Secret Ballot Receipts True Voter-Verifiable Elections Richard Carback Kevin Fisher Sandi Lwin CMSC 691v April 3, 2005.

Slides:



Advertisements
Similar presentations
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Visual Cryptography Jiangyi Hu Jiangyi Hu, Zhiqian Hu2 Visual Cryptography Example Secret sharing Visual cryptography Model Extensions.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
The Punchscan Voting System Refinement and System Design Rick Carback Kevin Fisher Sandi Lwin May 8, 2006.
Principles of Information Security, 2nd edition1 Cryptography.
Lesson 7: The Voting Process. Opening Discussion Have you ever voted for something before? How was the winner decided? Did you think the process was fair?
© VoteHere, Inc. All rights reserved. November 2004 VHTi Data Demonstration Andrew Berg Director, Engineering.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora {bhosp, simha, jstanton, Dept. of Computer.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Guide to the Voting Action Planner Voting is the way we elect government officials, pass laws and decide on issues…
Encryption Schemes Second Pass Brice Toth 21 November 2001.
Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
NIST Voting Data Formats Workshop Gaithersburg October, 2009 Parker Abercrombie EML for Open Voting.
Based on Applied Cryptography by Schneier Chapter 1: Foundations Dulal C. Kar.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
Lecture 2: Introduction to Cryptography
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Idaho Procedures M100 OPTICAL SCAN PRECINCT TABULATOR.
Voting System The PunchScan Rick Carback, David Chaum, Jeremy Clark, Aleks Essex, Kevin Fisher, Ben Hosp, Stefan Popoveniuc, and Jeremy Robin.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.
Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Secure Remote Electronic Voting CSE-681 Fall 2006 David Foster and Laura Stapleton Laura StapletonLaura Stapleton.
7 th Grade Civics Miss Smith *pgs  Must be 18 years old by a set date before the next election  Voter registration protects your vote  No.
DS200 PROCEDURES SPEAKER TOUCH SCREEN DISPLAY
PowerPoint 7: The Voting Process. Opening Discussion Have you ever voted for something before? How was the winner decided? Did you think the process was.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
7 th Grade Civics Miss Smith *pgs  Must be ___ years old by a set ____ before the next ________  Voter _________ protects your vote  No one.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Security Outline Encryption Algorithms Authentication Protocols
Advanced Computer Networks
ThreeBallot, VAV, and Twin
E-voting …and why it’s good..
Security through Encryption
Introduction to Symmetric-key and Public-key Cryptography
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
The Italian Academic Community’s Electronic Voting System
Chapter 3 - Public-Key Cryptography & Authentication
Presentation transcript:

Secret Ballot Receipts True Voter-Verifiable Elections Richard Carback Kevin Fisher Sandi Lwin CMSC 691v April 3, 2005

Introduction System Features Magic receipt Vote visible in voting booth Vote invisible, verifiable outside voting booth Trusted voting machines unnecessary Provisional ballots are ballots, too Vote from anywhere Adjudicate today, adjudicate tomorrow Deeper, more restful sleep Eliminates common indoor allergens Even pet dander! Boosts gas mileage up to 13%

System from Voter’s Perspective Input with touch screen or other input means Register printer generates printout List names of candidate party affiliations office sought others

System from Voter’s Perspective Print votes before the final inch Printer prints simultaneously both layers Review printout Indicate layer to keep Printer prints final inch

System from Voter’s Perspective Printer cuts both layers off, still laminated together and releases them Neither layer readable on its own Light passing through sandwiched layers without printings on either layers makes choices visible

Example of Ballot Printout Figure 1. An example part of a ballot printout listing a candidate selected. In addition to being able to include the candidate’s name, party affiliation, and office sought, the printout can also include other types of contests and various graphics options.

Example of Final Inch Together Figure 2. Last inch of the printout before the two laminated layers are separated.

Final Inch Separated Figure 3. Last inch of the printout after it’s separated: (a) the receipt (the layer the voter selects to keep) and (b) the layer that’s shredded before the voter leaves the polling place.

Leaving the Polling Booth Voter gives up the layer marked for surrender Layer gets shredded by poll worker Same layers get shredded “electronically” Only physical layer voter kept and digital version of that same image remains

Election Web Site Enter receipt’s serial # to check vote has been counted Print image on website and check against the actual receipt

Resistance to Attack Posted Receipt == Proper Tabulation (Most likely) Votes are private (unless code is broken) Malicious Software can only hope: –user will choose one layer –noone will check serial numbers –tally will not be audited

Weaknesses to Attack Subliminal Channels Selectively Malicious DRE Discarded Receipts Malicious Tally Software

Visual Cryptography 101 Typography + = Newsprint e + = Ballot Receipt

Visual Cryptography 101 Pixels NewsprintBallot Receipt = 0 = 1 01 = = = =         = = = =

Visual Cryptography 101 Message Encoding + = Random White Sheet = + ][ +

Visual Cryptography 101 White Sheet Vulnerability Single encoded message yields multiple plaintext images.

