1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

Slides:



Advertisements
Similar presentations
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.
Advertisements

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Electronic Voting Systems
Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
A Pairing-Based Blind Signature
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
Privacy, Democracy and the Secret Ballot An Informal Introduction to Cryptographic Voting.
Wombat Voting Alon Rosen IDC Herzliya July 20, 2012.
VVPAT BY KRISTEN DUARTE & JESSICA HAWKINS. WHAT IS VVPAT? An add-on to electronic voting machines that allows voters to get a printed version of their.
Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
Electronic Voting Presented by Ben Riva Based on presentations and papers of: Schoenmakers, Benaloh, Fiat, Adida, Reynolds, Ryan and Chaum.
The Punchscan Voting System Refinement and System Design Rick Carback Kevin Fisher Sandi Lwin May 8, 2006.
Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.
Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)
Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
Oblivious Transfer based on the McEliece Assumptions
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.
PRESENTED BY CHRIS ANDERSON JULY 29, 2009 Using Zero Knowledge Proofs to Validate Electronic Votes.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Guide to the Voting Action Planner Voting is the way we elect government officials, pass laws and decide on issues…
Civitas Toward a Secure Voting System AFRL Information Management Workshop October 22, 2010 Michael Clarkson Cornell University.
Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.
Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
KYUSHUUNIVERSITYKYUSHUUNIVERSITY SAKURAILABORATORYSAKURAILABORATORY Sakurai Lab. Kyushu University Dr-course HER, Yong-Sork E-voting VS. E-auction.
Cryptographic Voting Systems (Ben Adida) Jimin Park Carleton University COMP 4109 Seminar 15 February 2011.
Masked Ballot Voting for Receipt-Free Online Elections Sam Heinith, David Humphrey, and Maggie Watkins.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.
Electronic Voting: The 2004 Election and Beyond Prof. David L. Dill Department of Computer Science Stanford University
Online voting: a legal perspective
Digital Signatures, Message Digest and Authentication Week-9.
Lecture 2: Introduction to Cryptography
Focus Groups Experiences with Prêt à Voter Steve Schneider, University of Surrey 3 September 2010 TexPoint fonts used in EMF. Read the TexPoint manual.
Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
WHY THE vvpat has failed
Secure Remote Electronic Voting CSE-681 Fall 2006 David Foster and Laura Stapleton Laura StapletonLaura Stapleton.
Bit Commitment, Fair Coin Flips, and One-Way Accumulators Matt Ashoff 11/9/2004 Cryptographic Protocols.
Secure, verifiable online voting 29 th June 2016.
Key management issues in PGP
EVoting 23 October 2006.
Recipt-free Voting Through Distributed Blinding
ThreeBallot, VAV, and Twin
E-voting …and why it’s good..
ICS 454 Principles of Cryptography
Cryptographic Protocols
ISI Day – 20th Anniversary
ICS 454 Principles of Cryptography
Cryptographic Protocols
The Italian Academic Community’s Electronic Voting System
Ronald L. Rivest MIT ShafiFest January 13, 2019
Presentation transcript:

1 Receipt-freedom in voting Pieter van Ede

2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody may know who voted for which candidate  Correctness  Verifiability  Coercion-free: unable to bride or threaten people to vote for particular candidate  Show up checks, useability

3 Receipt-freedom  Focus of this talk is coercion protection  Imagine a threatened or bribed Alice  We want to prevent Alice getting a proof of her vote.  Called receipt-freedom

4 Rise of electronic voting  Government wants cheaper voting  Also less dependence on honesty of small number of election officials  Electronic voting works efficient

5 Fall of electronic voting  No paper trail, so no recounting (Verifiability)  No public verifying of voting software  If verified, is THIS machine correct? (Correctness)  Is what is printed the same as recorded?  In the Netherlands, electronic voting is discontinued

6 Change of mind  Do not rely on correctness of machine  Rely on cryptographic correctness

7 First idea: paper ballots Idea:  Choose candidate on machine  Machine prints out ballot  Voter verifies and puts in box Advantages:  User can simply check for correctness  No dependance on programmers or machine- integrity

8 First idea: paper ballots (2) Drawbacks:  Still counting of paper (could be done automatically)  Transportation of paper ballots  Not much use for cryptography  No coercion freedom: villain demands photograph

9 Ongoing research Many cryptographic protocols proposed:  Mixing: scrambles large batches of votes  Blind signatures: require safe publishing channel  Homomorphic: sum results and decrypt with secure computing Many not receipt-free

10 Second idea  Give user receipt  Use commitment protocol Commitment protocol: 1.User has secret A. 2.User commits to A by computing y=C(A). There is no A' so C(A)=C(A') and y does not reveil a. 3.User opens y to provide it was a commitment to A.

11 Second idea (2)  Receipt-free universally verifiable voting protocol with everlasting privacy.  By Tal Moran and Moni Naor (Weizmann Institute of Science, Rehovot, Israel)  Based on other protocols, in particular Neff's voting Scheme

12 Properties of Moran-Naor  Everlasting privacy, but not in efficient version (Secrecy)  Universally verifiable: everybody interested can verify result (Verifiability)  Safe on voting machine running malicious code.  Receipt-freedom

13 Assumptions of Moran-Naor  One-way untappable channel  Achieved by requireing a booth  Voter must easily verify machine

14 Voter perspective  Dharma goes to vote  Authorizes with election officials  Enters the booth

15 Voter perspective  Finds a screen, keyboard and ATM- style printer  Votes for Betty

16 Voter perspective  Dharma is asked to type random words next to other candidates

17 Voter perspective  Printer prints out 2 lines, the commitment to Betty.  Dharma must verify  that 2 lines were printed.  She does not see what was printed, important for next phase.

18 Voters perspective  Dharma is asked to input random words next to Betty. This a challenge, later used in the verifiability, therefore she must not know the commitment statement.

19 Voters perspective  If all good, press OK.  Otherwise, cancel and printout is still worthless.  Prints out voter and  candidates with random words.

20 Voters perspective  Dharma chooses OK, machine prints CERTIFIED RECEIPT.  Now there is no way back.  Receipt also posted on bulletin board.  At home, check if receipt is correct on bulletin board.

21 Receipt-freedom of Moran-Naor  Coercer Trudy cannot see in what orde the challenges where given.  She might however reverse engineer the commitment.  Impossible because of commitment scheme

22 Pedersen commitment scheme  Moran-Naor use Pedersen commitments in the efficient scheme  Based on the hardness of discrete logarithm

23 Pedersen commitment scheme (2) Computations in Z q 1.Machine commits to secret A. 2.Computes y=P(A,r) (r is random) 3.P(A,r) = h H(A) g r (h, g of order q; H collision free hash function) 4.Verifies that y is commitment of A, by sending (A,r). Only done in context of zero knowledge proof for verifiable counting, so this is safe. Due to random r, commitment never shows secret A to Trudy.

24 Pedersen commitment scheme (3)  No A' and r' so P(A',r)=y, because that implies:  H A' g r' = h a g r  h A' – A = g r – r'  r-r' / A'-A = Log g h  But we assumed discrete logarithms were hard, so infeasible to do.

25 One step further: Cybervote  Project of European Commission  Vote via mobile phone or internet  All cryptography for nothing: Pressure from father Or friends at bar  Could be fixed by allowing changing of votes, but does that work after a night at the bar?

26 Conclusion Advantages:  Receipt-freedom  Many other nice properties of voting satisfied  Feasible Disadvantages:  Users must trust mathematicians  Coercion by bluffing about commitment  Still a lot more work then paper voting  Difficult for visually disabled  Difficult for older people to use bulletin

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.