Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Brief Intro to Aperio and Eperio Aleksander Essex University of Waterloo, *University of Ottawa SecVote 2010 Sept. 3, Bertinoro Italy.

Published byAdrian Page Modified over 9 years ago

Similar presentations

Presentation on theme: "A Brief Intro to Aperio and Eperio Aleksander Essex University of Waterloo, *University of Ottawa SecVote 2010 Sept. 3, Bertinoro Italy."— Presentation transcript:

1 A Brief Intro to Aperio and Eperio Aleksander Essex University of Waterloo, *University of Ottawa SecVote 2010 Sept. 3, Bertinoro Italy

2 Aperio and Eperio Aperio (Essex, Clark and Adams, WOTE08) – Paper-based voting – Verifiable w/o crypto Eperio (Essex, Clark, Hengartner and Adams, EVT10) – Electronic Aperio – Optical scan ballots – Verifiable with some crypto

3 Cryptoless E2E-style voting 3-Ballot – Hard to mark but easy to check – Numerous Attacks long ballots short ballots (CEA07) Etc Farnel/Twin – Easy to mark, easy to check but, – Need chain-of-custody to be secure If you had it, do you need ?

4 Aperio Easy to mark Easy to tally Some repetitive paperwork to verify No CoC assumption

5 Aperio Ballot Assembly WU, Carol JONES, Alex SMITH, Bob # 002 R#: 923R#: 617

6 Aperio Ballot Assembly Sheets fused together (voter can’t see bottom sheets)

7 Reference Lists 450 251 556 051 … Wu, Jones, Smith Jones, Wu, Smith Smith, Wu, Jones Wu, Jones, Smith …

8 # 002 WU, Carol JONES, Alex SMITH, Bob Wu, Jones, Smith 002 #923

9 # 002 WU, Carol JONES, Alex SMITH, Bob #923 Wu, Jones, Smith 002 #617

10 Commitments (tamper-evident envelopes) Alice

11 Voting

12 Casting

13 Counting Σ

14 Coin toss reveals either – Pink Ballot, Goldenrod Receipt, or, – Pink Receipt, Goldenrod Ballot Decommitting Protocol Al ic e

15 Checking Receipts R#: 923 # 002 X X 002

16 WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob B: 617 R: 922 X WU, Carol JONES, Alex SMITH, Bob R#: 617 X WU, Carol JONES, Alex SMITH, Bob X   Checking Tally

17 Cryptography in Elections Conflicting views: – Max-crypto Security at expense of simplicity – No-crypto Simplicity at expense of security Our goal: – Min-crypto  Balance security and simplicity

18 Eperio What it is – E2E election verification protocol What it means for verification – Fewer cryptographic primitives – Smaller datasets – Faster execution – Fewer lines of code

19 Bob Alice Bob #000#001 x x Pret-a-Voter style Ballots

20 Bubble IDMarked?Candidate Bob Alice #000 Trustees* copy ballots into a table Before the election…. *Done obliviously

21 Bubble IDMarked?Candidate #000-1 st Bob #000-2 nd Alice Bob Alice #000 Before the election…. Trustees* copy ballots into a table *Done obliviously

22 Bubble IDMarked?Candidate #000-1 st Bob #000-2 nd Alice #001-1 st Alice #001-2 nd Bob Alice Bob #001 Before the election…. Trustees* copy ballots into a table *Done obliviously

23 Bubble IDMarked?Candidate #000-1 st Bob #000-2 nd Alice #001-1 st Alice #001-2 nd Bob ……… ……… And so on… Before the election….

24 Bubble IDMarked?Candidate #000-1 st Bob #000-2 nd Alice #001-1 st Alice #001-2 nd Bob …… The Eperio Table: Remember: it’s just the ballots in table-form.

25 Trustees shuffle rows Bubble IDMarked?Candidate #001-2 nd Bob #003-2 nd Bob #007-1 st Bob #029-2 nd Alice #001-1 st Bob ……

26 Trustees mask columns Bubble IDMarked?Candidate #001-2 nd Bob #003-2 nd Bob #007-1 st Bob #029-2 nd Alice #001-1 st Bob …… Cryptographically committed and published

27 Bubble IDMarked?Candidate #001-2 nd Bob #003-2 nd Bob #007-1 st Bob #029-2 nd Alice #001-1 st Bob …… Bubble IDMarked?Candidate #001-2 nd Bob #003-2 nd Bob #007-1 st Bob #029-2 nd Alice #001-1 st Bob …… Bubble IDMarked?Candidate #001-2 nd Bob #003-2 nd Bob #007-1 st Bob #029-2 nd Alice #001-1 st Bob …… Bubble IDMarked?Candidate #001-2 nd Bob #003-2 nd Bob #007-1 st Bob #029-2 nd Alice #001-1 st Bob …… Many independent shuffled copies created More instances scales security assurance

28 Bubble IDMarked?Candidate #000-1 st YesBob #000-2 nd NoAlice #001-1 st YesAlice #001-2 nd NoBob ……… #000 #001 x x Ballots recorded by scanner During the election…

29 Bubble IDMarked?Candidate #001-2 nd NoBob #003-2 nd YesBob #007-1 st YesBob #029-2 nd NoAlice #001-1 st YesAlice ……… After the election: Bubble IDMarked?Candidate #000-1 st YesBob #000-2 nd NoAlice #001-1 st YesAlice #001-2 nd NoBob ……… Trustees fill in middle columns

30 Bubble IDMarked?Candidate #001-2 nd YesBob #031-2 nd YesBob #001-1 st YesAlice #029-2 nd NoAlice #021-1 st YesBob ……… After the election: Bubble IDMarked?Candidate #000-1 st YesBob #000-2 nd NoAlice #001-1 st YesAlice #001-2 nd NoBob ……… Trustees fill in middle columns

