Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptographic Voting Systems (Ben Adida) Jimin Park Carleton University COMP 4109 Seminar 15 February 2011.

Published byDella Hensley Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptographic Voting Systems (Ben Adida) Jimin Park Carleton University COMP 4109 Seminar 15 February 2011."— Presentation transcript:

1 Cryptographic Voting Systems (Ben Adida) Jimin Park Carleton University COMP 4109 Seminar 15 February 2011

2 “ If you think cryptography is the solution to your problem….

3 … then you don’t understand cryptography… …and you don’t understand your problem.”

4 Yet, cryptography solves problems that initially appear to be impossible.

5 There is a potential paradigm shift. A means of election verification far more powerful than other methods.

6 “But with cryptography, you’re just moving the black box. Few people really understand it or trust it.” Debra Bowen California Sec. of State, 7/30/2008 (paraphrased)

7 Problems with current voting systems Rigged lever machine counters, lost ballot boxes or magically found, dead citizens’ votes.

8 Why not fully computerize voting systems? Bush vs. Gore (California, 2000) – Bush won by just 500 votes! – Known missing ballots, coercion – Computerization was taken seriously Direct Recording Electronic (DRE) machines – Nothing but touch screen, automatic tallying – Problems with DRE, can we trust it? Inherited risks of any computer systems (bugs, back door code, etc.) Non-transparency Ref: [2] Avi Rubin

9 Dilemma: Verification vs. Secrecy Analogy: ATM machines – Fully automated computerized system – Why do we trust them? – We can fully verify the transactions Difference between ATM and Voting Systems – VS: information being verified must stay secret “Rely on mathematical proofs of the results – rather than of the machines.”

10 The Goal of Cryptographic Voting Systems No: Chain-of-Custody approach (current) Yes: End-to-End verification approach

11 Flow Diagram

12 Threshold Decryption Need Public-key encryption system Private keys used for decryption need to be distributed among the different parties – Shared-secret scheme E.g. ) A race of 3 candidates. Each given an equation of a plane (non-coplanar). Key resides at the point where all planes intersect. Ref: [3] Blakley, G. R.

13 What crypto system to use? 3 desired properties of our crypto system – Public-Private key encryption-decryption Voters encrypt Candidates decrypt – Easily generated random keys One vote encrypts to many different cipher-texts – Homomorphic Cipher-texts (different votes) get aggregated to one cipher-text under certain operation (addition, multiplication, etc.) Ref: [4] Josh D. Cohen and Michael J. Fischer

14 Group Homomorphism Def: Given two groups (G, *) and (H, ·), group homomorphism from (G, *) to (H, ·) is a function h : G → H such that for all u and v in G it holds that In our case, the function h can be the encryption. h(u v) = h(u) · h(v) * encrypt(u v) = encrypt(u) · encrypt(v) *

15 El Gamal encryption: original (1) Bob computes + publishes: - p : large prime (p-1 has at least one large prime factor) - a : primitive element mod p - y : public key, y = a mod p x : private key, x = random(1, 2, …, p-1) (2) Alice encrypts : message m: 0 <= m <= p (c1, c2) = ( y, m · SK) mod p = ( a, m · (a ) ) mod p (3) Bob decrypts: (m · SK· SK ) mod p = (m · a · a ) mod p = m Alice Bob (voters) (candidates) BB x BB B A X A X B X A A X X B -X X A B Ref: [6] T. El Gamal Shared Key (SK) SK = (y ) = (y ) B x A A B x

16 El Gamal example (1) Bob computes + publishes: - p : large prime (p-1 has at least one large prime factor) - a : primitive element mod p - y : public key, y = a mod p x : private key, x = random(1, 2, …, p-1) (2) Alice encrypts : message m: 0 <= m <= p-1 (c1, c2) = ( y, m · SK) mod p = ( a, m · (a ) ) mod p (3) Bob decrypts: (m · SK· SK ) mod p = (m · a · a ) mod p = m Alice Bob (voters) (candidates) BB x BB B A X A X B X A A X X B -X X A B Ref: [6] T. El Gamal p : 13 a : 2 x : 11 y : 7 (2 mod 13) 11 B B m : 7 (c1, c2) = (2, 7 · (2 ) ) mod 13 = (12, 6) 6 116 (7 · 2 · 2 ) mod 13 = 7 -6666

