Applying MESE processes to Improve Online E-Voting Prototype System with PTC Web Services Master Project Defense Hakan Evecek 1 5/29/2007Hakan Evecek/SE2Evote

Outline of the Talk Introduction Document overview prepared for this project. Related Work Paillier Threshold Cryptography (PTC) PTC Web Services Online E-Voting System Suggested Improvement ◦ Encryption/Decryption Optimization ◦ User Interface Future Directions Conclusion 2 5/29/2007Hakan Evecek/SE2Evote

Introduction The online E-Voting system generated within this project was based on an idea put forward in the ‘Future Suggestions’ section of the Master’s Thesis of Mr. Brett Wilson. ( As a result, augmentation of the demo application for PTC Web Services was undertaken. 5/29/2007Hakan Evecek/SE2Evote3

Continued… Scope of E-Voting: The world is heading in this direction as currently many nations and large companies are seeking E-Voting solutions. ◦ Similar to manual voting - only much faster and cheaper, however  Is the voter confident with the process?  Can Administrators monitoring verify that one vote is recorded for each voter?  How trustable is the tally process?  Is it socially acceptable? 4 5/29/2007Hakan Evecek/SE2Evote

E-Voting Requirements 5 Basic requirements for electronic voting Privacy – All votes should be kept secret Completeness – All valid votes should be counted correctly Soundness – Any invalid vote should not be counted Unreusability – No voter can vote twice Eligibility – Only authorized voters can cast a vote Fairness – Nothing can affect the voting 5/29/2007Hakan Evecek/SE2Evote

E-Voting Requirements 6 Extended Requirements for electronic voting Robustness – faulty behavior of any reasonably sized coalition of participants can be tolerated. In other words, the system must be able to tolerate to certain faulty conditions and must be able to manage these situations. Universal Verifiability – any party can verify the result of the voting Receipt-freeness – Voters are unable to prove the content of his/her vote Incoercibility – Voter cannot be coerced into casting a particular vote by a coercer. 5/29/2007Hakan Evecek/SE2Evote

The categorization of voting system 7 5/29/2007Hakan Evecek/SE2Evote

MESE Processes Applied for Online E- Voting System Project Proposal and Plan Software Requirements Document (SRS) Software Design Specification (SDS) Testing Document Defects List Project Report 8 5/29/2007Hakan Evecek/SE2Evote

Related Work Some of the Encryption Schemes ◦ Goldwasser-Micali Scheme (1984) It is probabilistic cryptography. Their scheme has the ability to encrypt the same text in many different ways without changing the modulus. It is very slow compared to the other schemes. ◦ Blum-Goldwasser Scheme (1985) This scheme is comparable in speed to another public key scheme, RSA. Unfortunately it is not as robust as RSA. ◦ The Paillier cryptosystem (1999)  a probabilistic asymmetric algorithm for public key cryptography. A given cleartext message can be encrypted into any one of a very large set of possible encryption values  homomorphic  deterministic 9 5/29/2007Hakan Evecek/SE2Evote

Continued… ◦ Uses of Paillier Cryptography  Electronic Voting  Anonymous Mix Nets (due to self-blinding property)  Electronic Auctions  Electronic Lotteries ◦ Damgard-Jurick Scheme (2000) Just a modification of Paillier's scheme. It is also called Generalized Paillier System. It allows a user to increase the size of the encrypted value. Like Paillier it is probabilistic and homomorphic. 10Hakan Evecek/SE2Evote5/29/2007

Continued… ◦ Homomorphic Encryption A special type of cryptography in which the sum of two encrypted values is equal to the encrypted sum of the values. ◦ Public Key Cryptography Asymmetric cryptography, is a form of cryptography in which each user will have a key that didn’t have to be kept secret. ◦ Threshold Cryptography A cryptographic function can be distributed amongst several participants in such a way that the operation can be performed only through cooperation of a specified subset of the participants. In addition, if less than the required number of participants’ attempts to perform the action, no useful information can be constructed or obtained.