31 The Audit Challenge Bubble IDMarked?Candidate #001-2 nd NoBob #003-2 nd YesBob #007-1 st YesBob #029-2 nd NoAlice #001-1 st YesBob ……… Bubble IDMarked?Candidate #001-2 nd YesBob #003-2 nd YesBob #007-1 st YesBob #029-2 nd NoAlice #001-1 st YesBob ……… Bubble IDMarked?Candidate #001-2 nd NoBob #003-2 nd YesBob #007-1 st YesBob #029-2 nd NoAlice #001-1 st YesBob ……… Bubble IDMarked?Candidate #001-2 nd NoBob #003-2 nd NoBob #007-1 st YesBob #029-2 nd YesAlice #001-1 st NoBob ……… Challenge Public coin toss One column from each instance challenged Response Trustees post decommitments

32 Checking receipts Bubble IDMarked?Candidate #001-2 nd YesBob #003-2 nd YesBob #007-1 st YesBob #029-2 nd NoAlice #001-1 st YesBob ………

33 Checking receipts Bubble IDMarked?Candidate #007-1 st YesBob #006-2 nd YesBob #042-1 st YesBob #029-2 nd NoAlice #007-2 nd NoBob ……… Bubble ID column decommitted

34 Checking receipts Bubble IDMarked?Candidate #007-1 st Yes Bob #006-2 nd YesBob #042-1 st YesBob #029-2 nd NoAlice #007-2 nd No Bob ……… Voter looks up receipt. Checks for match. #007 x

35 Bubble IDMarked?Candidate #001-2 nd NoBob #003-2 nd YesBob #007-1 st YesBob #029-2 nd NoAlice #001-1 st YesBob ……… Tally audit

36 Bubble IDMarked?Candidate #001-2 nd NoBob #003-2 nd YesAlice #007-1 st YesAlice #029-2 nd NoBob #001-1 st YesBob ……… Candidate column decommitted Tally audit

37 Bubble IDMarked?Candidate #001-2 nd NoBob #003-2 nd YesAlice #007-1 st YesAlice #029-2 nd NoBob #001-1 st YesBob ……… Tally like any election Tally audit +

38 Bubble IDMarked?Candidate #001-2 nd NoBob #003-2 nd YesAlice #007-1 st YesAlice #029-2 nd NoBob #001-1 st YesBob ……… Bubble IDMarked?Candidate #001-2 nd NoBob #003-2 nd YesBob #007-1 st YesBob #029-2 nd NoAlice #001-1 st YesBob ……… Repeat as necessary… Bubble IDMarked?Candidate #007-1 st YesBob #006-2 nd YesBob #042-1 st YesBob #029-2 nd NoAlice #007-2 nd NoBob ……… Bubble IDMarked?Candidate #001-2 nd NoAlice #003-2 nd YesBob #007-1 st YesBob #029-2 nd YesAlice #001-1 st NoBob ………

39 Review Bubble IDMarked?Candidate #001-2 nd NoBob #003-2 nd YesBob #007-1 st YesBob #029-2 nd NoAlice #001-1 st YesBob ……… Eperio table instance Just a copy of ballots Independently shuffled Committed Published Columns Right + middle = tally Left + middle = receipt info

40 How is Eperio different? Table structure Commitment scheme Implementation options What does this mean? Speed (10-100x faster) Data download (10-100x smaller) Small code size (50 lines of Python)

41 Bubble IDMarked?Candidate 004 B X Bob 008 B X Alice 007 A X Alice 002 ABob 004 AAlice 008 ABob 002 B X Alice 007 BBob Table structure: a comparison Eperio

42 Verification in a spreadsheet! Bubble IDMarked?Candidate 004 B X Bob 008 B X Alice 007 A X Alice 002 ABob 004 AAlice 008 ABob 002 B X Alice 007 BBob Bubble IDMarked?Candidate 004 B X Bob 008 B X Alice 007 A X Alice 002 ABob 004 AAlice 008 ABob 002 B X Alice 007 BBob

43 Open SSL Implementation options (for audits) Custom codeSmall script + Encryption utility Spreadsheet + Encryption utility Spreadsheet all- in-one?     Eperio 

44 eperio.org Find out more at

Download ppt "A Brief Intro to Aperio and Eperio Aleksander Essex University of Waterloo, *University of Ottawa SecVote 2010 Sept. 3, Bertinoro Italy."

Similar presentations

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.

Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
Montgomery County Board of Elections

Montgomery County Board of Elections
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
Voter Affirmation Provisional Voting Equipment Training Closing the Polling Place.

Voter Affirmation Provisional Voting Equipment Training Closing the Polling Place.
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.

ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.

On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
Performing a Manual (Hand-Counted) Audit Tips for Registrars.

Performing a Manual (Hand-Counted) Audit Tips for Registrars.
Privacy, Democracy and the Secret Ballot An Informal Introduction to Cryptographic Voting.

Privacy, Democracy and the Secret Ballot An Informal Introduction to Cryptographic Voting.
Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.

Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.

By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.

Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.
The Punchscan Voting System Refinement and System Design Rick Carback Kevin Fisher Sandi Lwin May 8, 2006.

The Punchscan Voting System Refinement and System Design Rick Carback Kevin Fisher Sandi Lwin May 8, 2006.
© Tally Solutions Pvt. Ltd. All Rights Reserved 1 Stock Audit in Shoper 9 February 2010.

© Tally Solutions Pvt. Ltd. All Rights Reserved 1 Stock Audit in Shoper 9 February 2010.
Josh Benaloh Senior Cryptographer Microsoft Research.

Josh Benaloh Senior Cryptographer Microsoft Research.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

Similar presentations

Ads by Google