17 Comparison: RSA vs. El Gamal Security – RSA: factoring large integers – El Gamal: discrete logarithms 3 ≡ 13 (mod 17) what is x? Keys – RSA: expensive computation of finding p and q – El Gamal: computation of p and q is done once x

18 Homomorphic Tallying Original El Gamal Enc(m1) · Enc(m2) = ( y, m · SK ) · ( y, m · SK ) mod p = ( y · y, (m · m ) · (SK · SK )) mod p = Enc( m · m ) X X X X 1 2 1 2 1 1 2 2 1 2 12 1 2 Exponential El Gamal Enc(m1) · Enc(m2) = ( y, a · SK ) · ( y, a · SK ) mod p = ( y · y, a · (SK · SK )) mod p = Enc( a ) It would be more useful if we could do addition on the cipher texts rather than multiplication! m 1 m 2 X 1 X 2 1 2 X 1 X 2 (m + m ) 12 1 2 12

19 What is the message that we are encrypting?

20 Let’s Vote! (1)Auditing the ballot - by zero-knowledge proof -Pick any two ballots to vote -“You” pick one of them and scratch to reveal random numbers -> private keys of the ballot -Take to election activist organization to scan 2D bar code and validate the ballot

21 Zero-knowledge Proof

22 Let’s Vote! (2) Vote (3) Remove candidate list (4) Shred random numbers, take home the receipt

23 Public Bulletin Board “The votes of the registered citizens were casted as intended and these votes are tallied properly, so we have counted as intended!”

24 Mixnets Ref: [7] David Chaum

25 Deployments Numerous university student elections – MIT, Hardvard, etc. – Unversite Catholique de Louvain: 25,000 voters – University of Ottawa: punchscan voting system Takoma Park election, Maryland (Nov. 3. 2009) – Electing mayor, city councils, etc. – First binding governmental election

26 Ben’s Fear Computerization of voting is inevitable, without true verifiability, the situation is grim. Ben’s Hope Public auditing proofs will soon be as common as public-key crypto is now.

27

28 Quiz (1)What approach is current voting system taking? And what is this seminar’s proposed approach? (2)What is threshold decryption? (3)List the 3 desired properties crypto system should have for homomorphic tallying method? (4)What method is used to do ballot auditing? (5)In the voting process, the un-scratched random numbers are shredded in public view. What is the danger in revealing these numbers? What sort of benefit would a coercer have?

29 Reference [1] Ben Adida. Advances in Cryptographic Voting Systems. MIT. (2006). [2] Avi Rubin. An Election Day clouded by doubt, October 2004. http://avirubin.com/vote/op-ed.html. [3] Blakley, G. R. Safeguarding cryptographic keys. Proceedings of the National Computer Conference 48: 313-317, (1979). [4] Josh D. Cohen and Michael J. Fischer. A robust and verifiable cryptographically secure election scheme. In FOCS, pages 372–382. IEEE Computer Society, 1985. [5] S. Poblig and M. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Transaction on Information Theory It- 24:106-110, (1978). [6] T. El Gamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory 31, pg. 469-472. (1985) [7] David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84–88, (1981).

Download ppt "Cryptographic Voting Systems (Ben Adida) Jimin Park Carleton University COMP 4109 Seminar 15 February 2011."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Public Key Cryptosystem

Public Key Cryptosystem
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Electronic Voting Presented by Ben Riva Based on presentations and papers of: Schoenmakers, Benaloh, Fiat, Adida, Reynolds, Ryan and Chaum.

Electronic Voting Presented by Ben Riva Based on presentations and papers of: Schoenmakers, Benaloh, Fiat, Adida, Reynolds, Ryan and Chaum.
Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)

Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.

10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Kickoff Meeting „E-Voting Seminar“

Kickoff Meeting „E-Voting Seminar“
Paillier Threshold Encryption WebService by Brett Wilson.

Paillier Threshold Encryption WebService by Brett Wilson.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Similar presentations

Ads by Google