Cryptographic Techniques Implemented by Brett Wilson to PTC Web Services Paillier CryptoSystem [15] ◦ Trapdoor Discrete Logarithm Scheme ◦ c = g M r n mod n 2  n is an RSA modulus (modulus of 2 safe primes)  Safe prime - p = 2q + 1 where q is also prime  g is an integer of order nα mod n 2  r is a random number in Z n * ◦ M = L(c λ(n) mod n 2 )/L(g λ(n) mod n 2 ) mod n ◦ L(u) = (u-1)/n, λ(n)=lcm((p-1)(q-1)) ◦ Important Properties  Probabilistic (randomness of E(M))  Homomorphic  E(M 1 + M 2 ) = E(M 1 ) x E(M 2 ), E(k x M) = E(M) k  Self-blinding  D(E(M) r n mod n 2 ) = m 12 5/29/2007Hakan Evecek/SE2Evote Continued…

Cryptographic Techniques Implemented Threshold Encryption [15] ◦ Public key encryption as usual ◦ Distribute secret key “shares” among i participants ◦ Decryption can only be accomplished if a threshold number t of the i participants cooperate  No information about m can be obtained with less than t participants cooperating Shamir Secret Sharing ◦ Lagrange Interpolation formula ◦ f(X) = Σti=0 aiXi ◦ a0 is secret, ai are random, f(X) are “secret shares”  X is share index (1 to number of servers) ◦ If enough f(X) available it is possible to recover a0 13 5/29/2007Hakan Evecek/SE2Evote

Operation of E-Voting System [15] 5. Paillier Public Key 6. Paillier Encrypted Vote 1.Election Authorities RSA Public Keys 8. Partial Decryption Shares of Vote Tally/Proofs of Correct Decryption 4. RSA Encrypted Secret Key Shares 7. Paillier Encrypted Vote Tally 2. SOAP/XML Request for PTC Parameters 3. SOAP/XML Response containing RSA encrypted PTC Parameters 14Hakan Evecek/SE2Evote5/29/2007

Hakan Evecek/SE2Evote 15

User Login Page Assumed that users has registered previously and has secure login credentials provided. Admin Users Voters Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) 16 5/29/2007Hakan Evecek/SE2Evote

Admin Page Election Creation Ballot Creation Tally Vote Encryption/Decryption Generate Safe Prime Numbers 17 5/29/2007Hakan Evecek/SE2Evote

Election Form 18 Hakan Evecek/SE2Evote 5/29/2007

Continued… 19Hakan Evecek/SE2Evote5/29/2007

Ballots Form 20Hakan Evecek/SE2Evote 5/29/2007

Voter Page Voter can access to the elections and complete the voting process. Automatically loads the voting page. ◦ Allows vote, then doesn’t allow user to vote again 21 5/29/2007Hakan Evecek/SE2Evote

Database Schema 22 5/29/2007Hakan Evecek/SE2Evote

Suggested Key Generation, Encryption/Decryption Optimization Safe Prime Numbers Pre-Computation Process. Chinese Remainder Theorem to calculate p,q separately and then multiply for n. Paillier Scheme Pre-Computation for decryption. 5/29/2007 Hakan Evecek/SE2Evote 23

Results 128 bit Encryption 256 bit Encryption 5/29/2007 Hakan Evecek/SE2Evote 24

Lessons Learned The SE processes applied in this project has set precedence which can be used for the future projects. Ensure that the SRS, SDS and test documents can be easily modified and any future enhancements can be made with ease. Security issues involved in E-voting systems. CRT is a very useful theorem that can be applied on other theorems to improve the efficiency and increase the speed of the computations. Pre-computation is always an improvement to the systems as long as they are designed and architected properly like running a thread on the background to generate prime numbers in this case. Setting up read/write access permissions for the folders is important in ASP.Net. It is very important to follow the processes on this setup. Certificate registration and confirmation requires additional processes for the internet solutions. 5/29/2007Hakan Evecek/SE2Evote 25

