advantage – if the adversary can guess with better probability than a random choice, this is the adversary’s advantage. On the Security of Ballot Receipts in E2E Voting Systems

Attack Game (2) On the Security of Ballot Receipts in E2E Voting Systems

Advantage This is the weakest adversary possible. She only has access to the marks themselves. This is necessary but not sufficient for provable security. The way to a provably secure voting system: Psuedorandom Permutations Serial Numbers or Cryptographic Onions Bulletin Board Election Results Other Audit Information On the Security of Ballot Receipts in E2E Voting Systems

Prêt à Voter and Punchscan Prêt à VoterPunchscan On the Security of Ballot Receipts in E2E Voting Systems

ThreeBallot On the Security of Ballot Receipts in E2E Voting Systems

ThreeBallot (2) On the Security of Ballot Receipts in E2E Voting Systems

Advantage On the Security of Ballot Receipts in E2E Voting Systems

Advantage (2) On the Security of Ballot Receipts in E2E Voting Systems

Integrity Integrity Property: The ballot receipt should provide no information that would increase an adversary’s ability to add, delete, or modify ballots without detection. Cost-Benefit Analysis: The probability of getting caught tampering with election results can be thought of as a cost to the adversary. What tampering with an election achieves can be thought of as a benefit. On the Security of Ballot Receipts in E2E Voting Systems

Cost In ThreeBallot, each receipt has a serial number. If the adversary sees a receipt or copy of one, she will not modify the corresponding ballot on the bulletin board when choosing a ballot to tamper with. This decreases her probability of getting caught, thus receipts leak partial information useful to the attacker. If the adversary she’s all the receipts, her probability of getting caught is zero. ThreeBallot’s integrity checking is an improper cut-and-choose protocol. This problem does not arise in Prêt à Voter or Punchscan because all the inputs to the tallying function are receipts. On the Security of Ballot Receipts in E2E Voting Systems

Benefit In Prêt à Voter and Punchscan, the best an adversary can hope to achieve is apply a random mapping between which candidate was voted for and which candidate gets the vote. In ThreeBallot, an adversary can explicitly take a vote away from one candidate and give it to another candidate. So ThreeBallot has both a lower cost and a greater benefit to an adversary mounting an integrity attack. In the special case, where the adversary sees every receipt, the cost is zero. On the Security of Ballot Receipts in E2E Voting Systems

Conclusions Privacy Property: The ballot receipt should provide no information that would increase an adversary’s ability to determine how the ballot was cast. Integrity Property: The ballot receipt should provide no information that would increase an adversary’s ability to add, delete, or modify ballots without detection. ThreeBallot receipts fail to meet both criterion. On the Security of Ballot Receipts in E2E Voting Systems

Future Work The way to a provably secure voting system: Marks Only Psuedorandom Permutations Serial Numbers or Cryptographic Onions Bulletin Board Election Results Other Audit Information On the Security of Ballot Receipts in E2E Voting Systems

Future Work The way to a provably secure voting system: Marks Only Psuedorandom Permutations Serial Numbers or Cryptographic Onions Bulletin Board Election Results Other Audit Information On the Security of Ballot Receipts in E2E Voting Systems Punchscan

Future Work The way to a provably secure voting system: Marks Only Psuedorandom Permutations Serial Numbers or Cryptographic Onions Bulletin Board Election Results Other Audit Information On the Security of Ballot Receipts in E2E Voting Systems Prêt à Voter, Punchscan, & ThreeBallot

Future Work The way to a provably secure voting system: Marks Only Psuedorandom Permutations Serial Numbers or Cryptographic Onions Bulletin Board Election Results Other Audit Information Combine partial information from ballot receipts to the Strauss attack on ThreeBallot. Also loosen the Strauss attack to be probabilistic. On the Security of Ballot Receipts in E2E Voting Systems Prêt à Voter, Punchscan, & ThreeBallot

Future Work The way to a provably secure voting system: Marks Only Psuedorandom Permutations Serial Numbers or Cryptographic Onions Bulletin Board Election Results Other Audit Information On the Security of Ballot Receipts in E2E Voting Systems Prêt à Voter, Punchscan, & ThreeBallot

Future Work The way to a provably secure voting system: Marks Only Psuedorandom Permutations Serial Numbers or Cryptographic Onions Bulletin Board Election Results Other Audit Information On the Security of Ballot Receipts in E2E Voting Systems Prêt à Voter & Punchscan

Questions? On the Security of Ballot Receipts in E2E Voting Systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.