Visual Cryptography 101 Mixing Red and White Sheets + = = +

Tabulation All receipts are posted Each trustee decodes a batch Batches randomized to protect privacy

Russian Nesting Dolls Voted Ballot == Set of dolls (or one big doll) Each trustee opens one size of dolls Smallest doll is plaintext ballot

Coded Sheets How you do this with computers Big doll is the summation of the smaller permutations Each trustee subtracts their permutation mod 2 Original permutation revealed at smallest doll

Tabulation Integrity Need to maintain privacy Each trustee is video-taped doing 2 batches 1 tape is released –chosen afterwards (auditor or political parties)

Formal Receipt Process Voting Phase – Step 1  Ballot image B President: Lincoln Senator: Kennedy milk eggs LINCOLN General Election Senator: President: KENNEDY Ballot Number Separate layers before leaving booth. Plaintext receipt

Formal Receipt Process Voting Phase – Step 2  Printed 4-tuples Ballot Number Separate layers before leaving booth. General Election q: serial number L Z : ballot layer D t : top doll D b : bottom doll Ballot Number Separate layers before leaving booth. General Election   

Formal Receipt Process Voting Phase – Step 3 Visual XOR function LINCOLN General Election Senator: President: KENNEDY Ballot Number Separate layers before leaving booth.  = Mathematical XOR function

Formal Receipt Process Voting Phase – Step 5 Bottom layer: x=b Ballot Number Separate layers before leaving booth. General Election Ballot Number Separate layers before leaving booth. General Election Top layer: x=t  

Formal Receipt Process Voting Phase – Step 5 Bottom layer: x=b Seed: s x (q) Ballot Number Separate layers before leaving booth. General Election    Overall: o x (L x,q,D t,D b,s x (q)) “Last Inch” Digital Signature

Formal Receipt Process Voting Phase – Step 6 Part 1 s x (q) Ballot Number Separate layers before leaving booth. General Election Consistency Check (s x ) -1 hash q

Formal Receipt Process Voting Phase – Step 6 Part 2 s x (q) Ballot Number Separate layers before leaving booth. General Election o x (L x,q,D t,D b,s x (q)) Consistency Check (o x ) -1 hash q hash DbDb DtDt LxLx

Formal Receipt Process Red and White Matrices Ballot Number Separate layers before leaving booth. General Election m n n/2 WZWZ RZRZ

Formal Receipt Process Red and White Matrices Ballot Number Separate layers before leaving booth. General Election Ballot Number Separate layers before leaving booth. General Election Top LayerBottom Layer W t = L t i,[2j – ([i+1] mod 2)] R t = L t i,[2j – (i mod 2)] R b = L b i,[2j – ([i+1] mod 2)] W b = L b i,[2j – (i mod 2)] WtWt RtRt RbRb WbWb

Formal Receipt Process Red and White Matrices Ballot Number Separate layers before leaving booth. General Election Ballot Number Separate layers before leaving booth. General Election Top LayerBottom Layer B x = R x  W y WtWt RtRt RbRb WbWb

Formal Receipt Process Cryptographic Pseudorandom Number Generators Ballot ID Key Ciphertext AES N bits

Formal Receipt Process Calculating the Noise Matrix W Z i,j = (d Z k  d Z k-1  …  d Z 1 ) [mj–m]+1 d Z k = h ’ (d ’Z k ) d ’Z k = h(s Z (q), k) s Z (q) Pseudorandom sequence h’h d Z k = k Cryptographic pseudorandom number generators m*n/2 bits W Z i,j = n/2 m

Formal Receipt Process Doll Construction d ’Z k = doll k s Z (q) Pseudorandom sequence h’h d Z k = k Cryptographic pseudorandom number generators d ’Z 1 )e1(e1(e 2 (d ’Z 2,))D Z k = e k (d ’Z k, …

Formal Receipt Process Tally Phase: Doll Processing D L-1 DLDL dLdL DLDL dLdL d’ L-1 eLeL h’ d’ L-1 d L-1  D L-1 d L-1 d Z L-1 = h ’ (d ’Z L-1 )

Formal Receipt Process Tally Phase: Auditing Stagekk-1k-2k-3k-4 Audit batches

Formal Receipt Process Tally Phase: Auditing Stagekk-1k-2k-3k-4 Audit batches

Cryptography Computationally secure –breakable with enough computing power applied Unconditionally secure –cannot be broken even with applying infinite computing power

Cryptography Receipt system uses: –Computationally secure encryption to form layers Digital signatures: –last inch contains digital signature for authentication –scanners used to verify signature

Cryptography Privacy –Protects privacy using computationally secure encryption.

Cost of System Reduces cost of integrity while raising its level dramatically Hardware cost lower than current black box system –Government buy at price of open platform PC Cost of suitable printers in volume is less than hardware cost saving Savings in maintenance and upgrades

Similarities in Punchscan Splitting the ballot is the same idea –Destroy half the information Tabulation is more complicated, but similar to that of Punchscan –privacy is kept in a similar manner (only choose half of the process to look at)

Similarities in Punchscan Definitely an advancement Has some security problems at the system level –not insurmountable Kind of complicated Not expandable –rank-order would be hard –Not the most scalable