Future Direction Implement the suggested CRT improvement into the code. Implement constant value pre-computation for decryption process. Fix XML solution in the code. Add more web application security protocols and processes. Implement registration and voter identity verification process. ◦ Authenticity of election parameters/ballots not currently guaranteed  Implement signing of election parameters/ballots by admin 26 5/29/2007Hakan Evecek/SE2Evote

Conclusion Encryption parameters creation process improvements with the application of pre-computation to the web services. Alternate processes are also available to improve the efficiency further, such as: CRT Theorem, applying pre- computation to other constants in the Paillier’s scheme and also using 3 rd scheme instead of the 1 st scheme as explained in many researches. The online E-Voting system with Paillier Cryptosystem Web Services implemented in this project brings a more secure e- voting environment one step closer. Online E-Voting systems need to be considered as an enterprise solution when security, from the registration till the end of the Tally process, is to be considered. 5/29/2007Hakan Evecek/SE2Evote 27

References [1] [1] Implementation issues in a secure e-voting schemes, Riza Aditya, Byoungcheon Lee, Colin Boyd and Ed Dawson. Implementation issues in a secure e-voting schemes, Riza Aditya, Byoungcheon Lee, Colin Boyd and Ed Dawson. [3] [3] Vote Early, Vote Often, and VoteHere: A Security Analysis of VoteHere, Philip E. Varner, May 11, Vote Early, Vote Often, and VoteHere: A Security Analysis of VoteHere, Philip E. Varner, May 11, [5] P. Fouque, G. Poupard, J.Stern, Sharing Decryption in the Context of Voting or Lotteries, Financial Cryptography 2000 Proceedings. [5] P. Fouque, G. Poupard, J.Stern, Sharing Decryption in the Context of Voting or Lotteries, Financial Cryptography 2000 Proceedings. [6] the Official CAPTCHA web site. [6] the Official CAPTCHA web site. [7] R. Michael Alvarez, Jonathan Nagler, The Likely consequences of Internet Voting for Political Representations. [7] R. Michael Alvarez, Jonathan Nagler, The Likely consequences of Internet Voting for Political Representations. [15] B. Wilson, C. E. Chow, Paillier Threshold Cryptography Web Service User’s Guide, University of Colorado – Colorado Springs Master’s Project, [15] B. Wilson, C. E. Chow, Paillier Threshold Cryptography Web Service User’s Guide, University of Colorado – Colorado Springs Master’s Project, [16] Progress on Probabilistic Encryption Schemes, Kert Richardson, July [16] Progress on Probabilistic Encryption Schemes, Kert Richardson, July [17] An Analysis of Chaum’s voter-verifiable election scheme, Julie Ann Staub, 2005 [17] An Analysis of Chaum’s voter-verifiable election scheme, Julie Ann Staub, 2005http:// [18] Ivan Damgard and Mads J. Jurik, A Generalization, a Simplification and Some Applications of Paillier’s Probabilistic Public-Key System, PKC [18] Ivan Damgard and Mads J. Jurik, A Generalization, a Simplification and Some Applications of Paillier’s Probabilistic Public-Key System, PKC [ [20] CryptoBytes, Dan Boneh, Hovav Shacham, Spring [ [20] CryptoBytes, Dan Boneh, Hovav Shacham, Spring [21] Public-Key CryptoSystems Based on Composite Degree Residuosity Classes, Pascal Paillier, 1999 [21] Public-Key CryptoSystems Based on Composite Degree Residuosity Classes, Pascal Paillier, 1999http:// [22] Paillier Crytosystem from Wikipedia, the free encyclopedia. [22] Paillier Crytosystem from Wikipedia, the free encyclopedia /29/2007Hakan Evecek/SE2Evote